OCIS desktop client does not reconnect automatically (OIDC)

[C8opmBM]

Describe the bug

A clear and concise description of what the bug is.

After a while, the windows desktop client needs sign out and relogin and re-validate the link in the browser for authentication

Expected behavior

A clear and concise description of what you expected to happen.

I expect the client to stay connected all the time (similar behaviour as say nextcloud client), or at least to reconnect after pressing "Reconnect" button.

Actual behavior

A clear and concise description of what happened.

Client is not connected, it needs logging out, then relogin and vaildate the link in the browser. This happens every other 12 hours or upon pc restart.

Setup

Im using authelia with oidc for all 3 clients (web, desktop and android app). Domain handled via caddy v2. My working docker compose:

  owncloud:
    container_name: owncloud
    hostname: owncloud
    image: owncloud/ocis:latest
    profiles:
      - private
    networks:
      - ownmedia
    entrypoint:
      - /bin/sh
    command: ["-c", "ocis init || true; ocis server"]
    environment:
      DEMO_USERS: "false"
      PROXY_TLS: "false"
      OCIS_INSECURE: "false"
      OCIS_URL: ${OCIS_URL}
      PROXY_HTTP_ADDR: ${OCIS_PROXY_HTTP_ADDR}
      OCIS_LOG_LEVEL: info
      OCIS_LOG_COLOR: "true"
      OCIS_LOG_PRETTY: "true"
      OCIS_LOG_TIMEZONE: ${TZ}

      OCIS_OIDC_ISSUER: ${OCIS_OIDC_ISSUER}
      WEB_OIDC_CLIENT_ID: ${OCIS_WEB_OIDC_CLIENT_ID}
      PROXY_OIDC_REWRITE_WELLKNOWN: "true"
      PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD: none
    expose:
      - 9200
    volumes:
      - ${CONFIGDIR}/ownCloud/config:/etc/ocis
      - ${CLOUDDIR}/owncloud:/var/lib/ocis
    restart: unless-stopped

Web and android work as expected, I get re-auth issues only for desktop.

oidc setup for desktop:

      - id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
        description: ownCloud desktop client
        public: false
        secret: 'UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh'
        consent_mode: pre-configured
        pre_configured_consent_duration: 2M
        audience: [xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69]
        scopes:
          - openid
          - groups
          - profile
          - email
          - offline_access
        redirect_uris:
          - http://127.0.0.1
          - http://localhost

Additional context

Add any other context about the problem here.

Logs from the client, as soon as the pc is booted up (thus no connection). "placeholder" is used to sub my domain

