H2CK
H2CK
We have to differentiate the behavior for the different endpoints. First to the endpoints at index.php/.well-known/openid-configuration and index.php/.well-known/webfinger : Those endpoints are controlled by the Nextcloud server and it is...
CORS usually is based on a preflight request. This OPTIONS request with the headers Origin and Access-Control-Request-Method (optionally also Access-Control-Request-Headers) is initiated by the browser in the background and in...
You are right that the GID is provided in the groups or roles claim. This is because the GID is the only unique identifier of a group. You can even...
I will add in the next days some more information about this to the documentation.
With version 1.7.0 (released soon) there will be the option to switch the behavior. Based on the application configuration the groupID or the display name will be used.
Release [1.7.0](https://github.com/H2CK/oidc/releases/tag/1.7.0) is now available which adds the possibility to use the display name instead of the group ID. For details have a look at the [documentation](https://github.com/H2CK/oidc/wiki/User-Documentation#scopes).
Based on your provided information I have no clue what the problem might be. The Nextcloud logs do not contain any call to the /apps/oidc/token endpoint. Could you provided corresponding...
Some further question: - Are you using the oidc app and the oauth implementation of Nextcloud in parallel? What are the calls to /api/oauth for?
While analyzing your issue I found a bug where the session data of the oidc app was lost after the performed login. This was only the case when BasicAuth was...
After further analysis the problem can be found in: ` {"reqId":"O2UkDEXICc5PkQ2l7Vxu","level":0,"time":"2024-09-12T16:33:25+00:00","remoteAddr":"192.168.1.254","user":"--","app":"core","method":"POST","url":"/apps/oidc/token","message":"Session token is invalid because it does not exist","userAgent":"openid-client/5.6.5 ([https://github.com/panva/node-openid-client)","version":"29.0.4.1","exception":{"Exception":"OC\\Authentication\\Exceptions\\InvalidTokenException","Message":"Token](https://github.com/panva/node-openid-client)%22,%22version%22:%2229.0.4.1%22,%22exception%22:%7b%22Exception%22:%22OC/Authentication/Exceptions/InvalidTokenException%22,%22Message%22:%22Token) does not exist: token does not ` The call to...