NextCloud integration

[MarekPikula]

In our company we use extensively NextCloud as our cloud service and Rocket.Chat to communicate with each other. Sometimes there is need to share some file on chat and what we do is copy link to cloud and paste in chat, but it isn't pretty solution, as Rocket doesn't know what is behind login-wall.

Ways of integration:

1. Create NextCloud app, so that Rocket is available directly from NextCloud – will be relatively easy, as it can be just iframe as it's done ex. in Collabora app.
2. Auto login. We currently use LDAP for auth, so there is no problem for us in terms of authentication source (it could be done just like in RainLoop webmail app, which has option to automatically login with NextCloud credentials), but I believe that some installations don't involve LDAP, so it would be nice to have support for NextCloud's auth source. Good thing is that NextCloud has some nice APIs, so it will be just matter of GET request and parsing XML, as described here: https://docs.nextcloud.com/server/12/developer_manual/client_apis/OCS/index.html
3. WebDAV file sharing integration, to allow for easy file sharing on chat. It could be great integration on its own, not necessarily directly connected to NextCloud, but to WebDAV in general. The way I see it is that Rocket fetches file info with PROPFIND request and generates or fetches thumbnail from WebDAV server. The thumbnail part may be a little bit tricky, but I think that there will be no problem with NextCloud in this matter, as thumbnails can be generated by NextCloud itself and then available via some GET request (just created issue for this: nextcloud/server#6176).
4. NextCloud as Rocket's file storage. At this point we'll already have WebDAV auth support, so it would be just a matter of selecting some shared folder without permission to delete and change.
5. NextCloud as attachment source. It would be nice to be able to browse NextCloud and add files directly from there to Rocket conversation. Could be done by sending file unique URL to chat, the format is: {NextCloud server}/index.php/f/{fileid}, where fileid can be fetched from WebDAV with PROPFIND oc:fileid.
6. NextCloud notifications about Rocket messages. That's not crucial, but would be nice to have as an option. I'm not yet sure how it could be done, but it can definitely be done.

So please tell me what do you think about all of this. To be honest I'm not too much of Node programmer, so I cannot help on the Rocket side, but I have some PHP background so I could write and maintain NextCloud app.

[MarekPikula]

Note that at the moment iframe integration (ie. first point) can be easily achieved with External app (https://apps.nextcloud.com/apps/external).

[tiredofit]

I have similar ideas, yet my programming skills both in Ruby and PHP are pitiful at best. One of the features that I found would be useful (and actually what initially brought me to Rocketchat+) was to be able to have it running at all times in the background for the notification support. The Chat/XMPP plugin accomplishes this somehow. Looking forward to seeing what comes of this, although I'll be more of a cheerer on the sidelines.

[MarekPikula]

Well, #404 would be in fact useful as one of ways besides app iframe. Currently there is NextCloud app ojsxc, which provides nice-looking XMPP interface on top of NextCloud interface.

[marbetschar]

Would really love to see an integration between Rocket.Chat und Nextcloud. To start with I would be happy to post notifications from Nextcloud to Rocket.Chat. After this, having Nextcloud as attachment source would be awesome!

[Jorval]

Hey, We also use Nextcloud and i started a rocketchat server for the IT Department a while ago. unfortunally my colleague's don't use the chat anymore so the server wasn't used much.

Now the Managment likes a similiar setup and i try to revive the rocket.chat and also like to integrate nextcloud as mcuh as possible.

Any step to bring these both awesome tools together will help me argument to invest or even donate to both projects.

I have just small coding skills myself but try to help as much as i can.

[ThomasSteinbach]

Point no. 5 is very interesting for me. Currently attaching files means keeping them twice on the server. It would be ideal, if Rocket.Chat would allow to store/search attachments on/from Nextcloud <3

[tezukzai]

+1 for all of this functionality! NextCloud+RocketChat would be very powerful.

[beankylla]

• 1 for this, would come really handy

[geekgonecrazy]

I believe some nextcloud integration is proposed as a gsoc project. But long term if we were to do this, it would be in the forum of a Rocket.Chat App.

