[💡 Guide] Use external Nextcloud with Cloudron OpenID Connect Provider

BrutalBirdie

You have an external Nextcloud e.g. a Hetzner Nextcloud Share and want to use Cloudron Users with OpenID.

First we create an OpenID Client in Cloudron:
Go to https://my.DOMAIN.tld/#/usersettings and create an OpenID Client.
As Name for example we take CloudronNCOID and the secret is a generated password.
The Login callback Url (comma separated if more than one) for Nextcloud Social Login is something like this:
https://nc.DOMAIN.tld/apps/sociallogin/custom_oidc/my.DOMAIN.tld

So the main domain is the Nextcloud Domain and the part after the custom_oidc is the Internal Name that we set in the Social Login within Nextcloud, which we will configure later.

Signing Algorithm can stay RS256.

---

NOTE: All Cloudron OpenID URLs can be found here: https://my.DOMAIN.tld/.well-known/openid-configuration

On the Nextcloud install and enable the Social Login app.

Go Into the Admin Settings to Social-Login and add a custom OpenID-Connect.

There you need to fill out the needed information:

• Internal Name
  • my.DOMAIN.tld (See the first step of Cloudron which you took there)
• Title
  • choose for yourself
• Authorize url
  • https://my.DOMAIN.tld/openid/auth
• Token url
  • https://my.DOMAIN.tld/openid/token
• Display name claim (optional)
  • empty
• User info URL (optional)
  • https://my.DOMAIN.tld/openid/me
• Logout URL (optional)
  • empty
• Client Id
  • This you need to set yourself in cloudron, for example we use CloudronNCOID
• Client Secret
  • defined in Cloudron
• Scope
  • openid
• Groups claim (optional)
  • empty
• Button style
  • empty
• Default group
  • choose yourself

Save and it should work.

jdaviescoates

Thanks!

Presumably you'll add or link to this in the docs too @BrutalBirdie ?

BrutalBirdie

@jdaviescoates

Yea link at least.
But where would you expect this doc? For the Nextcloud app? This does not fit 100% since it's not about the Cloudron Nextcloud app.

Maybe to https://docs.cloudron.io/user-management/#openid-connect ?

jdaviescoates

@BrutalBirdie said in (howto) Use external Nextcloud with Cloudron OpenID Connect Provider:

But where would you expect this doc?

Perhaps in a section about OIDC?

girish

IMO, it's better to make these how to's SEO friendly with proper description and content. From what we have seen, the docs are not read as a manual like in the good old days.

People search -> hit forum post is the most common flow. The forum is waaaaaaaay more popular in SEO than the docs.