23-02-26 12:46:29:800 [ info sync.clientproxy ]:    Set proxy configuration to use system configuration
23-02-26 12:46:29:816 [ info gui.folder.manager ]:  Schedule folder  "C:/Users/placeholder/ownCloud/Personal/"  to sync!
23-02-26 12:46:29:816 [ info gui.folder.manager ]:  Folder is not ready to sync, not scheduled!
23-02-26 12:46:29:816 [ info gui.folder.manager ]:  Schedule folder  "C:/Users/placeholder/ownCloud/Shares/"  to sync!
23-02-26 12:46:29:816 [ info gui.folder.manager ]:  Folder is not ready to sync, not scheduled!
23-02-26 12:46:29:816 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:46:29:816 [ debug sync.credentials.http ]   [ OCC::HttpCredentials::fetchUser ]:    user already set, no need to fetch from settings
23-02-26 12:46:29:816 [ info sync.credentials.manager ]:    get "ownCloud_credentials:cloud.placeholder.net:ec236fb1-f60d-4d55-80cb-0f5f5157c118:http/oauthtoken"
23-02-26 12:46:29:816 [ debug sync.connectionvalidator ]    [ OCC::ConnectionValidator::checkServer ]:  Checking server and authentication
23-02-26 12:46:29:816 [ debug sync.connectionvalidator ]    [ OCC::ConnectionValidator::checkServer ]:  Trying to look up system proxy
23-02-26 12:46:29:816 [ info gui.socketapi ]:   New connection QLocalSocket(0x2323fbb5b20)
23-02-26 12:46:29:816 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\placeholder\\ownCloud" to QLocalSocket(0x2323fbb5b20)
23-02-26 12:46:29:816 [ debug sync.networkjob.jobqueue ]    [ OCC::JobQueue::block ]:   block: 1 "statusquo@cloud.placeholder.net"
23-02-26 12:46:29:816 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::refreshAuthentication ]:  fetching dynamic registration data
23-02-26 12:46:29:816 [ info sync.credentials.manager ]:    get "ownCloud_credentials:cloud.placeholder.net:ec236fb1-f60d-4d55-80cb-0f5f5157c118:http/clientSecret"
23-02-26 12:46:29:816 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::refreshAuthentication::::operator() ]:    fetched dynamic registration data successfully
23-02-26 12:46:29:816 [ debug sync.credentials.oauth ]  [ `anonymous-namespace'::logCredentialsJobResult ]: credentials job has finished
23-02-26 12:46:29:816 [ critical sync.credentials.oauth ]:  Failed to read client id ""
23-02-26 12:46:29:816 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::fetchWellKnown ]: starting CheckServerJob before fetching "/.well-known/openid-configuration"
23-02-26 12:46:29:832 [ info sync.connectionvalidator ]:    No system proxy set by OS
23-02-26 12:46:30:004 [ info sync.checkserverjob ]: status.php returns:  QJsonDocument({"edition":"Community","installed":true,"maintenance":false,"needsDbUpgrade":false,"product":"Infinite Scale","productname":"Infinite Scale","productversion":"2.0.0+5ad8e283b","version":"10.11.0.0","versionstring":"10.11.0"})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x2323f9ceb50)
23-02-26 12:46:30:004 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::fetchWellKnown::::operator() ]:   CheckServerJob succeeded, fetching "/.well-known/openid-configuration"
23-02-26 12:46:30:004 [ debug sync.credentials.oauth ]  [ OCC::OAuth::fetchWellKnown ]: fetching "/.well-known/openid-configuration"
23-02-26 12:46:30:004 [ info sync.checkserverjob ]: status.php returns:  QJsonDocument({"edition":"Community","installed":true,"maintenance":false,"needsDbUpgrade":false,"product":"Infinite Scale","productname":"Infinite Scale","productversion":"2.0.0+5ad8e283b","version":"10.11.0.0","versionstring":"10.11.0"})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x2323fbcda60)
23-02-26 12:46:30:004 [ info sync.connectionvalidator ]:    ** Application: ownCloud found:  QUrl("https://cloud.placeholder.net/")  with version  "10.11.0"
23-02-26 12:46:30:004 [ debug sync.connectionvalidator ]    [ OCC::ConnectionValidator::reportResult ]: OCC::ConnectionValidator::CredentialsNotReady
23-02-26 12:46:30:004 [ info gui.account.state ]:   AccountState connection status change:  OCC::ConnectionValidator::Undefined -> OCC::ConnectionValidator::CredentialsNotReady
23-02-26 12:46:30:191 [ debug sync.credentials.oauth ]  [ OCC::OAuth::fetchWellKnown::::operator() ]:   parsing .well-known reply successful, auth endpoint QUrl("https://auth.placeholder.net/api/oidc/authorization") and token endpoint QUrl("https://auth.placeholder.net/api/oidc/token") and registration endpoint QUrl("")
23-02-26 12:46:30:191 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::refreshAuthentication::::()::::operator() ]:  registration endpoint not provided or empty: QUrl("")
23-02-26 12:46:30:289 [ debug sync.credentials.http ]   [ OCC::HttpCredentials::fetchUser ]:    user already set, no need to fetch from settings
23-02-26 12:46:30:289 [ info sync.account ]:    Clearing cookies
23-02-26 12:46:30:305 [ info sync.credentials.manager ]:    del "ownCloud_credentials:cloud.placeholder.net:ec236fb1-f60d-4d55-80cb-0f5f5157c118:http/oauthtoken"
23-02-26 12:46:30:305 [ info sync.credentials.manager ]:    removed "ownCloud_credentials:cloud.placeholder.net:ec236fb1-f60d-4d55-80cb-0f5f5157c118:http/oauthtoken"
23-02-26 12:46:32:809 [ info gui.updater ]: Checking for available update
23-02-26 12:46:32:995 [ info gui.updater ]: Version info arrived: Your version: 3.2.0.10193 Skipped version:  Available version:  "" Available version string: "" Web url: "" Download url: ""
23-02-26 12:46:32:995 [ info gui.updater ]: No version information available at the moment
23-02-26 12:47:31:806 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:48:33:802 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:49:35:811 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:50:37:816 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:51:39:813 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:52:41:804 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:53:43:813 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:54:08:707 [ info gui.socketapi ]:   New connection QLocalSocket(0x2323f8898b0)
23-02-26 12:54:08:707 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\placeholder\\ownCloud" to QLocalSocket(0x2323f8898b0)
23-02-26 12:54:08:707 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\placeholder\\ownCloud" to QLocalSocket(0x2323fbb5b20)
23-02-26 12:54:45:815 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:55:30:771 [ warning default ]:    OpenType support missing for "MS Shell Dlg 2", script 20
23-02-26 12:55:30:771 [ warning default ]:    OpenType support missing for "Arial", script 20
23-02-26 12:55:30:772 [ warning default ]:    OpenType support missing for "MS UI Gothic", script 20
23-02-26 12:55:30:772 [ warning default ]:    OpenType support missing for "SimSun", script 20
23-02-26 12:55:33:958 [ info gui.socketapi ]:   Received SocketAPI message <-- "RETRIEVE_FILE_STATUS:C:\\Users\\placeholder\\ownCloud" from QLocalSocket(0x2323fbb5b20)
23-02-26 12:55:33:958 [ info gui.socketapi ]:   Sending SocketAPI message --> "STATUS:NOP:C:\\Users\\placeholder\\ownCloud" to QLocalSocket(0x2323fbb5b20)
23-02-26 12:55:38:206 [ info gui.socketapi ]:   New connection QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:206 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\placeholder\\ownCloud" to QLocalSocket(0x2323f8898b0)