[MarekPikula]

For now it is possible to use NextCloud as OAuth2 provider, so that if someone doesn't use some external way of authentication (like LDAP) it can be very useful, as credentials are managed by NextCloud and Rocket.Chat authenticates via OpenID Connect. I didn't test it yet, but configuring OAuth2 is pretty straightforward, so it should work out of the box. Probably it would be also possible to share some other resources via OAuth2 (like files and so on), but it would require some development on Rocket.Chat side.

[moonwolf-github]

@MarPiRK have you tested this approach? I'm trying to use Nextcloud as Oauth2 provider for rocket.chat and as for now i didn't succeded...

[andreas-bulling]

Additional idea: Similar to the integration available with GoogleCalendar, the Nextcloud calendar could be integrated into Rocket.Chat, e.g. users could create a special room that notifies them about calendar events.

[moonwolf-github]

I did it! Now it seems pretty staightforward (:) It works with Nextcloud 13.0.2 and rocket 0.64.1 You have to set token path to /index.php/apps/oauth2/api/v1/token Identity Path to /ocs/v2.php/cloud/user?format=json Authorize Path to /index.php/apps/oauth2/authorize username field to ocs.data.id Allow user registration through external services (if you don't want to create user by hand).

And it works :tired_face:

[alasserr]

Hi, I've successfully connected Nextcloud 13.0.2 with 0.64.1 RocketChat (thanks moonwolf-github !); ... BUT : everytime I use the Oauth Connector to access RockeChat over Nextcloud login form, I loose my Nextcloud session (i.e. : if Nextcloud is open in another Browser Tab, the user is disconnected and I have to reconnect). Any thoughts from someone ?

[ggazzo]

hey actually we have a gsoc student(@karakayasemi) working on (next|own)cloud, and I believe very soon we will have this feature :)

[GoetheG]

@MarPiRK, this is a great idea you have. Same here. We are using Nextcloud and Rocket.Chat at the same time. Both software may be build in a different way, but they are open source. In my opinion there should be more interaction between both.

[isabellarussell]

Hi guys! It's happening! https://rocket.chat/2018/09/17/RC-Nextcloud-partnership-post/

[ubarsaiyan]

I did it! Now it seems pretty staightforward (:) It works with Nextcloud 13.0.2 and rocket 0.64.1 You have to set token path to /index.php/apps/oauth2/api/v1/token Identity Path to /ocs/v2.php/cloud/user?format=json Authorize Path to /index.php/apps/oauth2/authorize username field to ocs.data.id Allow user registration through external services (if you don't want to create user by hand).

And it works

Hey! Can anybody confirm that this works? I tried to use nextcloud as oauth for RC and the nextcloud auth popup appears and I can easily log in and grant permission but when the window closes RC gives an "Internal Server Error".

[geekgonecrazy]

Any server errors?

[ubarsaiyan]

@geekgonecrazy Thank you for responding. I wish to take this forward this year with a GSoC project. I'm building both RC and NC from source and individually they are working fine. I'm able to use NC as a file upload storage for RC. I'm also able to open the file picker for NC from within RC and then send files stored at NC server in RC chats through webdav. But I'm getting "Internal Server Error" when I try to login to RC via NC oauth.

EDIT: I think this may be related to the fact that I have both RC and NC on http instead of https. This issue may also be related. https://github.com/RocketChat/Rocket.Chat/issues/919

EDIT2: It finally worked! Turns out the Identity Path does not need index.php so removing it from the url. I am editing the config if anyone else has this issue. Also, I moved to a remote server from local server.

This is my custom oauth config that I have entered in RC. I think something may be wrong here. URL: [SERVER] (Eg. http://localhost/nextcloud/) Token Path: index.php/apps/oauth2/api/v1/token Token Sent Via: Header Identity Token Sent Via: Same as Token Sent Via Identity Path: /ocs/v2.php/cloud/user?format=json Authorize Path: index.php/apps/oauth2/authorize Scope: openid Id: kipMYAZQxbg0lCU***************************qcb9vQhUG1sRBKkmx Secret: nDX0y0FILGjkJ*****************************HNPuYnt52OYuM5smW Username field: ocs.data.id

This is the RC log:

