ios icon indicating copy to clipboard operation
ios copied to clipboard
verified publisher icon nextcloud

Unable to login using device - Nextcloud app

Open kmpeterson opened this issue 9 months ago • 6 comments

How to use GitHub

  • Please use the 👍 reaction to show that you are affected by the same issue.
  • Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
  • Subscribe to receive notifications on status change and new comments.

Steps to reproduce

  1. Open Nextcloud app, click through advisory
  2. At login screen, choose "Log in with a device"
  3. Enter username, hit Log in

Expected behaviour

Expect Passkey to be activated and prompt to permit login.

Actual behaviour

Nothing happens.

Logs

(There does not appear to be any logs captured on the device.)

Server logs (sample):

/login/v2/poll?token=TXxdixMzPAaYnDrTjfonhf0y1zgIeUpscU43BZlhjED9eEhsiVH6Mpco0Olyjk2W0LA2JltmIbPTxy0PPI1UpSLwqDMPITEPSbY58dZHco0BRj7in2hxAS61sf32k56g

sent by the device to the server approximately every 1s.

Reasoning or why should it be changed/implemented?

Assumption that Login with a device would work given it shows as option.

Environment data

iOS version: 18.4

Nextcloud iOS app version: 6.6.0.4

Server operating system: Container (Podman on RHEL 9.4); base image e76c48e387cc "docker.io/library/nextcloud:stable" "NEXTCLOUD_VERSION=30.0.8"

Web server: n/a

Database: mariadb

PHP version: n/a

Nextcloud version: 30.0.8

Additional Notes This looks to me similar to #3230 . I'm not as well versed with iOS debugging, so I'm happy to send more logging if someone can direct me. Note that I set up a test account for this, and ended up wiping apps and data on my iOS device and reinstalling. Login using device works on macOS, and with Chrome and Safari browsers on ipadOS, and on Chrome on iOS. Safari on iOS screen fills up with what looks like TLS option fields dump. Invalid username entered does not change behavior. Login with password works as expected.

kmpeterson avatar Apr 10 '25 00:04 kmpeterson

Hi, Thank you for the report.

"Safari on iOS screen fills up with what looks like TLS option fields dump." Can you elaborate on this? Not sure exactly what you mean.

Is it possible to check if login works with another instnace version of Nextcloud? Also, does anything change if you disable most apps?

mpivchev avatar Apr 17 '25 07:04 mpivchev

I had same symptoms as yourself @kmpeterson which turned out to be remedied by disabling HTTP/3 on the reverse proxy. But your configuration may differ from mine and therefore this isn't applicable. I did not have the time to delve into why HTTP/3 was not working and try to fix that hence simply disabling it :). (H3 is enabled by default in the AIO distribution of Nextcloud in the Caddy rev proxy).

It may be worth building debug version of the Nextcloud app with Xcode and running it on the device, checking the logs. You'll likely see some h3 requests timing out if it's the same problem, or, you may find the different root cause :)

Hope this helps!

livmackintosh avatar Apr 17 '25 11:04 livmackintosh

Hi, Thank you for the report.

"Safari on iOS screen fills up with what looks like TLS option fields dump." Can you elaborate on this? Not sure exactly what you mean.

Yes, I understand that's not the most common thing to see. Here's what I captured - not a large image, as since I tried to save the screen cap to Nextcloud, I think it caused Safari and/or the clipping code to crash, so this is third-hand copy:

Image

Note that I do have my own certificate management of LetsEncrypt certs, but I don't know that would make a difference. This is on iPadOS, Safari, and the OS is 18.4.1 - I'll be interesting to see if that's what @livmackintosh also saw, and I'll look HTTP/3 (but I don't have a proxy on this service, so I'll look at the server running in the container). This screen appears to be the same as with my iOS Safari attempt.

Is it possible to check if login works with another instnace version of Nextcloud? Also, does anything change if you disable most apps?

So, not sure what you're asking here, but I'm happy to see if I can gather more information:

  1. I think you're asking about whether there's another server that I have tested against, and the answer there is no. I don't have access to another instance (don't know what happens if I try to use a Passkey against the public trial, but I'm happy to try it out if that will help). I think it's been a while since the container was updated (it's the container at docker://nextcloud:stable) but as of now the latest available there is still 30.0.8. I have a script checking for updates weekly and I usually just do the minor updates semi-automatically, so I'll let you know when that happens.
  2. I'm again uncertain what "disable most apps" means - whether this means disabling apps on my Nextcloud server, or other apps or perhaps other Nextcloud apps on my devices. As for the latter, the only one I have installed is Nextcloud Talk, though sadly I haven't had the opportunity to try it. I am connected (and frequently use) on my devices the Nextcloud app, and because of this my attempts to log in "with device" are via the "Add account" option. If it's essential to working through this, I could disconnect my primary account on one of my iOS devices and even delete/reinstall the Nextcloud app and try as a first or only account to use my Passkey.

In any event, let me know what you need and I'll undertake to give you feedback. Also, I tried to do some more digging on my device, and did find some logging information: in the app, I went to the "Add account" option and chose the server. I believe that even before I attempted to log in the app was generating the poll requests I included above, and the app on the device echos those requests and includes ...result: failure(Alamofire.AFError.responseValidationFailed(reason: Alamofire.AFError.ResponseValidationFailureReason.unacceptableStatusCode(code: 404))). Sorry that I wasn't able to find these when I originally opened this issue.

Hope this helps, and waiting for next steps. Thanks!

kmpeterson avatar Apr 18 '25 16:04 kmpeterson

Hi @kmpeterson are you still experiencing this issue with the latest Nextcloud version? Have you tried disabling HTTP/3?

mpivchev avatar Sep 04 '25 10:09 mpivchev

Hi Milen,

Thanks for checking in. This is Nextcloud running in a container (31.0.7, apparently the latest available) so apache - and as far as I'm aware, there's no support in Apache for HTTP/3. Literally the simplest small-scale setup...

No changes at all in the observed behavior. I had generally assumed that this functionality was in somewhat wider use, but either I'm wrong about that or my installation is so different from most that it otherwise doesn't make sense to try to track down the issue based on my individual environment. Is there data I can provide from logging or perhaps using a different version that would help?

kmpeterson avatar Sep 04 '25 14:09 kmpeterson

Just a small update: running iPadOS 26 now, and trying to login to an unrelated app using Safari (Kibana) - not enabled for anything other than password-based auth - Safari exhibits the same behavior: that overlay with what looks like a TLS certificate dump.

Again, a completely unrelated app, but this points to an iOS issue, so possibly indicating Nextcloud isn't implicated.

kmpeterson avatar Sep 25 '25 12:09 kmpeterson