23-02-26 12:55:38:206 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\placeholder\\ownCloud" to QLocalSocket(0x2323fbb5b20)
23-02-26 12:55:38:206 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\placeholder\\ownCloud" to QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:207 [ info gui.socketapi ]:   Received SocketAPI message <-- "V2/GET_CLIENT_ICON:{\"arguments\":{\"size\":16},\"id\":\"0\"}" from QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:207 [ debug gui.socketapi ]   [ OCC::SocketApi::command_V2_GET_CLIENT_ICON ]: void __cdecl OCC::SocketApi::command_V2_GET_CLIENT_ICON(const class QSharedPointer<class OCC::SocketApiJobV2> &) const  got icon from theme:  QIcon(availableSizes[normal,Off]=(QSize(128, 128)),cacheKey=0x200000000)
23-02-26 12:55:38:208 [ info gui.socketapi ]:   Sending SocketAPI message --> "V2/GET_CLIENT_ICON_RESULT:{\"arguments\":{\"png\":\"iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAA7EAAAOxAGVKw4bAAABqElEQVQ4jZ2Sz0uTcRzHX9/Hx/n4hG1uurCh0zFB0REeVPyRxCCCMDwmeNhBvIj/QHTQczDGjiIR3iSNDkEFCupG7pDlQSEoEgxT6jA2nyny+MVvh6Ahz4i59/XD+/V5vz98BLdG2nSXvqhgQAh0ypBSSAEZacuY0JujKQR3yzE6SaRFVXP0otzNpZJolZoBhEDXSg1c1TrTsTG2383zZGbivxDH9qmJUSbHH9LT3Y4QgkhHiGzuhNX0J/YPjhwAR4Lbfh/ZnMWHj3vs7H1j98s+j+4PsrmSxKw1nDX0lqgCCLcGeHCvl8TcDN8PjvB66vB6bgJweal4/T6FaRgkFpZZ39q5WqHGVc3GSpLD498A/Pj5i3BroBhTE4SDAe50hRnuixDsf4xVOCtWME2DBp+b7o4Qr96mcNfdIH9S+AdQSmFfSAAMw8XaUpyh3ggAVZq7be783CZvnRJqaeLz7lc624M8ffYcv6+evFVgNv6CRq8Hs7aG+PxLmvw+lt+sk81ZxRtUqpJ/cC2AUshKzX9fGTKVAgRkNGnLGIr0dZIohUSRlraM/QFdU4n8YwAx9gAAAABJRU5ErkJggg==\"},\"id\":\"0\"}" to QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:208 [ info gui.socketapi ]:   Received SocketAPI message <-- "GET_STRINGS:CONTEXT_MENU_TITLE" from QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:208 [ info gui.socketapi ]:   Sending SocketAPI message --> "GET_STRINGS:BEGIN" to QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:208 [ info gui.socketapi ]:   Sending SocketAPI message --> "STRING:CONTEXT_MENU_TITLE:ownCloud" to QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:208 [ info gui.socketapi ]:   Sending SocketAPI message --> "GET_STRINGS:END" to QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:208 [ info gui.socketapi ]:   Received SocketAPI message <-- "GET_MENU_ITEMS:C:\\Users\\placeholder\\AppData\\Local\\Temp\\ownCloud-logdir\\ownCloud.log" from QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:208 [ info gui.socketapi ]:   Sending SocketAPI message --> "GET_MENU_ITEMS:BEGIN" to QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:208 [ info gui.socketapi ]:   Sending SocketAPI message --> "GET_MENU_ITEMS:END" to QLocalSocket(0x2323fd276a0)
23-02-26 12:55:38:209 [ info gui.socketapi ]:   Lost connection  QLocalSocket(0x2323fd276a0)
23-02-26 12:55:47:814 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:56:49:811 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:57:51:807 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-02-26 12:58:36:745 [ info gui.account.settings ]:    Opening local folder QUrl("file:///C:/Users/placeholder/ownCloud/Personal/")
23-02-26 12:58:39:612 [ info sync.vfs.win ]:    void __cdecl OCC::callbackFetchData(const struct CF_CALLBACK_INFO *,const struct CF_CALLBACK_PARAMETERS *)
23-02-26 12:58:39:613 [ info sync.vfs.win ]:    fetch data request "C:/Users/placeholder/ownCloud/Personal/" "C:\\Users\\placeholder\\ownCloud\\Personal\\BOS.jpg" "3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c!92a26255-9c20-4426-bb1b-7b6a3dcb85b7" 0 111040 0 0 Resume: 0 to 111040 size: 111040
23-02-26 12:58:39:613 [ debug sync.database.sql ]   [ OCC::SqlQuery::prepare ]: SQL prepare "SELECT path, inode, modtime, type, md5, fileid, remotePerm, filesize,  ignoredChildrenRemote, contentchecksumtype.name || ':' || contentChecksum FROM metadata  LEFT JOIN checksumtype as contentchecksumtype ON metadata.contentChecksumTypeId == contentchecksumtype.id WHERE fileid=?1" Try: 0
23-02-26 12:58:39:614 [ debug sync.networkjob.get ] [ OCC::GETFileJob::start ]: QObject(0x0) false false
23-02-26 12:58:39:614 [ info sync.networkjob ]: Created OCC::GETFileJob(OCC::Account("statusquo@cloud.placeholder.net"), "https://cloud.placeholder.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/BOS.jpg", "GET", Original-Request-ID: "18ae5170-11b6-4e5e-924c-574c92b77f4c", X-Request-ID: "18ae5170-11b6-4e5e-924c-574c92b77f4c") for OCC::HydrationContext(0x232404ff3a0)
23-02-26 12:58:39:680 [ debug sync.credentials.http ]   [ OCC::HttpCredentials::slotAuthentication ]:   void __cdecl OCC::HttpCredentials::slotAuthentication(class QNetworkReply *,class QAuthenticator *) QNetworkReplyHttpImpl(0x2323fd26e20)
23-02-26 12:58:39:680 [ debug sync.networkjob.jobqueue ]    [ OCC::JobQueue::retry ]:   Direct retry OCC::GETFileJob(OCC::Account("statusquo@cloud.placeholder.net"), "https://cloud.placeholder.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/BOS.jpg", "GET", Original-Request-ID: "18ae5170-11b6-4e5e-924c-574c92b77f4c", X-Request-ID: "18ae5170-11b6-4e5e-924c-574c92b77f4c", NetworkError: "Host requires authentication")
23-02-26 12:58:39:680 [ info sync.networkjob ]: Restarting OCC::GETFileJob(OCC::Account("statusquo@cloud.placeholder.net"), "https://cloud.placeholder.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/BOS.jpg", "GET", Original-Request-ID: "18ae5170-11b6-4e5e-924c-574c92b77f4c", X-Request-ID: "18ae5170-11b6-4e5e-924c-574c92b77f4c", NetworkError: "Host requires authentication") for the 1 time
23-02-26 12:58:39:680 [ debug sync.networkjob ] [ OCC::AbstractNetworkJob::slotFinished ]:  Queued: OCC::GETFileJob(OCC::Account("statusquo@cloud.placeholder.net"), "https://cloud.placeholder.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/BOS.jpg", "GET", Original-Request-ID: "18ae5170-11b6-4e5e-924c-574c92b77f4c", X-Request-ID: "2a7d1a85-650e-415e-ae81-83fdde0fc6e6") for retry
23-02-26 12:58:39:683 [ debug sync.credentials.http ]   [ OCC::HttpCredentials::slotAuthentication ]:   void __cdecl OCC::HttpCredentials::slotAuthentication(class QNetworkReply *,class QAuthenticator *) QNetworkReplyHttpImpl(0x2323fc26680)
23-02-26 12:58:39:683 [ debug sync.networkjob.jobqueue ]    [ OCC::JobQueue::retry ]:   Direct retry OCC::GETFileJob(OCC::Account("statusquo@cloud.placeholder.net"), "https://cloud.placeholder.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/BOS.jpg", "GET", Original-Request-ID: "18ae5170-11b6-4e5e-924c-574c92b77f4c", X-Request-ID: "2a7d1a85-650e-415e-ae81-83fdde0fc6e6", NetworkError: "Host requires authentication")
23-02-26 12:58:39:683 [ info sync.networkjob ]: Restarting OCC::GETFileJob(OCC::Account("statusquo@cloud.placeholder.net"), "https://cloud.placeholder.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/BOS.jpg", "GET", Original-Request-ID: "18ae5170-11b6-4e5e-924c-574c92b77f4c", X-Request-ID: "2a7d1a85-650e-415e-ae81-83fdde0fc6e6", NetworkError: "Host requires authentication") for the 2 time
23-02-26 12:58:39:683 [ debug sync.networkjob ] [ OCC::AbstractNetworkJob::slotFinished ]:  Queued: OCC::GETFileJob(OCC::Account("statusquo@cloud.placeholder.net"), "https://cloud.placeholder.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/BOS.jpg", "GET", Original-Request-ID: "18ae5170-11b6-4e5e-924c-574c92b77f4c", X-Request-ID: "87ff5c89-549a-4f6f-93d1-cd8d8287df71") for retry

