Is Remote Wipe possible with this library?

[szaimen]

Please let us know, if remote wipe is supported with this library.

[tobiasKaminsky]

Currently there is no way implemented to notify the "3rd party" apps to do a remote wipe.

@David-Development do you think it is possible to trigger this somehow?

[mario]

Two ideas in my head:

• the files app stores real password instead of app tokens so it can provision app-tokens per requesting apps (bad, but Files is an official app after all so not THAT bad)
• a check in this library that allows checking if account exists - if NOT, then the 3rd app would delete its content for that account

[szaimen]

Thank you for your answers and ideas!

the files app stores real password instead of app tokens so it can provision app-tokens per requesting apps (bad, but Files is an official app after all so not THAT bad)

In my opinion getting app tokens for every app is a good idea, because then you can also use SSO inside Nextcloud talk. Downside is, that you have to change your password as soon as you change it elsewhere to update to the new password. Maybe you could workaround with a notification, that you have to change your password.

a check in this library that allows checking if account exists - if NOT, then the 3rd app would delete its content for that account

Beeing able to disconnect every app on my phone with just one click would be really nice, but would not work for nextcloud-talk because of the missing apptoken for each app.

Maybe there is also a third solution with working notifications in nextcloud-talk, no need to change the password on passwordchange and disconnecting all apps on the phone with just one click?

Could there be a way that apps register not via one app token for each app but are identifiable as single instances? I propose that than under security on the web-interface you can expand a list below this single app token for the whole phone (for this nextcloud-files-app on my phone) where apps that use this apptoken are listed. Then you could also disconnect the whole app token or just single apps. This way the app could be recognized by the server and could get also notifications (important for nextcloud-talk).

[tobiasKaminsky]

Downside is, that you have to change your password as soon as you change it elsewhere to update to the new password.

App tokens are independent from password changes.

[szaimen]

App tokens are independent from password changes.

Yes, I know but if the app would store the real password, it would be most likely no longer independent from password changes.

[tobiasKaminsky]

For security reasons I do not want to store real password in our app. This somehow circumvent the whole purpose of app tokens. What instead could be possible is to have "nested" app tokens, that is that you can create a new app token from an existing one. If this is possible, then we could create new app tokens for apps that access via SSO.

[szaimen]

What instead could be possible is to have "nested" app tokens, that is that you can create a new app token from an existing one. If this is possible, then we could create new app tokens for apps that access via SSO.

Sounds like a very good solution to me 👍

[szaimen]

@tobiasKaminsky Shall I open an issue on the server repo for that? Or will you do this?

[tobiasKaminsky]

I thought there is one, but I fail to find it, so if you also do not find it, please open a new one.

[szaimen]

@tobiasKaminsky I opened https://github.com/nextcloud/server/issues/17459. Feel free to add or correct, if you miss something or think, that something wasn't described properly.