Add nextcloud OIDC provider #1821
Conversation
|
Thank you for working on this but I'm not sure if it will be a good idea to integrate it in the main package because this doesn't seem to be an officially Nextcloud supported OAuth2 app, right? Also I couldn't find anywhere whether they support the PKCE flow or not (this is not required and #55 will help further, but it would be nice if it is documented somewhere). Additionally, we have to check whether the provider will always return the email even if it is not verified because in this case we cannot trust it and it would be better to not set the email since it is used for accounts linking. Usually some providers have |
|
Additionally, Nextcloud seems to have their own OAuth2 integration without the need of the external app - https://docs.nextcloud.com/server/16/admin_manual/configuration_server/oauth2.html, but the documentation is very limited and I'm not sure if the above will work with it (there is no information on the scopes or the responses). Update:
In this case I'm not sure if it will be a good idea to integrate with Nextcloud at this stage since I don't want to rely on non-officially maintained integrations. There is an existing issue for adding scopes in nextcloud/server#26233 but seems to be marked as stale and based on the comments there is no indication that they plan to implement it anytime soon. Since oidc-like providers are fairly similar, to some extend you should be able to use the already existing Authentik integration (I'll consider mentioning it in the Admin UI sometime in the future). |
Nextcloud has an app that allows you to use your instance as an OpenID Connect provider (https://github.com/H2CK/oidc/wiki/User-Documentation). I personally use this to manage access to my personal apps, and having this in pocketbase would be useful!