Is there a bug or can you spot something wrong with the logs?

[micbar]

@C8opmBM Maybe I overlooked it, but which Client version are you using?

[C8opmBM]

Latest available 3.2.0.10193

[micbar]

@TheOneRing @michaelstingl Did we encounter similar issues with keycloak or ocis IDP?

[michaelstingl]

I'd recommend to capture HTTP requests and responses in the logs, then check there… https://doc.owncloud.com/desktop/3.2/appendices/troubleshooting.html#log-files

[kehralexander]

I have the same issue with about the same setup with the same client version as OP. I'm using Authentik for oidc.
I've noticed that once a user reauths the session is active for much longer than the first after the initial login.
Here are my logs with Log Http traffic_ on:

23-03-05 20:21:47:270 [ info gui.folder ]:  Trying to check "https://ocis.my.domain/dav/spaces/28d9fbe7-e373-4ee7-991d-57297d79216f$3f2d876d-7329-443e-9bb0-92a4f923355f/" for changes via ETag check. (time since last sync: 310 s)
23-03-05 20:21:47:270 [ info gui.folder ]:  Trying to check "https://ocis.my.domain/dav/spaces/28d9fbe7-e373-4ee7-991d-57297d79216f$9342fe89-8791-455f-bae1-e895cc6aef1c/" for changes via ETag check. (time since last sync: 309 s)
23-03-05 20:21:47:270 [ info gui.folder ]:  Trying to check "https://ocis.my.domain/dav/spaces/28d9fbe7-e373-4ee7-991d-57297d79216f$alexanderkehr/" for changes via ETag check. (time since last sync: 307 s)
23-03-05 20:21:47:270 [ debug gui.folder.manager ]  [ OCC::FolderMan::slotRunOneEtagJob ]:  Scheduling "https://ocis.my.domain/dav/spaces/28d9fbe7-e373-4ee7-991d-57297d79216f$3f2d876d-7329-443e-9bb0-92a4f923355f/" to check remote ETag
23-03-05 20:21:47:270 [ info sync.httplogger ]: "a9c5399a-927a-45ee-8cf0-568e7d3fb5b5: Request: PROPFIND https://ocis.my.domain/dav/spaces/28d9fbe7-e373-4ee7-991d-57297d79216f$3f2d876d-7329-443e-9bb0-92a4f923355f/ Header: { Depth: 0, Prefer: return=minimal, Authorization: Bearer [redacted], User-Agent: Mozilla/5.0 (Windows) mirall/3.2.0.10193 (ownCloud, windows-10.0.19044 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, Content-Type: text/xml; charset=utf-8, X-Request-ID: a9c5399a-927a-45ee-8cf0-568e7d3fb5b5, Original-Request-ID: a9c5399a-927a-45ee-8cf0-568e7d3fb5b5, Content-Length: 108, } Data: [<?xml version=\"1.0\" encoding=\"utf-8\"?><d:propfind xmlns:d=\"DAV:\"><d:prop><d:getetag/></d:prop></d:propfind>\n]"
23-03-05 20:21:47:270 [ info sync.networkjob ]: Created OCC::RequestEtagJob(OCC::Account("Alexander Kehr@ocis.my.domain"), "https://ocis.my.domain/dav/spaces/28d9fbe7-e373-4ee7-991d-57297d79216f$3f2d876d-7329-443e-9bb0-92a4f923355f/", "PROPFIND", Original-Request-ID: "a9c5399a-927a-45ee-8cf0-568e7d3fb5b5", X-Request-ID: "a9c5399a-927a-45ee-8cf0-568e7d3fb5b5") for OCC::Folder(0x1ff7a82d020)
23-03-05 20:21:47:398 [ info sync.httplogger ]: "a9c5399a-927a-45ee-8cf0-568e7d3fb5b5: Response: PROPFIND 401 (Error: Host requires authentication,127ms) https://ocis.my.domain/dav/spaces/28d9fbe7-e373-4ee7-991d-57297d79216f$3f2d876d-7329-443e-9bb0-92a4f923355f/ Header: { Content-Length: 211, Content-Type: text/xml; charset=utf-8, Date: Sun, 05 Mar 2023 19:21:47 GMT, Www-Authenticate: Bearer realm=\"ocis.my.domain\", charset=\"UTF-8\", Strict-Transport-Security: max-age=15552000; includeSubDomains, } Data: [<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<d:error xmlns:d=\"DAV\" xmlns:s=\"http://sabredav.org/ns\"><s:Exception>Sabre\\DAV\\Exception\\PermissionDenied</s:Exception><s:Message>Authentication error</s:Message></d:error>]"
23-03-05 20:21:47:398 [ debug sync.credentials.http ]   [ OCC::HttpCredentials::slotAuthentication ]:   void __cdecl OCC::HttpCredentials::slotAuthentication(class QNetworkReply *,class QAuthenticator *) QNetworkReplyHttpImpl(0x1ff7b34ec00)
23-03-05 20:21:47:398 [ warning sync.credentials.http ]:    Stop request: Authentication failed for  "https://ocis.my.domain/dav/spaces/28d9fbe7-e373-4ee7-991d-57297d79216f$3f2d876d-7329-443e-9bb0-92a4f923355f/" "a9c5399a-927a-45ee-8cf0-568e7d3fb5b5"
23-03-05 20:21:47:398 [ info sync.credentials.http ]:   Refreshing token
23-03-05 20:21:47:398 [ debug sync.networkjob.jobqueue ]    [ OCC::JobQueue::block ]:   block: 1 "Alexander Kehr@ocis.my.domain"
23-03-05 20:21:47:398 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::refreshAuthentication ]:  fetching dynamic registration data
23-03-05 20:21:47:398 [ info sync.credentials.manager ]:    get "ownCloud_credentials:ocis.my.domain:f91047e2-535f-4028-afd0-a2870c3d0bff:http/clientSecret"
23-03-05 20:21:47:398 [ debug sync.networkjob.jobqueue ]    [ OCC::JobQueue::retry ]:   Retry queued OCC::RequestEtagJob(OCC::Account("Alexander Kehr@ocis.my.domain"), "https://ocis.my.domain/dav/spaces/28d9fbe7-e373-4ee7-991d-57297d79216f$3f2d876d-7329-443e-9bb0-92a4f923355f/", "PROPFIND", Original-Request-ID: "a9c5399a-927a-45ee-8cf0-568e7d3fb5b5", X-Request-ID: "a9c5399a-927a-45ee-8cf0-568e7d3fb5b5", NetworkError: "Host requires authentication")
23-03-05 20:21:47:398 [ debug sync.networkjob ] [ OCC::AbstractNetworkJob::slotFinished ]:  Queued: OCC::RequestEtagJob(OCC::Account("Alexander Kehr@ocis.my.domain"), "https://ocis.my.domain/dav/spaces/28d9fbe7-e373-4ee7-991d-57297d79216f$3f2d876d-7329-443e-9bb0-92a4f923355f/", "PROPFIND", Original-Request-ID: "a9c5399a-927a-45ee-8cf0-568e7d3fb5b5", X-Request-ID: "a9c5399a-927a-45ee-8cf0-568e7d3fb5b5", NetworkError: "Host requires authentication") for retry
23-03-05 20:21:47:398 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::refreshAuthentication::::operator() ]:    fetched dynamic registration data successfully
23-03-05 20:21:47:398 [ debug sync.credentials.oauth ]  [ `anonymous-namespace'::logCredentialsJobResult ]: credentials job has finished
23-03-05 20:21:47:398 [ critical sync.credentials.oauth ]:  Failed to read client id ""
23-03-05 20:21:47:398 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::fetchWellKnown ]: starting CheckServerJob before fetching "/.well-known/openid-configuration"
23-03-05 20:21:47:402 [ info sync.httplogger ]: "062c6a50-95e1-49f8-9b64-82dd7b3c22f3: Request: GET https://ocis.my.domain/status.php Header: { OC-Connection-Validator: desktop, Authorization: Bearer [redacted], User-Agent: Mozilla/5.0 (Windows) mirall/3.2.0.10193 (ownCloud, windows-10.0.19044 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 062c6a50-95e1-49f8-9b64-82dd7b3c22f3, Original-Request-ID: 062c6a50-95e1-49f8-9b64-82dd7b3c22f3, } Data: []"
23-03-05 20:21:47:432 [ info sync.httplogger ]: "062c6a50-95e1-49f8-9b64-82dd7b3c22f3: Response: GET 200 (29ms) https://ocis.my.domain/status.php Header: { Access-Control-Allow-Origin: *, Content-Length: 269, Content-Security-Policy: default-src 'none';, Content-Type: application/json, Date: Sun, 05 Mar 2023 19:21:47 GMT, X-Content-Type-Options: nosniff, X-Download-Options: noopen, X-Frame-Options: SAMEORIGIN, X-Permitted-Cross-Domain-Policies: none, X-Robots-Tag: none, X-Xss-Protection: 1; mode=block, Strict-Transport-Security: max-age=15552000; includeSubDomains, } Data: [{\n    \"installed\": true,\n    \"maintenance\": false,\n    \"needsDbUpgrade\": false,\n    \"version\": \"10.11.0.0\",\n    \"versionstring\": \"10.11.0\",\n    \"edition\": \"Community\",\n    \"productname\": \"Infinite Scale\",\n    \"product\": \"Infinite Scale\",\n    \"productversion\": \"2.0.0\"\n}]"
