Open bvaughan26 opened 4 years ago
cc @tobiasKaminsky
When you set up the app it should create an app password and thus changing the password should have no impact. @blizzz as you are our ldap expert :-)
thank you, the issue we face is when our users are forced to change their password (inside AD) every 90 days they are unable to update the password stored in the Android OS app (then they get locked out of our AD for multiple bad password attempts). The only way we've found as a workaround is to uninstall the Nextcloud Android App and reinstall it. There has to be a better way. You've created the ability inside the Apple iOS app. I've looked around and couldn't find any saved passwords for the app itself. This issue is for the Android Mobile App
@blizzz as you are our ldap expert :-)
The password is encrypted and app tokens unlock it. In case of an external password change, this needs to be redone which happens on a regular login.
until, the android app should just get a 401. I do not know how it behaves, but showing a pointer to login via web would bw useful.
about the lock out: Nextcloud should indeed do only one attempt per app token. It is then flagged and waits for an update.
The locking mechanism is being tricked by a growing number of apps, services or devices that authenticate against it.
Based on blizzz's comment I suppose that this needs to be implemented in the android app if not already done.
Likely similar as the issue in Desktop: nextcloud/desktop#3426
I'm unable to find the option for a user to update their password in the Android OS version of your app. The only way for a user to update their password is to delete their account and reset it back up. Could you please add a password update option inside the Android OS version like you have inside the Apple iOS?