[Bug] OIDC (Authentik) re-authentication fails with "an account for the same user and server already exists on the device" #111
Description
We have successfully set up the Authentik OIDC for OpenCloud. The login and authentication also works fine. Here are the settings for the provider as reference.
On the Android app when logging in after the Token has expired (after 30 days), the application tells us to sign in again to regain access. So far so good.
When pressing “SIGN IN” the authentication flow in Authentik starts and goes through login etc. successfully. Afterwards, the OpenCloud app reopens again and when providing the server e.g. https://my-opencloud.de we receive the message an account for the same user and server already exists on the device
One Workaround
We think that the Root Cause is that Android manages app logins using a centralized system called the Android Account Manager. When the Authentik token expires and the app prompts you to log in again, the app goes through the OIDC web flow. Upon a successful login, the app should simply update the existing token. Instead, due to how the app handles OAuth/OIDC handoffs, it tries to create a brand new account entry in Android.
Android looks at its list, sees that your-username@your-server already exists, and blocks it, throwing that exact error message.
One way to get past this error, is to clear the existing account from Android's system settings so the app can create the "new" one.
- Open the Android phone's Settings app.
- Scroll down and tap on Passwords & accounts (or just Accounts, depending on the Android version).
- Find the OpenCloud account in the list and tap on it.
- Tap Remove account. (this will only remove the local authentication link, it will not delete the data on the server. However, you may need to re-download files you previously marked as "available offline".)
- Open the OpenCloud app and log in via Authentik again. It should work now