Implement SSO

[provokateurin]

https://github.com/nextcloud/Android-SingleSignOn

[Leptopoda]

This has been a problem for other flutter based nextcloud projects like:

• nextcloud passwords
• nextcloud yaga
• nextcloud cookbook

It has also been raised in the aforementioned Android-SingleSignOn repo.

The conclusion was that writing a wrapper around the NC-SSO lib would probably be as much work as writing it from scratch in dart. Judging from the cross platformness of this project a complete rewrite in flutter would be the way to go? Or would this just be implemented for Android and not for iOS and Desktop?

I'd be happy to tackle this issue so maybe we should discuss the way forward :)

[provokateurin]

I started writing a wrapper for the android lib once, but quickly lost interest because it wasn't as easy as I thought. I think it was possible to get the username and password, so we wouldn't need to send all network requests over the files app (which would an unjustifyable amount of work imo).

How would you rewrite it in flutter? Yes we could just make a simple library to handle the login flow and then store the result somwhere so that other apps can access it too, but that seems quite problematic on a security level. Not sure what you had in mind, but we can definitely take a look and see what is possible.

CC @vauvenal5 (@Leptopoda could you also invite the other people from the linked projects/issues so we can discuss this together?)

[provokateurin]

Thought for later: Maybe the flutter implementation could use the android library on android instead of the standard implementation used for all other platforms.

[Leptopoda]

@Leptopoda could you also invite the other people from the linked projects/issues so we can discuss this together? I just left a comment in the nc-passwords repo over on GitLab. Also @Teifun2 from the cookbook app might be interested.

@provokateurin the links above are not to just to the projects but to their individual issues about that issue. You might want to check them out (should've made that more clear).

Not sure what you had in mind, but we can definitely take a look and see what is possible.

tbh I hadn't had any thoughts on this yet. I just jumped from one repo to another and read their findings (one of wich pointed me to your old nc-dart effort).

[provokateurin]

I think for desktop the best solution is making the authentication work over an http proxy. A central app can manage the accounts and authentication and other clients can get a list of accounts and just configure an http proxy that points to the central app. This way no credentials need to be exposed to other apps. This is a bit similar to how it works on Android with the lib, but it's impossible to use it on other platforms of course.

[provokateurin]

@Leptopoda do you think we still need this? I feel like with our current approach very few users would install multiple clients and need SSO. Of course we still want to make it possible to run a client with a single app, but then you probably won't need SSO.

The whole SSO thing is also quite complicated because how do you determine what the "root" client is that handles the SSO? I feel like the solution would be quite hacky and not really useful or used by anyone.

[Leptopoda]

I feel like the solution would be quite hacky and not really useful or used by anyone.

I agree that the added complexity isn't worth it. If someone really asks for such a feature we could reconsider this.