23-03-05 20:21:47:432 [ info sync.checkserverjob ]: status.php returns:  QJsonDocument({"edition":"Community","installed":true,"maintenance":false,"needsDbUpgrade":false,"product":"Infinite Scale","productname":"Infinite Scale","productversion":"2.0.0","version":"10.11.0.0","versionstring":"10.11.0"})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x1ff7b34efc0)
23-03-05 20:21:47:432 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::fetchWellKnown::::operator() ]:   CheckServerJob succeeded, fetching "/.well-known/openid-configuration"
23-03-05 20:21:47:432 [ debug sync.credentials.oauth ]  [ OCC::OAuth::fetchWellKnown ]: fetching "/.well-known/openid-configuration"
23-03-05 20:21:47:432 [ info sync.httplogger ]: "693d2076-8045-4ea0-bb73-2311707fcbdb: Request: GET https://ocis.my.domain/.well-known/openid-configuration Header: { User-Agent: Mozilla/5.0 (Windows) mirall/3.2.0.10193 (ownCloud, windows-10.0.19044 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 693d2076-8045-4ea0-bb73-2311707fcbdb, Original-Request-ID: 693d2076-8045-4ea0-bb73-2311707fcbdb, } Data: []"
23-03-05 20:21:47:865 [ info sync.httplogger ]: "693d2076-8045-4ea0-bb73-2311707fcbdb: Response: GET 200 (433ms) https://ocis.my.domain/.well-known/openid-configuration Header: { Access-Control-Allow-Origin: *, Content-Type: application/json, Date: Sun, 05 Mar 2023 19:21:47 GMT, Referrer-Policy: same-origin, Vary: Accept-Encoding, Cookie, X-Authentik-Id: 5720f11cf3a6460790287c7050f52a67, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-Powered-By: authentik, Transfer-Encoding: chunked, Strict-Transport-Security: max-age=15552000; includeSubDomains, max-age=15552000; includeSubDomains, } Data: [{\n  \"issuer\": \"https://authentik.my.domain/application/o/mink-files-web/\",\n  \"authorization_endpoint\": \"https://authentik.my.domain/application/o/authorize/\",\n  \"token_endpoint\": \"https://authentik.my.domain/application/o/token/\",\n  \"userinfo_endpoint\": \"https://authentik.my.domain/application/o/userinfo/\",\n  \"end_session_endpoint\": \"https://authentik.my.domain/application/o/mink-files-web/end-session/\",\n  \"introspection_endpoint\": \"https://authentik.my.domain/application/o/introspect/\",\n  \"revocation_endpoint\": \"https://authentik.my.domain/application/o/revoke/\",\n  \"device_authorization_endpoint\": \"https://authentik.my.domain/application/o/device/\",\n  \"response_types_supported\": [\n    \"code\",\n    \"id_token\",\n    \"id_token token\",\n    \"code token\",\n    \"code id_token\",\n    \"code id_token token\"\n  ],\n  \"response_modes_supported\": [\n    \"query\",\n    \"fragment\",\n    \"form_post\"\n  ],\n  \"jwks_uri\": \"https://authentik.my.domain/application/o/mink-files-web/jwks/\",\n  \"grant_types_supported\": [\n    \"authorization_code\",\n    \"refresh_token\",\n    \"implicit\",\n    \"client_credentials\",\n    \"password\",\n    \"urn:ietf:params:oauth:grant-type:device_code\"\n  ],\n  \"id_token_signing_alg_values_supported\": [\n    \"RS256\"\n  ],\n  \"subject_types_supported\": [\n    \"public\"\n  ],\n  \"token_endpoint_auth_methods_supported\": [\n    \"client_secret_post\",\n    \"client_secret_basic\"\n  ],\n  \"acr_values_supported\": [\n    \"goauthentik.io/providers/oauth2/default\"\n  ],\n  \"scopes_supported\": [\n    \"profile\",\n    \"email\",\n    \"openid\"\n  ],\n  \"request_parameter_supported\": false,\n  \"claims_supported\": [\n    \"sub\",\n    \"iss\",\n    \"aud\",\n    \"exp\",\n    \"iat\",\n    \"auth_time\",\n    \"acr\",\n    \"amr\",\n    \"nonce\",\n    \"email\",\n    \"email_verified\",\n    \"name\",\n    \"given_name\",\n    \"family_name\",\n    \"preferred_username\",\n    \"nickname\",\n    \"groups\"\n  ],\n  \"claims_parameter_supported\": false\n}]"
23-03-05 20:21:47:865 [ debug sync.credentials.oauth ]  [ OCC::OAuth::fetchWellKnown::::operator() ]:   parsing .well-known reply successful, auth endpoint QUrl("https://authentik.my.domain/application/o/authorize/") and token endpoint QUrl("https://authentik.my.domain/application/o/token/") and registration endpoint QUrl("")
23-03-05 20:21:47:865 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::refreshAuthentication::::()::::operator() ]:  registration endpoint not provided or empty: QUrl("")
23-03-05 20:21:47:865 [ info sync.httplogger ]: "96725b9e-bb86-4626-b628-af497e6a8415: Request: POST https://authentik.my.domain/application/o/token/ Header: { Authorization: Basic [redacted], Content-Type: application/x-www-form-urlencoded; charset=UTF-8, User-Agent: Mozilla/5.0 (Windows) mirall/3.2.0.10193 (ownCloud, windows-10.0.19044 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 96725b9e-bb86-4626-b628-af497e6a8415, Original-Request-ID: 96725b9e-bb86-4626-b628-af497e6a8415, Content-Length: 411, } Data: [client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&client_secret=UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh&scope=openid%20offline_access%20email%20profile&grant_type=refresh_token&refresh_token=9j:%254%7C;-%7BIB]nk+in~pML?XZ.8W%3EYay1)OM%3D%7Cd*6%7BB%3Ce%3Ee*Q~b!rQ%3C%25p$C-5%22O%7CL!$mA%3E%26P1!%5Ep][KP2:%5Cspl%7BCfZhJhudxNYJ@$xX*i'J5-PmR%23Fm'%25w?yZ0K%3DrleP_]"
23-03-05 20:21:47:919 [ info sync.httplogger ]: "96725b9e-bb86-4626-b628-af497e6a8415: Response: POST 400 (Error: Error transferring https://authentik.my.domain/application/o/token/ - server replied: Bad Request,53ms) https://authentik.my.domain/application/o/token/ Header: { Cache-Control: no-store, Content-Encoding: gzip, Content-Type: application/json, Date: Sun, 05 Mar 2023 19:21:47 GMT, Pragma: no-cache, Referrer-Policy: same-origin, Vary: Accept-Encoding, Cookie, X-Authentik-Id: 0df80b30c1514c748b0094d535909820, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-Powered-By: authentik, Strict-Transport-Security: max-age=15552000; includeSubDomains, Access-Control-Allow-Origin: *, } Data: [{\"error\": \"invalid_grant\", \"error_description\": \"The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client\"}]"
23-03-05 20:21:47:919 [ debug sync.credentials.http ]   [ OCC::HttpCredentials::fetchUser ]:    user already set, no need to fetch from settings
23-03-05 20:21:47:919 [ info sync.account ]:    Clearing cookies
23-03-05 20:21:47:919 [ info sync.credentials.manager ]:    del "ownCloud_credentials:ocis.my.domain:f91047e2-535f-4028-afd0-a2870c3d0bff:http/oauthtoken"
23-03-05 20:21:47:919 [ info gui.account.state ]:   Invalid credentials for "https://ocis.my.domain/"
23-03-05 20:21:47:919 [ info gui.account.state ]:   refreshing oauth
23-03-05 20:21:47:919 [ info gui.account.state ]:   refreshing oauth failed
23-03-05 20:21:47:919 [ info gui.account.state ]:   asking user
23-03-05 20:21:47:919 [ info gui.account.state ]:   AccountState state change:  "Connected" -> "Asking Credentials"