W20190323-16:05:54.449(5.5) (oauth_server.js:392) Error in OAuth Server: Failed to complete OAuth handshake with nextcloud at http://localhost/nextcloud/index.php/apps/oauth2/api/v1/token. failed [500] <!DOCTYPE html> <html class="ng-csp" data-placeholder-focus="false" lang="en" data-locale="en" >  <head  data-requesttoken="">        <meta charset="utf-8">      <title>         Nextcloud       </title>        <meta http-equiv="X-UA-Compatible" content="IE=edge">       <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">       <meta name="apple-itunes-app" content="app-id=1125420102">      <meta name="theme-color" content="#0082c9">         <link rel="icon" href="/nextcloud/index.php/apps/theming/fa...
I20190323-16:05:54.585(5.5)? Exception while invoking method 'login' { Error: Failed to complete OAuth handshake with nextcloud at http://localhost/nextcloud/index.php/apps/oauth2/api/v1/token. failed [500] <!DOCTYPE html> <html class="ng-csp" data-placeholder-focus="false" lang="en" data-locale="en" >     <head  data-requesttoken="">        <meta charset="utf-8">      <title>         Nextcloud       </title>        <meta http-equiv="X-UA-Compatible" content="IE=edge">       <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">       <meta name="apple-itunes-app" content="app-id=1125420102">      <meta name="theme-color" content="#0082c9">         <link rel="icon" href="/nextcloud/index.php/apps/theming/fa...
I20190323-16:05:54.586(5.5)?     at CustomOAuth.getAccessToken (app/custom-oauth/server/custom_oauth_server.js:118:18)
I20190323-16:05:54.586(5.5)?     at Object.OAuth.registerService.query [as handleOauthRequest] (app/custom-oauth/server/custom_oauth_server.js:174:29)
I20190323-16:05:54.586(5.5)?     at OAuth._requestHandlers.(anonymous function) (packages/oauth2/oauth2_server.js:10:33)
I20190323-16:05:54.586(5.5)?     at middleware (packages/oauth/oauth_server.js:161:5)
I20190323-16:05:54.586(5.5)?     at /home/utkarsh/.meteor/packages/promise/.0.11.2.zpjg1x.sihl++os+web.browser+web.browser.legacy+web.cordova/npm/node_modules/meteor-promise/fiber_pool.js:43:40
I20190323-16:05:54.586(5.5)?   message: 'Failed to complete OAuth handshake with nextcloud at http://localhost/nextcloud/index.php/apps/oauth2/api/v1/token. failed [500] <!DOCTYPE html> <html class="ng-csp" data-placeholder-focus="false" lang="en" data-locale="en" > \t<head  data-requesttoken=""> \t\t<meta charset="utf-8"> \t\t<title> \t\tNextcloud\t\t</title> \t\t<meta http-equiv="X-UA-Compatible" content="IE=edge"> \t\t<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0"> \t\t<meta name="apple-itunes-app" content="app-id=1125420102"> \t\t<meta name="theme-color" content="#0082c9"> \t\t<link rel="icon" href="/nextcloud/index.php/apps/theming/fa...',
I20190323-16:05:54.587(5.5)?   response: 
I20190323-16:05:54.587(5.5)?    { statusCode: 500,
