OIDC for Nextcloud?

girish

@jdaviescoates yes, absolutely, that is the plan . To enable both OIDC and LDAP in the same package and allow willing users to test OIDC by setting some flag somewhere.

andreasdueren

@girish I'm about to set up a new NC instance and would love to have this integrated sooner than later so I can onboard people with it directly instead of having to migrate them later on.

andreasdueren

@girish is there maybe a way to enable OIDC in the package but leave it disabled for people to enable it manually?

girish

@andreasdueren the work is there in this branch - https://git.cloudron.io/packages/nextcloud-app/-/tree/oidc but we haven't tested it. It will take some time to test and publish it. Will try to get it out next week.

andreasdueren

@girish thank you that would be amazing. Let me know if you need help testing

girish

@andreasdueren unfortunately, the oidc plugin broke - https://github.com/nextcloud/user_oidc/issues/1024

girish

@andreasdueren this is pushed as unstable now.

It will be in unstable for a while since I am on/off because am traveling for FOSDEM.

andreasdueren

@girish sweeeeet, will test this right now

Edit: Is there a way to pass Full name and E-Mail via OpenID? That's something I had been struggling with with my other setup as well.

girish

@andreasdueren it's picked up for me by default.

andreasdueren

@girish This may be a compatibility issue with my preexisting openID plugin. Testing.

andreasdueren

Currently getting this. It's a pretty fresh installation so not sure what's going on yet.

joseph

@andreasdueren if we take that error at face value, it's unable to connect to my.domain.com . Can you check from web terminal of nextcloud, if you are able to curl https://my.domain.com/.well-known/openid-configuration ?

Also, do other oidc apps work?

andreasdueren

@Joseph curl works. So does oidc on another app.

joseph

@andreasdueren can you also check if you can curl the openid-configuration from web terminal of nextcloud? do you see any errors in nextcloud logs? everything looks correct otherwise...

andreasdueren

@Joseph You mean curl https://my.domain.com/.well-known/openid-configuration? Yes that's what I tested. Returned values as expected.

jdaviescoates

@andreasdueren you may have already done this but I think the key bit of info was this:

@joseph said in OIDC for Nextcloud?:

from web terminal of nextcloud

(emphasis added)

andreasdueren

@jdaviescoates Yes, I did that (emphasis added)

joseph

@andreasdueren I am out of ideas if there is nothing in the logs and the curl works... can you drop a mail to support@cloudron.io please, so we can debug it?

andreasdueren

@Joseph It's not super urgent right now, this is only a test instance I spun up and I'm traveling right now. I might reach out at a later point in time.