[C8opmBM]

Hey, also I captured some http logs, I post the relevant bits (containing some error).

This is done before logging in, so as a new day behaviour. (every morning I need to manually login). If I login once for the day, even if I exit the client, on relaunch, it logins automatically. Next day though, I need to repeat the login procedure.

23-03-05 23:05:01:279 [ debug gui.activity ]    [ OCC::ActivitySettings::slotRefresh ]: Do not check as last check is only secs ago:  0
23-03-05 23:05:01:279 [ debug sync.networkjob ] [ OCC::AbstractNetworkJob::slotFinished ]:  Network job finished OCC::JsonJob(OCC::Account("myuser@cloud.domain.net"), "https://cloud.domain.net/app/list", "GET", Original-Request-ID: "f6ce6e5d-9be6-42f6-a89a-bf943738f5b1", X-Request-ID: "f6ce6e5d-9be6-42f6-a89a-bf943738f5b1")
23-03-05 23:05:01:327 [ info sync.httplogger ]: "cdef4e42-cd68-4207-a8a6-48bf170b32a1: Response: GET 404 (Error: Error transferring https://cloud.domain.net/ocs/v2.php/cloud/activity?page=0&pagesize=100&format=json - server replied: Not Found,57ms) https://cloud.domain.net/ocs/v2.php/cloud/activity?page=0&pagesize=100&format=json Header: { Alt-Svc: h3=\":443\"; ma=2592000, Content-Length: 19, Content-Security-Policy: upgrade-insecure-requests, Content-Type: text/plain; charset=utf-8, Date: Sun, 05 Mar 2023 21:05:01 GMT, Ocs-Api-Version: 2, Permissions-Policy: interest-cohort=(), Referrer-Policy: strict-origin-when-cross-origin, Server: Caddy, Strict-Transport-Security: max-age=31536000;, Vary: Origin, X-Content-Type-Options: nosniff, nosniff, X-Frame-Options: SAMEORIGIN, } Data: [404 page not found\n]"
23-03-05 23:05:01:327 [ info sync.networkjob.jsonapi ]: JsonJob of QUrl("https://cloud.domain.net/ocs/v2.php/cloud/activity?page=0&pagesize=100&format=json") FINISHED WITH STATUS "ContentNotFoundError, Server replied \"404 Not Found\" to \"GET https://cloud.domain.net/ocs/v2.php/cloud/activity?page=0&pagesize=100&format=json\""
23-03-05 23:05:01:327 [ warning sync.networkjob.jsonapi ]:  Network error:  OCC::JsonApiJob(OCC::Account("myuser@cloud.domain.net"), "https://cloud.domain.net/ocs/v2.php/cloud/activity?page=0&pagesize=100&format=json", "GET", Original-Request-ID: "cdef4e42-cd68-4207-a8a6-48bf170b32a1", X-Request-ID: "cdef4e42-cd68-4207-a8a6-48bf170b32a1", NetworkError: "Error transferring https://cloud.domain.net/ocs/v2.php/cloud/activity?page=0&pagesize=100&format=json - server replied: Not Found") "Server replied \"404 Not Found\" to \"GET https://cloud.domain.net/ocs/v2.php/cloud/activity?page=0&pagesize=100&format=json\""
23-03-05 23:05:01:328 [ debug sync.networkjob ] [ OCC::AbstractNetworkJob::slotFinished ]:  Network job finished OCC::JsonApiJob(OCC::Account("myuser@cloud.domain.net"), "https://cloud.domain.net/ocs/v2.php/cloud/activity?page=0&pagesize=100&format=json", "GET", Original-Request-ID: "cdef4e42-cd68-4207-a8a6-48bf170b32a1", X-Request-ID: "cdef4e42-cd68-4207-a8a6-48bf170b32a1", NetworkError: "Error transferring https://cloud.domain.net/ocs/v2.php/cloud/activity?page=0&pagesize=100&format=json - server replied: Not Found")
23-03-05 23:05:02:283 [ debug gui.folder.manager ]  [ OCC::FolderMan::slotStartScheduledFolderSync ]:   folderQueue size:  3
23-03-05 23:05:02:283 [ info gui.folder.manager ]:  Start scheduled sync of "C:/Users/domain/ownCloud/Personal/"
23-03-05 23:05:02:283 [ info gui.socketapi ]:   Sending SocketAPI message --> "UPDATE_VIEW:C:\\Users\\domain\\ownCloud\\Personal" to QLocalSocket(0x2a4459cda90)
23-03-05 23:05:02:283 [ info gui.socketapi ]:   Sending SocketAPI message --> "UPDATE_VIEW:C:\\Users\\domain\\ownCloud\\Personal" to QLocalSocket(0x2a4459ce4f0)
23-03-05 23:05:02:283 [ info gui.socketapi ]:   Sending SocketAPI message --> "UPDATE_VIEW:C:\\Users\\domain\\ownCloud\\Personal" to QLocalSocket(0x2a4459ce610)
23-03-05 23:05:02:284 [ info gui.application ]: Sync state changed for folder  "https://cloud.domain.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/" :  "SyncPrepare"
23-03-05 23:05:02:285 [ info gui.folder ]:  *** Start syncing  "https://cloud.domain.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/" client version "ownCloud 3.2.0.10193 718af2 Libraries Qt 5.15.5, OpenSSL 1.1.1q  5 Jul 2022 Using virtual files plugin: wincfapi windows-10.0.19045"
23-03-05 23:05:02:288 [ info gui.folder ]:  Forbidding local discovery to read from the database
23-03-05 23:05:02:288 [ debug sync.database.sql ]   [ OCC::SqlQuery::prepare ]: SQL prepare "SELECT chunk, transferid, errorcount, size, modtime, contentChecksum, path FROM uploadinfo" Try: 0
23-03-05 23:05:02:288 [ debug sync.localdiscoverytracker ]  [ OCC::LocalDiscoveryTracker::startSyncFullDiscovery ]: full discovery
23-03-05 23:05:02:288 [ info gui.folder.manager ]:  >========== Sync started for folder [ "ownCloud\\Personal" ] of account [ "myuser@cloud.domain.net" ] with remote [ "https://cloud.domain.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/" ]
23-03-05 23:05:02:289 [ info sync.engine ]: There are "729 GB" available at "C:/Users/domain/ownCloud/Personal/"
23-03-05 23:05:02:289 [ info sync.engine ]: Sync with existing sync journal
23-03-05 23:05:02:289 [ info sync.engine ]: Using Qt  5.15.5  SSL library  "OpenSSL 1.1.1q  5 Jul 2022"  on  "Windows 10 Version 2009"
23-03-05 23:05:02:289 [ info sync.engine ]: NOT Using Selective Sync
23-03-05 23:05:02:289 [ info sync.engine ]: #### Discovery start ####################################################
23-03-05 23:05:02:290 [ info sync.engine ]: Server "2.0.0+e63e46618" 
23-03-05 23:05:02:291 [ info sync.discovery ]:  STARTING "" OCC::ProcessDirectoryJob::NormalQuery "" OCC::ProcessDirectoryJob::NormalQuery
23-03-05 23:05:02:291 [ info sync.httplogger ]: "9f861be3-6332-47f3-b5b4-f24b3b49c76f: Request: PROPFIND https://cloud.domain.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/ Header: { Depth: 1, Prefer: return=minimal, Authorization: Bearer [redacted], User-Agent: Mozilla/5.0 (Windows) mirall/3.2.0.10193 (ownCloud, windows-10.0.19045 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, Content-Type: text/xml; charset=utf-8, X-Request-ID: 9f861be3-6332-47f3-b5b4-f24b3b49c76f, Original-Request-ID: 9f861be3-6332-47f3-b5b4-f24b3b49c76f, Content-Length: 467, } Data: [<?xml version=\"1.0\" encoding=\"utf-8\"?><d:propfind xmlns:d=\"DAV:\"><d:prop><d:resourcetype/><d:getlastmodified/><d:getcontentlength/><d:getetag/><id xmlns=\"http://owncloud.org/ns\"/><downloadURL xmlns=\"http://owncloud.org/ns\"/><dDC xmlns=\"http://owncloud.org/ns\"/><permissions xmlns=\"http://owncloud.org/ns\"/><checksums xmlns=\"http://owncloud.org/ns\"/><share-types xmlns=\"http://owncloud.org/ns\"/><data-fingerprint xmlns=\"http://owncloud.org/ns\"/></d:prop></d:propfind>\n]"
23-03-05 23:05:02:291 [ info sync.networkjob ]: Created OCC::PropfindJob(OCC::Account("myuser@cloud.domain.net"), "https://cloud.domain.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/", "PROPFIND", Original-Request-ID: "9f861be3-6332-47f3-b5b4-f24b3b49c76f", X-Request-ID: "9f861be3-6332-47f3-b5b4-f24b3b49c76f") for OCC::DiscoverySingleDirectoryJob(0x2a4460bfa90)
23-03-05 23:05:02:393 [ info sync.httplogger ]: "9f861be3-6332-47f3-b5b4-f24b3b49c76f: Response: PROPFIND 207 (102ms) https://cloud.domain.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/ Header: { Access-Control-Allow-Origin: *, Access-Control-Expose-Headers: Tus-Resumable, Tus-Version, Tus-Extension, Alt-Svc: h3=\":443\"; ma=2592000, Content-Security-Policy: upgrade-insecure-requests, default-src 'none';, Content-Type: application/xml; charset=utf-8, Date: Sun, 05 Mar 2023 21:05:02 GMT, Dav: 1, 3, extended-mkcol, Permissions-Policy: interest-cohort=(), Preference-Applied: return=minimal, Referrer-Policy: strict-origin-when-cross-origin, Server: Caddy, Strict-Transport-Security: max-age=31536000;, Tus-Extension: creation,creation-with-upload,checksum,expiration, Tus-Resumable: 1.0.0, Tus-Version: 1.0.0, Vary: Prefer, X-Content-Type-Options: nosniff, nosniff, X-Download-Options: noopen, X-Frame-Options: SAMEORIGIN, X-Permitted-Cross-Domain-Policies: none, X-Robots-Tag: none, X-Xss-Protection: 1; mode=block, Transfer-Encoding: chunked, } Data: [<d:multistatus xmlns:s=\"http://sabredav.org/ns\" xmlns:d=\"DAV:\" xmlns:oc=\"http://owncloud.org/ns\"><d:response><d:href>/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/</d:href><d:propstat><d:prop><d:resourcetype><d:collection/></d:resourcetype><d:getlastmodified>Wed, 01 Mar 2023 23:32:31 GMT</d:getlastmodified><d:getetag>\"5c3ea74b668de544dbda25147d608195\"</d:getetag><oc:id>3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c!84b97425-0b5f-4132-8fd5-d04ed1defb9c</oc:id><oc:permissions>RDNVCKZ</oc:permissions></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response><d:response><d:href>/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/BOS.jpg</d:href><d:propstat><d:prop><d:resourcetype></d:resourcetype><d:getlastmodified>Fri, 18 Nov 2022 13:16:22 GMT</d:getlastmodified><d:getcontentlength>111040</d:getcontentlength><d:getetag>\"b1d45adb319e9787f97ff4e1a6fa2d51\"</d:getetag><oc:id>3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c!92a26255-9c20-4426-bb1b-7b6a3dcb85b7</oc:id><oc:permissions>RDNVWZ</oc:permissions><oc:checksums><oc:checksum>SHA1:9c1c3cc1908b179ad4d36504f2163938af32c55a MD5:7a6a5ab3298027a2712961998f649ee9 ADLER32:d363caee</oc:checksum></oc:checksums></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response><d:response><d:href>/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/222.png</d:href><d:propstat><d:prop><d:resourcetype></d:resourcetype><d:getlastmodified>Wed, 01 Mar 2023 23:32:31 GMT</d:getlastmodified><d:getcontentlength>97532</d:getcontentlength><d:getetag>\"36ef69ba29640d793d90d358510a5c40\"</d:getetag><oc:id>3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c!a8ae0f1d-d279-4e96-a134-8caf84b86d54</oc:id><oc:permissions>RDNVWZ</oc:permissions><oc:checksums><oc:checksum>SHA1:75c3a76fc11f4f0490fa2c50f994e095313382be MD5:1e69665a94f2d0b8b061179a040bce60 ADLER32:f290bbd0</oc:checksum></oc:checksums></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>]"
23-03-05 23:05:02:393 [ info sync.networkjob.propfind ]:    LSCOL of QUrl("https://cloud.domain.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$84b97425-0b5f-4132-8fd5-d04ed1defb9c/") FINISHED WITH STATUS "OK"

Part 2:

23-03-05 23:14:23:895 [ info gui.folder ]:  Saved folder "C:/Users/domain/ownCloud/Data/" to settings, status QSettings::NoError
23-03-05 23:14:23:895 [ info gui.folder.manager ]:  Schedule folder  "C:/Users/domain/ownCloud/Data/"  to sync!
23-03-05 23:14:23:895 [ info gui.folder.manager ]:  Folder is not ready to sync, not scheduled!
23-03-05 23:14:23:896 [ info gui.application ]: Sync state changed for folder  "https://cloud.domain.net/dav/spaces/3f06c9c0-b4c6-4194-9891-7a85dfe9040f$42863788-76e1-4715-bf11-14204a60f268/" :  "Not yet Started"
23-03-05 23:14:23:897 [ info sync.clientproxy ]:    Set proxy configuration to use system configuration
23-03-05 23:14:23:912 [ info gui.folder.manager ]:  Schedule folder  "C:/Users/domain/ownCloud/Personal/"  to sync!
23-03-05 23:14:23:912 [ info gui.folder.manager ]:  Folder is not ready to sync, not scheduled!
23-03-05 23:14:23:912 [ info gui.folder.manager ]:  Schedule folder  "C:/Users/domain/ownCloud/Shares/"  to sync!
23-03-05 23:14:23:912 [ info gui.folder.manager ]:  Folder is not ready to sync, not scheduled!
23-03-05 23:14:23:913 [ info gui.folder.manager ]:  Schedule folder  "C:/Users/domain/ownCloud/Data/"  to sync!
23-03-05 23:14:23:913 [ info gui.folder.manager ]:  Folder is not ready to sync, not scheduled!
23-03-05 23:14:23:913 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-03-05 23:14:23:913 [ debug sync.credentials.http ]   [ OCC::HttpCredentials::fetchUser ]:    user already set, no need to fetch from settings
23-03-05 23:14:23:913 [ info sync.credentials.manager ]:    get "ownCloud_credentials:cloud.domain.net:ec236fb1-f60d-4d55-80cb-0f5f5157c118:http/oauthtoken"
23-03-05 23:14:23:913 [ debug sync.connectionvalidator ]    [ OCC::ConnectionValidator::checkServer ]:  Checking server and authentication
23-03-05 23:14:23:913 [ debug sync.connectionvalidator ]    [ OCC::ConnectionValidator::checkServer ]:  Trying to look up system proxy
23-03-05 23:14:23:931 [ info gui.socketapi ]:   New connection QLocalSocket(0x1ede36f7040)
23-03-05 23:14:23:931 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\domain\\ownCloud" to QLocalSocket(0x1ede36f7040)
23-03-05 23:14:23:931 [ info gui.socketapi ]:   New connection QLocalSocket(0x1ede36667f0)
23-03-05 23:14:23:931 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\domain\\ownCloud" to QLocalSocket(0x1ede36667f0)
23-03-05 23:14:23:931 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\domain\\ownCloud" to QLocalSocket(0x1ede36f7040)
23-03-05 23:14:23:931 [ info gui.socketapi ]:   New connection QLocalSocket(0x1ede362f120)
23-03-05 23:14:23:931 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\domain\\ownCloud" to QLocalSocket(0x1ede362f120)
23-03-05 23:14:23:931 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\domain\\ownCloud" to QLocalSocket(0x1ede36667f0)
23-03-05 23:14:23:931 [ info gui.socketapi ]:   Sending SocketAPI message --> "REGISTER_PATH:C:\\Users\\domain\\ownCloud" to QLocalSocket(0x1ede36f7040)
23-03-05 23:14:23:932 [ debug sync.networkjob.jobqueue ]    [ OCC::JobQueue::block ]:   block: 1 "myuser@cloud.domain.net"
23-03-05 23:14:23:932 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::refreshAuthentication ]:  fetching dynamic registration data
23-03-05 23:14:23:932 [ info sync.credentials.manager ]:    get "ownCloud_credentials:cloud.domain.net:ec236fb1-f60d-4d55-80cb-0f5f5157c118:http/clientSecret"
23-03-05 23:14:23:932 [ info sync.connectionvalidator ]:    No system proxy set by OS
23-03-05 23:14:23:933 [ info sync.httplogger ]: "25ebd2f2-da00-4d05-9f75-521427605112: Request: GET https://cloud.domain.net/status.php Header: { OC-Connection-Validator: desktop, User-Agent: Mozilla/5.0 (Windows) mirall/3.2.0.10193 (ownCloud, windows-10.0.19045 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 25ebd2f2-da00-4d05-9f75-521427605112, Original-Request-ID: 25ebd2f2-da00-4d05-9f75-521427605112, } Data: []"
23-03-05 23:14:23:934 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::refreshAuthentication::::operator() ]:    fetched dynamic registration data successfully
23-03-05 23:14:23:934 [ debug sync.credentials.oauth ]  [ `anonymous-namespace'::logCredentialsJobResult ]: credentials job has finished
23-03-05 23:14:23:934 [ critical sync.credentials.oauth ]:  Failed to read client id ""
23-03-05 23:14:23:934 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::fetchWellKnown ]: starting CheckServerJob before fetching "/.well-known/openid-configuration"
23-03-05 23:14:23:935 [ info sync.httplogger ]: "c3cfd474-caf5-42a6-8d34-93f1669ce282: Request: GET https://cloud.domain.net/status.php Header: { OC-Connection-Validator: desktop, User-Agent: Mozilla/5.0 (Windows) mirall/3.2.0.10193 (ownCloud, windows-10.0.19045 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: c3cfd474-caf5-42a6-8d34-93f1669ce282, Original-Request-ID: c3cfd474-caf5-42a6-8d34-93f1669ce282, } Data: []"
23-03-05 23:14:23:996 [ info gui.socketapi ]:   Received SocketAPI message <-- "RETRIEVE_FILE_STATUS:C:\\Users\\domain\\ownCloud" from QLocalSocket(0x1ede36667f0)
23-03-05 23:14:23:996 [ info gui.socketapi ]:   Sending SocketAPI message --> "STATUS:NOP:C:\\Users\\domain\\ownCloud" to QLocalSocket(0x1ede36667f0)
23-03-05 23:14:23:998 [ info sync.httplogger ]: "c3cfd474-caf5-42a6-8d34-93f1669ce282: Response: GET 200 (63ms) https://cloud.domain.net/status.php Header: { Access-Control-Allow-Origin: *, Alt-Svc: h3=\":443\"; ma=2592000, Content-Length: 279, Content-Security-Policy: upgrade-insecure-requests, default-src 'none';, Content-Type: application/json, Date: Sun, 05 Mar 2023 21:14:24 GMT, Permissions-Policy: interest-cohort=(), Referrer-Policy: strict-origin-when-cross-origin, Server: Caddy, Strict-Transport-Security: max-age=31536000;, X-Content-Type-Options: nosniff, nosniff, X-Download-Options: noopen, X-Frame-Options: SAMEORIGIN, X-Permitted-Cross-Domain-Policies: none, X-Robots-Tag: none, X-Xss-Protection: 1; mode=block, } Data: [{\n    \"installed\": true,\n    \"maintenance\": false,\n    \"needsDbUpgrade\": false,\n    \"version\": \"10.11.0.0\",\n    \"versionstring\": \"10.11.0\",\n    \"edition\": \"Community\",\n    \"productname\": \"Infinite Scale\",\n    \"product\": \"Infinite Scale\",\n    \"productversion\": \"2.0.0+e63e46618\"\n}]"
23-03-05 23:14:23:998 [ info sync.checkserverjob ]: status.php returns:  QJsonDocument({"edition":"Community","installed":true,"maintenance":false,"needsDbUpgrade":false,"product":"Infinite Scale","productname":"Infinite Scale","productversion":"2.0.0+e63e46618","version":"10.11.0.0","versionstring":"10.11.0"})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x1eddbf0d200)
23-03-05 23:14:23:998 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::fetchWellKnown::::operator() ]:   CheckServerJob succeeded, fetching "/.well-known/openid-configuration"
23-03-05 23:14:23:998 [ debug sync.credentials.oauth ]  [ OCC::OAuth::fetchWellKnown ]: fetching "/.well-known/openid-configuration"
23-03-05 23:14:23:998 [ info sync.httplogger ]: "b875d371-badf-4805-938e-eedcd716cff4: Request: GET https://cloud.domain.net/.well-known/openid-configuration Header: { User-Agent: Mozilla/5.0 (Windows) mirall/3.2.0.10193 (ownCloud, windows-10.0.19045 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: b875d371-badf-4805-938e-eedcd716cff4, Original-Request-ID: b875d371-badf-4805-938e-eedcd716cff4, } Data: []"