I20190323-16:05:54.587(5.5)?      content: '<!DOCTYPE html>\n<html class="ng-csp" data-placeholder-focus="false" lang="en" data-locale="en" >\n\t<head\n data-requesttoken="">\n\t\t<meta charset="utf-8">\n\t\t<title>\n\t\tNextcloud\t\t</title>\n\t\t<meta http-equiv="X-UA-Compatible" content="IE=edge">\n\t\t<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">\n\t\t<meta name="apple-itunes-app" content="app-id=1125420102">\n\t\t<meta name="theme-color" content="#0082c9">\n\t\t<link rel="icon" href="/nextcloud/index.php/apps/theming/favicon?v=0">\n\t\t<link rel="apple-touch-icon-precomposed" href="/nextcloud/index.php/apps/theming/icon?v=0">\n\t\t<link rel="mask-icon" sizes="any" href="/nextcloud/core/img/favicon-mask.svg" color="#0082c9">\n\t\t<link rel="manifest" href="/nextcloud/index.php/apps/theming/manifest?v=0">\n\t\t<link rel="stylesheet" href="/nextcloud/core/css/guest.css?v=599d2865-0">\n\t\t<script nonce="UHJzbUN1eG9yUE83QzZKVVBrc3NhQ1ZPTy9hdG1SdEtjd3MvRDczempPdz06RmMxblk0b2dsSnJ0UCs4TmFSRmdEVzU1ZDhmdjh6QStIWDVLT00rOTQ2bz0=" defer src="/nextcloud/core/js/dist/main.js?v=599d2865-0"></script>\n<script nonce="UHJzbUN1eG9yUE83QzZKVVBrc3NhQ1ZPTy9hdG1SdEtjd3MvRDczempPdz06RmMxblk0b2dsSnJ0UCs4TmFSRmdEVzU1ZDhmdjh6QStIWDVLT00rOTQ2bz0=" defer src="/nextcloud/index.php/js/core/merged-template-prepend.js?v=599d2865-0"></script>\n<script nonce="UHJzbUN1eG9yUE83QzZKVVBrc3NhQ1ZPTy9hdG1SdEtjd3MvRDczempPdz06RmMxblk0b2dsSnJ0UCs4TmFSRmdEVzU1ZDhmdjh6QStIWDVLT00rOTQ2bz0=" defer src="/nextcloud/core/search/js/search.js?v=599d2865-0"></script>\n<script nonce="UHJzbUN1eG9yUE83QzZKVVBrc3NhQ1ZPTy9hdG1SdEtjd3MvRDczempPdz06RmMxblk0b2dsSnJ0UCs4TmFSRmdEVzU1ZDhmdjh6QStIWDVLT00rOTQ2bz0=" defer src="/nextcloud/core/js/dist/share_backend.js?v=599d2865-0"></script>\n<script nonce="UHJzbUN1eG9yUE83QzZKVVBrc3NhQ1ZPTy9hdG1SdEtjd3MvRDczempPdz06RmMxblk0b2dsSnJ0UCs4TmFSRmdEVzU1ZDhmdjh6QStIWDVLT00rOTQ2bz0=" defer src="/nextcloud/core/search/js/searchprovider.js?v=599d2865-0"></script>\n<script nonce="UHJzbUN1eG9yUE83QzZKVVBrc3NhQ1ZPTy9hdG1SdEtjd3MvRDczempPdz06RmMxblk0b2dsSnJ0UCs4TmFSRmdEVzU1ZDhmdjh6QStIWDVLT00rOTQ2bz0=" defer src="/nextcloud/core/js/files/fileinfo.js?v=599d2865-0"></script>\n<script nonce="UHJzbUN1eG9yUE83QzZKVVBrc3NhQ1ZPTy9hdG1SdEtjd3MvRDczempPdz06RmMxblk0b2dsSnJ0UCs4TmFSRmdEVzU1ZDhmdjh6QStIWDVLT00rOTQ2bz0=" defer src="/nextcloud/core/js/files/client.js?v=599d2865-0"></script>\n\t\t<link rel="stylesheet" href="/nextcloud/index.php/apps/theming/styles?v=0"/><script defer src="/nextcloud/index.php/apps/theming/js/theming?v=0" nonce="UHJzbUN1eG9yUE83QzZKVVBrc3NhQ1ZPTy9hdG1SdEtjd3MvRDczempPdz06RmMxblk0b2dsSnJ0UCs4TmFSRmdEVzU1ZDhmdjh6QStIWDVLT00rOTQ2bz0="></script><script defer src="/nextcloud/index.php/apps/accessibility/js/accessibility?v=0" nonce="UHJzbUN1eG9yUE83QzZKVVBrc3NhQ1ZPTy9hdG1SdEtjd3MvRDczempPdz06RmMxblk0b2dsSnJ0UCs4TmFSRmdEVzU1ZDhmdjh6QStIWDVLT00rOTQ2bz0="></script>\t</head>\n\t<body id="body-login">\n\t\t<noscript>\n\t<div id="nojavascript">\n\t\t<div>\n\t\t\tThis application requires JavaScript for correct operation. Please <a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer noopener">enable JavaScript</a> and reload the page.\t\t</div>\n\t</div>\n</noscript>\n\t\t\t\t<div class="wrapper">\n\t\t\t<div class="v-align">\n\t\t\t\t\t\t\t\t\t<header role="banner">\n\t\t\t\t\t\t<div id="header">\n\t\t\t\t\t\t\t<div class="logo">\n\t\t\t\t\t\t\t\t<h1 class="hidden-visually">\n\t\t\t\t\t\t\t\t\tNextcloud\t\t\t\t\t\t\t\t</h1>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t</header>\n\t\t\t\t\t\t\t\t<main>\n\t\t\t\t\t<div class="error error-wide">\n\t<h2>Internal Server Error</h2>\n\t<p>The server was unable to complete your request.