OIDC without discovery

[escoand]

I tried the new release with OIDC integration together with Nextcloud. But I found out Nextcloud is currently not providing the discovery endpoint (see https://openid.net/specs/openid-connect-discovery-1_0.html).

So, is it possible to use OIDC without this by explicitly setting the needed options?

Thanks in advance.

[alxlion]

Which package do you use to set up your Nextcloud instance as an identity provider ?

You can check its documentation. If you are using https://github.com/H2CK/oidc the realm should be something like https://your.instance/index.php/.well-known/openid-configuration.

[escoand]

I'm using the default built in implementation: https://docs.nextcloud.com/server/29/admin_manual/configuration_server/oauth2.html

[alxlion]

Nextcloud does not have OpenID Connect built-in, only Oauth2, and it's not recommended to use it in production because it does not support scoped access.

You can install this application (https://apps.nextcloud.com/apps/oidc) to add OIDC compatibility to your Nextcloud instance. In the security settings, add a new OIDC client as follows:

In your Claper configuration, use the URL of your Nextcloud instance in the OIDC_ISSUER variable.

Make sure all your users have an email address in their profile.

[escoand]

This is working, thanks.