talk-android icon indicating copy to clipboard operation
talk-android copied to clipboard
verified publisher icon nextcloud

Login Flow v2

Open mahibi opened this issue 10 months ago • 4 comments

Implement Login Flow v2

Doc: https://docs.nextcloud.com/server/19/developer_manual/client_apis/LoginFlow/index.html#login-flow-v2

See android files app:

  • https://github.com/nextcloud/android/pull/12922
  • https://github.com/nextcloud/android/pull/14461

This will also avoid issues like https://github.com/nextcloud/talk-android/issues/3386

The best approach would be to extract Login&Authentication Screens to https://github.com/nextcloud/android-common and use them for all Nextcloud android apps.

mahibi avatar Feb 14 '25 12:02 mahibi

We still have problems while we login by username and password. Our nextcloud server working well behind an apache reverse proxy with subdirectory. If we try to login with some apps like the talk app for iOS and android we get requests like the following at the last login-step:

xx.xx.xx.174 - - [21/Feb/2025:10:02:24 +0100] "POST /bhhcloud/login/flow HTTP/1.1" 303 1069 "-" "Volla Volla Phone 22 (Nextcloud Talk)"
xx.xx.xx.174 - - [21/Feb/2025:10:02:25 +0100] "GET /server:https://myweb.de/cloud&user:username&password:1euf6i7sWv4VFoJ2TUFsb1ITnbO99lDdxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxA16gSLLL HTTP/1.1" 404 577 "-" "Volla Volla Phone 22 (Nextcloud Talk)"

I have no idea where this request have to be redirected to by the proxy. The last try was with the android talk app 20.1.1 installed by F-Droid an Nextcloud Server 30.0.6. Login by App-Password and QR-Code is a well known workaround but the android app can not login by QR-Code.

The login flow documentation talks about URLs like this. (https://docs.nextcloud.com/server/31/developer_manual/client_apis/LoginFlow/index.html#obtaining-the-login-credentials) Now my question is, could this problem be solved by implementing the login flow v 2? I don't now witch version is used by other working apps. If this could solve my problem it would save some off my time. Otherwise i will walk on and open a new ticket.

mario-spitze avatar Feb 21 '25 09:02 mario-spitze

I'm not sure why it fails for you but login flow v2 would solve this. However we might not find the time to switch to this in the near future

mahibi avatar Mar 11 '25 08:03 mahibi

The in-app browser doesn't support SSO that requires WebAuthn or opening another native app to complete the OIDC login flow.

wegylexy avatar Jun 22 '25 17:06 wegylexy

@rapterjet2004 can you work on this?

It's okay to have an initial version by copy&paste from the files app. (but extracting common code to the android-common lib should be tried afterwards in another PR)

mahibi avatar Jun 23 '25 11:06 mahibi

@nickvergessen told that there were many bugs fixed on serverside that should explain why login v2 did not work for clients a few weeks/months ago when we tried to implement it on android. @nickvergessen can you link these fixes here? Are all of them deployed on sermo and cnc?

@rapterjet2004 could you give it another try?

mahibi avatar Sep 17 '25 13:09 mahibi

E.g.

  • https://github.com/nextcloud/server/pull/54605
  • https://github.com/nextcloud/guests/pull/1402

and yes those are deployed on both. Others are not affecting the instances as we don't have the weird apps there.

nickvergessen avatar Sep 17 '25 15:09 nickvergessen