OIDC for Nextcloud?
-
I feel like this might've been discussed somewhere already, but I couldn't find anything...
Are we going to get OIDC for Nextcloud?
Or is it deemed too risky as it's not properly baked into Nextcloud itself?
This seems pretty well maintained
https://github.com/pulsejet/nextcloud-oidc-login/releasesBut it would be better if it were part of Nextcloud itself like it seems the LDAP app is (looking in my app on my Nextcloud I can see it's called
LDAP user and group backendbut there is no app called that in their app store and the report a bug link just to https://github.com/nextcloud/server/issues )Edit: ah, but there is also this from Nextcloud themselves: https://github.com/nextcloud/user_oidc but I can't work out if that's what we'd actually need or not?
-
This was implemented a while ago - https://git.cloudron.io/packages/nextcloud-app/-/tree/oidc . We have to bite the bullet and push the migration . Nextcloud updates like this always worry me, it's so much work (mostly support)
100% sure something breaks -
I tried looking up which oidc plugin for Nextcloud I last gave a try, but I was unable to find which one it was.
In the end I needed to disable the plugin as Nextcloud kept constantly logging me out of all my sessions. So before you roll the update out I would recommend to make a long term test with all the apps that are part of the Nextcloud eco system (Desktop apps, apps on mobile for Nextcloud itself, but also Talk, etc).
-
This was implemented a while ago - https://git.cloudron.io/packages/nextcloud-app/-/tree/oidc . We have to bite the bullet and push the migration . Nextcloud updates like this always worry me, it's so much work (mostly support)
100% sure something breaks@girish Is this integrated in the package yet? I'm currently using the social login plugin which works more or less but I'd love to migrate
-
@fbartels I think we use https://github.com/nextcloud/user_oidc . You are right about the testing, this is why it's not merged yet . There's too many things to test ...
@andreasdueren the work has been done but it's not integrated yet.
-
@fbartels I think we use https://github.com/nextcloud/user_oidc . You are right about the testing, this is why it's not merged yet . There's too many things to test ...
@andreasdueren the work has been done but it's not integrated yet.
@girish said in OIDC for Nextcloud?:
@fbartels I think we use https://github.com/nextcloud/user_oidc . You are right about the testing, this is why it's not merged yet . There's too many things to test ...
@andreasdueren the work has been done but it's not integrated yet.
Perhaps create a new unstable experimental Nexcloud-OIDC package that has OIDC baked in and let us all do the testing?
-
@girish said in OIDC for Nextcloud?:
@fbartels I think we use https://github.com/nextcloud/user_oidc . You are right about the testing, this is why it's not merged yet . There's too many things to test ...
@andreasdueren the work has been done but it's not integrated yet.
Perhaps create a new unstable experimental Nexcloud-OIDC package that has OIDC baked in and let us all do the testing?
@jdaviescoates yes, absolutely, that is the plan . To enable both OIDC and LDAP in the same package and allow willing users to test OIDC by setting some flag somewhere.
-
@jdaviescoates yes, absolutely, that is the plan . To enable both OIDC and LDAP in the same package and allow willing users to test OIDC by setting some flag somewhere.
@girish I'm about to set up a new NC instance and would love to have this integrated sooner than later so I can onboard people with it directly instead of having to migrate them later on.
-
@jdaviescoates yes, absolutely, that is the plan . To enable both OIDC and LDAP in the same package and allow willing users to test OIDC by setting some flag somewhere.
-
@girish is there maybe a way to enable OIDC in the package but leave it disabled for people to enable it manually?
@andreasdueren the work is there in this branch - https://git.cloudron.io/packages/nextcloud-app/-/tree/oidc but we haven't tested it. It will take some time to test and publish it. Will try to get it out next week.
-
@andreasdueren the work is there in this branch - https://git.cloudron.io/packages/nextcloud-app/-/tree/oidc but we haven't tested it. It will take some time to test and publish it. Will try to get it out next week.
@girish thank you that would be amazing. Let me know if you need help testing
-
@andreasdueren unfortunately, the oidc plugin broke - https://github.com/nextcloud/user_oidc/issues/1024
-
@andreasdueren this is pushed as unstable now.
It will be in unstable for a while since I am on/off because am traveling for FOSDEM.
@girish sweeeeet, will test this right now
Edit: Is there a way to pass Full name and E-Mail via OpenID? That's something I had been struggling with with my other setup as well.
-
@andreasdueren it's picked up for me by default.
@girish This may be a compatibility issue with my preexisting openID plugin. Testing.
-
Currently getting this. It's a pretty fresh installation so not sure what's going on yet.
-
Currently getting this. It's a pretty fresh installation so not sure what's going on yet.
@andreasdueren if we take that error at face value, it's unable to connect to my.domain.com . Can you check from web terminal of nextcloud, if you are able to
curl https://my.domain.com/.well-known/openid-configuration?Also, do other oidc apps work?
-
@andreasdueren if we take that error at face value, it's unable to connect to my.domain.com . Can you check from web terminal of nextcloud, if you are able to
curl https://my.domain.com/.well-known/openid-configuration?Also, do other oidc apps work?
@Joseph curl works. So does oidc on another app.
