OIDC for Nextcloud?

jdaviescoates

I feel like this might've been discussed somewhere already, but I couldn't find anything...

Are we going to get OIDC for Nextcloud?

Or is it deemed too risky as it's not properly baked into Nextcloud itself?

This seems pretty well maintained
https://github.com/pulsejet/nextcloud-oidc-login/releases

But it would be better if it were part of Nextcloud itself like it seems the LDAP app is (looking in my app on my Nextcloud I can see it's called LDAP user and group backend but there is no app called that in their app store and the report a bug link just to https://github.com/nextcloud/server/issues )

Edit: ah, but there is also this from Nextcloud themselves: https://github.com/nextcloud/user_oidc but I can't work out if that's what we'd actually need or not?

girish

This was implemented a while ago - https://git.cloudron.io/packages/nextcloud-app/-/tree/oidc . We have to bite the bullet and push the migration . Nextcloud updates like this always worry me, it's so much work (mostly support) 100% sure something breaks

fbartels

I tried looking up which oidc plugin for Nextcloud I last gave a try, but I was unable to find which one it was.

In the end I needed to disable the plugin as Nextcloud kept constantly logging me out of all my sessions. So before you roll the update out I would recommend to make a long term test with all the apps that are part of the Nextcloud eco system (Desktop apps, apps on mobile for Nextcloud itself, but also Talk, etc).

andreasdueren

@girish Is this integrated in the package yet? I'm currently using the social login plugin which works more or less but I'd love to migrate

girish

@fbartels I think we use https://github.com/nextcloud/user_oidc . You are right about the testing, this is why it's not merged yet . There's too many things to test ...

@andreasdueren the work has been done but it's not integrated yet.

malvim

It sure is a lot of testing for stuff that is not supported by nextcloud itself...

I myself use the nextcloud mobile app for some things. No idea how it works with OIDC...

jdaviescoates

@girish said in OIDC for Nextcloud?:

@fbartels I think we use https://github.com/nextcloud/user_oidc . You are right about the testing, this is why it's not merged yet . There's too many things to test ...

@andreasdueren the work has been done but it's not integrated yet.

Perhaps create a new unstable experimental Nexcloud-OIDC package that has OIDC baked in and let us all do the testing?

girish

@jdaviescoates yes, absolutely, that is the plan . To enable both OIDC and LDAP in the same package and allow willing users to test OIDC by setting some flag somewhere.

andreasdueren

@girish I'm about to set up a new NC instance and would love to have this integrated sooner than later so I can onboard people with it directly instead of having to migrate them later on.