Cannot administer APP Passwords after moving to OIDC integration

odie

There have been several issues moving to OIDC with Nextcloud, primarily discussed here: https://forum.cloudron.io/topic/13285/nextcloud-fails-to-provision-my-users-after-upgrade-to-v30.05/15

I am currently on package v5.0.4, since the v5.1.0 version seemed to re-introduce the "failed to provision user" error upon login.

In addition to the issues discussed in the above post (which don't seem to be solved in package v5.1.0), Nextcloud cannot make use of APP Passwords after migrating to OIDC. Exisiting App passwords are invalid, and when attempting to set new, I only get HTTP 503 errors in my log:

Feb 17 23:17:27 [IP] - - [17/Feb/2025:22:17:27 +0000] "POST /settings/personal/authtokens HTTP/1.1" 503 2 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Gecko/20100101 Firefox/135.0"
Feb 17 23:17:30 [IP] - - [17/Feb/2025:22:17:30 +0000] "POST /settings/personal/authtokens HTTP/1.1" 503 2 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Gecko/20100101 Firefox/135.0"

This is related to the OIDC integration. If I log in as admin (the built-in admin account), I can set APP Passwords perfectly.

girish

Is the app password issue in 5.1.0 or 5.0.4 or both ? And to double check the app passwords are inside nextcloud correct ? (because cloudron also has an app password feature)

odie

@girish said in Cannot administer APP Passwords after moving to OIDC integration:

Is the app password issue in 5.1.0 or 5.0.4 or both ? And to double check the app passwords are inside nextcloud correct ? (because cloudron also has an app password feature)

Yes, the app password issue is in both 5.1.0 and 5.0.4 (Go to Nextcloud -> Profile settings -> Personal settings -> Security and look under "Devices & sessions"). It's impossible to delete old tokens (pre OIDC migration) and impossible to add new (get http error 503 in the logs, like above).

Nextcloud APP passwords are required for clients (mobile and app), plus some external services.

joseph

I tried this on a new install and I can't reproduce this. @odie can you please check if you see the same issue on a new install? I think that's one step to understand if we are testing this wrong OR this is some update related issue

odie

@joseph said in Cannot administer APP Passwords after moving to OIDC integration:

I tried this on a new install and I can't reproduce this. @odie can you please check if you see the same issue on a new install? I think that's one step to understand if we are testing this wrong OR this is some update related issue

I tested several times, and I can't reproduce it either. It just works. On package 5.1.1. No need to install a clean install either.

I have no way to explain this. It just stopped behaving this way. I can even delet the same old APP Password that I previously got a "failed" message on.

You can probably mark this as solved...??