</p>\n\t<p>If this happens again, please send the technical details below to the server administrator.</p>\n\t<p>More details can be found in the server log.</p>\n\n\t<h3>Technical details</h3>\n\t<ul>\n\t\t<li>Remote Address: 127.0.0.1</li>\n\t\t<li>Request ID: QOdE6eowMdjOIrxByrUv</li>\n\t\t\t</ul>\n\n\t</div>\n\t\t\t\t</main>\n\t\t\t</div>\n\t\t</div>\n\t\t<footer role="contentinfo">\n\t\t\t<p class="info">\n\t\t\t\t<a href="https://nextcloud.com" target="_blank" rel="noreferrer noopener" class="entity-name">Nextcloud</a> – a safe home for all your data\t\t\t</p>\n\t\t</footer>\n\t</body>\n</html>\n',
I20190323-16:05:54.587(5.5)?      headers: 
I20190323-16:05:54.587(5.5)?       { date: 'Sat, 23 Mar 2019 10:35:52 GMT',
I20190323-16:05:54.587(5.5)?         server: 'Apache/2.4.38 (Unix) PHP/7.3.3',
I20190323-16:05:54.587(5.5)?         'x-powered-by': 'PHP/7.3.3',
I20190323-16:05:54.588(5.5)?         'set-cookie': [Array],
I20190323-16:05:54.588(5.5)?         expires: 'Thu, 19 Nov 1981 08:52:00 GMT',
I20190323-16:05:54.588(5.5)?         'cache-control': 'no-store, no-cache, must-revalidate',
I20190323-16:05:54.588(5.5)?         pragma: 'no-cache',
I20190323-16:05:54.588(5.5)?         'content-security-policy': 'default-src \'self\'; script-src \'self\' \'unsafe-eval\' \'nonce-UHJzbUN1eG9yUE83QzZKVVBrc3NhQ1ZPTy9hdG1SdEtjd3MvRDczempPdz06RmMxblk0b2dsSnJ0UCs4TmFSRmdEVzU1ZDhmdjh6QStIWDVLT00rOTQ2bz0=\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src * data: blob:; font-src \'self\' data:; media-src *; connect-src *; object-src \'none\'; base-uri \'self\';',
I20190323-16:05:54.588(5.5)?         'x-frame-options': 'SAMEORIGIN',
I20190323-16:05:54.622(5.5)?         'x-xss-protection': '1; mode=block',
I20190323-16:05:54.622(5.5)?         'x-content-type-options': 'nosniff',
I20190323-16:05:54.622(5.5)?         'x-robots-tag': 'none',
I20190323-16:05:54.622(5.5)?         'x-download-options': 'noopen',
I20190323-16:05:54.622(5.5)?         'x-permitted-cross-domain-policies': 'none',
I20190323-16:05:54.622(5.5)?         'referrer-policy': 'no-referrer',
I20190323-16:05:54.623(5.5)?         'content-length': '4096',
I20190323-16:05:54.623(5.5)?         connection: 'close',
I20190323-16:05:54.623(5.5)?         'content-type': 'text/html; charset=UTF-8' },
I20190323-16:05:54.623(5.5)?      data: null } }

[geekgonecrazy]

So dropping index.php from path solved?

[ubarsaiyan]

@geekgonecrazy yes! It did... Though I am still not able to integrate NC OAuth in local server even after using ngrok and then changing the server URL to the ngrok one. It shows an error that unable to verify first certificate and handshake could not be completed. :( Though I couldn't give much time to solve this then.

[nooblag]

Note that at the moment iframe integration (ie. first point) can be easily achieved with External app (https://apps.nextcloud.com/apps/external).

Is there a guide on how to do this? I'd like to try that, if I may, but having trouble finding resources/walkthroughs.

In Rocket Chat, what do I put in here:

And then, in Nextcloud do I need to do anything special when adding Rocket Chat as an external site?