[Bug]: unable to create new app password manually

[ProjectPatatoe]

⚠️ This issue respects the following points: ⚠️

• [X] This is a bug, not a question or a configuration/webserver/proxy issue.
• [X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• [X] I agree to follow Nextcloud's Code of Conduct.

Bug description

I'm unable to create a new app password for a script for my user. No errors listed anywhere that seem relevant and no error dialog. I am however able to create an app key on my admin user.

Steps to reproduce

1. User Settings
2. Security
3. Enter name and click on "Create new app password"
4. Noting happens visually, error 503 to https://my.site/settings/personal/authtokens

Expected behavior

Get dialog with token/password/etc

Installation method

Community Web installer on a VPS or web space

Nextcloud Server version

29

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.3

Web server

Apache (supported)

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Updated from a MINOR version (ex. 28.0.1 to 28.0.2)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• [ ] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [X] Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "laputa.pt23.net"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "29.0.3.4",
        "overwrite.cli.url": "https:\/\/my.site",
        "htaccess.RewriteBase": "\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "default_phone_region": "US",
        "installed": true,
        "log_type": "file",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "loglevel": 1,
        "syslog_tag": "Nextcloud",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "dbindex": 1,
            "password": "***REMOVED SENSITIVE VALUE***",
            "timeout": 1.5
        },
        "mail_smtpmode": "smtp",
        "mail_smtpauth": 1,
        "mail_sendmailmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "maintenance_window_start": 10,
        "memories.db.triggers.fcu": true,
        "memories.exiftool": "\/srv\/nextcloud\/apps\/memories\/bin-ext\/exiftool-amd64-glibc",
        "memories.vod.path": "\/srv\/nextcloud\/apps\/memories\/bin-ext\/go-vod-amd64",
        "memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
        "memories.vod.ffprobe": "\/usr\/bin\/ffprobe",
        "app_install_overwrite": [
            "keeweb"
        ],
        "memories.gis_type": 2,
        "preview_max_x": 2048,
        "preview_max_y": 2048,
        "enabledPreviewProviders": [
            "OC\\Preview\\TIFF",
            "OC\\Preview\\Image",
            "OC\\Preview\\HEIC",
            "OC\\Preview\\Movie"
        ],
        "theme": ""
    }
}

List of activated Apps

Enabled:
  - activity: 2.21.1
  - admin_audit: 1.19.0
  - audioplayer: 3.4.1
  - bruteforcesettings: 2.9.0
  - calendar: 4.7.11
  - camerarawpreviews: 0.8.5
  - circles: 29.0.0-dev
  - cloud_federation_api: 1.12.0
  - comments: 1.19.0
  - contacts: 6.0.0
  - contactsinteraction: 1.10.0
  - cookbook: 0.11.1
  - cospend: 1.6.1
  - dashboard: 7.9.0
  - dav: 1.30.1
  - dicomviewer: 2.1.2
  - drawio: 3.0.2
  - federatedfilesharing: 1.19.0
  - files: 2.1.0
  - files_3dmodelviewer: 0.0.14
  - files_downloadlimit: 2.0.0
  - files_pdfviewer: 2.10.0
  - files_reminders: 1.2.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - firstrunwizard: 2.18.0
  - google_synchronization: 2.2.0
  - guests: 3.1.0
  - integration_onedrive: 3.2.1
  - keeweb: 0.6.19
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - mail: 3.7.2
  - memories: 7.3.1
  - nextcloud_announcements: 1.18.0
  - notes: 4.10.0
  - notifications: 2.17.0
  - oauth2: 1.17.0
  - password_policy: 1.19.0
  - photos: 2.5.0
  - previewgenerator: 5.5.0
  - privacy: 1.13.0
  - provisioning_api: 1.19.0
  - recommendations: 2.1.0
  - related_resources: 1.4.0
  - richdocuments: 8.4.3
  - richdocumentscode: 24.4.402
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - support: 1.12.0
  - survey_client: 1.17.0
  - systemtags: 1.19.0
  - text: 3.10.1
  - theming: 2.4.0
  - twofactor_backupcodes: 1.18.0
  - updatenotification: 1.19.1
  - user_oidc: 5.0.3
  - user_status: 1.9.0
  - viewer: 2.3.0
  - weather_status: 1.9.0
  - workflowengine: 2.11.0
Disabled:
  - deck: 1.13.1 (installed 1.13.1)
  - encryption: 2.17.0
  - end_to_end_encryption: 1.15.2 (installed 1.15.2)
  - federation: 1.19.0 (installed 1.19.0)
  - files_external: 1.21.0
  - spreed: 19.0.6 (installed 19.0.6)
  - suspicious_login: 7.0.0
  - twofactor_totp: 11.0.0-dev
  - user_ldap: 1.20.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

Error   jsresourceloader    
Could not find resource firstrunwizard/js/personalsettings.js to load
"Jul 13, 2024, 12:54:27 AM" 
Error   jsresourceloader    
Could not find resource firstrunwizard/js/personalsettings.js to load
"Jul 13, 2024, 12:50:35 AM" 
Error   core    
InvalidTokenException Token does not exist: token does not exist
Renewing session token failed: Token does not exist: token does not exist
"Jul 13, 2024, 12:47:45 AM"

Additional info

it works on my admin user, but not for my regular user. I do have apps set up (phone apps, other browsers) using oidc for login

[ProjectPatatoe]

hmm.... interesting. Logging out and back in again seems to have fixed it. But it shouldn't have been an expired session since I was still able to click around and access other pages. Not sure if there is anything I can do to provide more info.

[koelle25]

I just had the same problem, and logging back in indeed fixed worked around it. For reference: I use OpenID-Connect via a private Keycloak instance to login.

[susnux]

Reason is the user backend you are using. Auth tokens require password confirmation if logged in x time before. For your user backend this is not implemented.