23-03-05 23:14:24:000 [ info sync.httplogger ]: "25ebd2f2-da00-4d05-9f75-521427605112: Response: GET 200 (67ms) https://cloud.domain.net/status.php Header: { Access-Control-Allow-Origin: *, Alt-Svc: h3=\":443\"; ma=2592000, Content-Length: 279, Content-Security-Policy: upgrade-insecure-requests, default-src 'none';, Content-Type: application/json, Date: Sun, 05 Mar 2023 21:14:24 GMT, Permissions-Policy: interest-cohort=(), Referrer-Policy: strict-origin-when-cross-origin, Server: Caddy, Strict-Transport-Security: max-age=31536000;, X-Content-Type-Options: nosniff, nosniff, X-Download-Options: noopen, X-Frame-Options: SAMEORIGIN, X-Permitted-Cross-Domain-Policies: none, X-Robots-Tag: none, X-Xss-Protection: 1; mode=block, } Data: [{\n    \"installed\": true,\n    \"maintenance\": false,\n    \"needsDbUpgrade\": false,\n    \"version\": \"10.11.0.0\",\n    \"versionstring\": \"10.11.0\",\n    \"edition\": \"Community\",\n    \"productname\": \"Infinite Scale\",\n    \"product\": \"Infinite Scale\",\n    \"productversion\": \"2.0.0+e63e46618\"\n}]"
23-03-05 23:14:24:000 [ info sync.checkserverjob ]: status.php returns:  QJsonDocument({"edition":"Community","installed":true,"maintenance":false,"needsDbUpgrade":false,"product":"Infinite Scale","productname":"Infinite Scale","productversion":"2.0.0+e63e46618","version":"10.11.0.0","versionstring":"10.11.0"})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x1eddbf0d600)
23-03-05 23:14:24:000 [ info sync.connectionvalidator ]:    ** Application: ownCloud found:  QUrl("https://cloud.domain.net/")  with version  "10.11.0"
23-03-05 23:14:24:000 [ debug sync.connectionvalidator ]    [ OCC::ConnectionValidator::reportResult ]: OCC::ConnectionValidator::CredentialsNotReady
23-03-05 23:14:24:000 [ info gui.account.state ]:   AccountState connection status change:  OCC::ConnectionValidator::Undefined -> OCC::ConnectionValidator::CredentialsNotReady
23-03-05 23:14:24:060 [ info gui.socketapi ]:   Received SocketAPI message <-- "RETRIEVE_FILE_STATUS:C:\\Users\\domain\\ownCloud" from QLocalSocket(0x1ede36667f0)
23-03-05 23:14:24:060 [ info gui.socketapi ]:   Sending SocketAPI message --> "STATUS:NOP:C:\\Users\\domain\\ownCloud" to QLocalSocket(0x1ede36667f0)
23-03-05 23:14:24:100 [ info sync.httplogger ]: "b875d371-badf-4805-938e-eedcd716cff4: Response: GET 200 (101ms) https://cloud.domain.net/.well-known/openid-configuration Header: { Alt-Svc: h3=\":443\"; ma=2592000, Cache-Control: no-store, Content-Security-Policy: upgrade-insecure-requests, default-src 'none';, Content-Type: application/json; charset=utf-8, Date: Sun, 05 Mar 2023 21:14:23 GMT, Permissions-Policy: interest-cohort=(), interest-cohort=(), Pragma: no-cache, Referrer-Policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin, Server: Caddy, Caddy, Strict-Transport-Security: max-age=31536000;, max-age=31536000, Vary: Accept-Encoding, Accept-Encoding, X-Content-Type-Options: nosniff, nosniff, X-Frame-Options: SAMEORIGIN, X-Xss-Protection: 1; mode=block, Transfer-Encoding: chunked, } Data: [{\"issuer\":\"https://auth.domain.net\",\"jwks_uri\":\"https://auth.domain.net/jwks.json\",\"authorization_endpoint\":\"https://auth.domain.net/api/oidc/authorization\",\"token_endpoint\":\"https://auth.domain.net/api/oidc/token\",\"subject_types_supported\":[\"public\"],\"response_types_supported\":[\"code\",\"token\",\"id_token\",\"code token\",\"code id_token\",\"token id_token\",\"code token id_token\",\"none\"],\"response_modes_supported\":[\"form_post\",\"query\",\"fragment\"],\"scopes_supported\":[\"offline_access\",\"openid\",\"profile\",\"groups\",\"email\"],\"claims_supported\":[\"amr\",\"aud\",\"azp\",\"client_id\",\"exp\",\"iat\",\"iss\",\"jti\",\"rat\",\"sub\",\"auth_time\",\"nonce\",\"email\",\"email_verified\",\"alt_emails\",\"groups\",\"preferred_username\",\"name\"],\"introspection_endpoint\":\"https://auth.domain.net/api/oidc/introspection\",\"revocation_endpoint\":\"https://auth.domain.net/api/oidc/revocation\",\"code_challenge_methods_supported\":[\"S256\"],\"require_pushed_authorization_requests\":false,\"userinfo_endpoint\":\"https://auth.domain.net/api/oidc/userinfo\",\"id_token_signing_alg_values_supported\":[\"RS256\"],\"userinfo_signing_alg_values_supported\":[\"none\",\"RS256\"],\"request_object_signing_alg_values_supported\":[\"none\",\"RS256\"],\"request_uri_parameter_supported\":false,\"require_request_uri_registration\":false,\"claims_parameter_supported\":false,\"frontchannel_logout_supported\":false,\"frontchannel_logout_session_supported\":false,\"backchannel_logout_supported\":false,\"backchannel_logout_session_supported\":false}]"
23-03-05 23:14:24:100 [ debug sync.credentials.oauth ]  [ OCC::OAuth::fetchWellKnown::::operator() ]:   parsing .well-known reply successful, auth endpoint QUrl("https://auth.domain.net/api/oidc/authorization") and token endpoint QUrl("https://auth.domain.net/api/oidc/token") and registration endpoint QUrl("")
23-03-05 23:14:24:100 [ debug sync.credentials.oauth ]  [ OCC::AccountBasedOAuth::refreshAuthentication::::()::::operator() ]:  registration endpoint not provided or empty: QUrl("")
23-03-05 23:14:24:101 [ info sync.httplogger ]: "950739de-3aca-44fb-958c-93804137d858: Request: POST https://auth.domain.net/api/oidc/token Header: { Authorization: Basic [redacted], Content-Type: application/x-www-form-urlencoded; charset=UTF-8, User-Agent: Mozilla/5.0 (Windows) mirall/3.2.0.10193 (ownCloud, windows-10.0.19045 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 950739de-3aca-44fb-958c-93804137d858, Original-Request-ID: 950739de-3aca-44fb-958c-93804137d858, Content-Length: 340, } Data: [client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&client_secret=UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh&scope=openid%20offline_access%20email%20profile&grant_type=refresh_token&refresh_token=authelia_rt_ub_pG83v6XCJMNTskHLeXB2imdWtgmtfpgb8YMsv29s.JSCsDa3Wna0Wi9ubeSj_CFw5PsThazagpcbK2vaj5m8]"
23-03-05 23:14:24:210 [ info sync.httplogger ]: "950739de-3aca-44fb-958c-93804137d858: Response: POST 200 (109ms) https://auth.domain.net/api/oidc/token Header: { Alt-Svc: h3=\":443\"; ma=2592000, Cache-Control: no-store, Content-Encoding: gzip, Content-Security-Policy: default-src 'none';, Content-Type: application/json;charset=UTF-8, Date: Sun, 05 Mar 2023 21:14:23 GMT, Permissions-Policy: interest-cohort=(), Pragma: no-cache, Referrer-Policy: strict-origin-when-cross-origin, Server: Caddy, Strict-Transport-Security: max-age=31536000, Vary: Accept-Encoding, Origin, Accept-Encoding, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Xss-Protection: 1; mode=block, } Data: [{\"access_token\":\"authelia_at_Sm5OcrM3zgDTR_Gaes0bJqBlKhKjXqv-8gOuST9_eSI.BfNWKIU132Ajems2y9WPE9POfegFAFKey9ko8_m0j9A\",\"expires_in\":3599,\"id_token\":\"eyJhbGciOiJSUzI1NiIsImtpZCI6IjE3OWFmYyIsInR5cCI6IkpXVCJ9.eyJhbXIiOlsicHdkIiwib3RwIiwibWZhIl0sImF0X2hhc2giOiJNQlBEOEFtVFo4YXk2bXk1dTVvNVJ3IiwiYXVkIjpbInhkWE90MTNKS3h5bTFCMVFjRW5jZjJYRGtMQWV4TUJGd2lUOWo2RWZoaEhGSmhzMktNOWpialRtZjhKQlhFNjkiXSwiYXV0aF90aW1lIjoxNjc3MjgwNTYzLCJhenAiOiJ4ZFhPdDEzSkt4eW0xQjFRY0VuY2YyWERrTEFleE1CRndpVDlqNkVmaGhIRkpoczJLTTlqYmpUbWY4SkJYRTY5IiwiY2xpZW50X2lkIjoieGRYT3QxM0pLeHltMUIxUWNFbmNmMlhEa0xBZXhNQkZ3aVQ5ajZFZmhoSEZKaHMyS005amJqVG1mOEpCWEU2OSIsImVtYWlsIjoid2ViQGlydmkubmV0IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTY3ODA1NDQ2NCwiaWF0IjoxNjc4MDUwODY0LCJpc3MiOiJodHRwczovL2F1dGgucG96ei5uZXQiLCJqdGkiOiJmZWNlZGQwNy05YjNmLTRmMjgtOWM2OC0xYmU5YTc2MmFjN2MiLCJuYW1lIjoic3RhdHVzIHF1byIsInByZWZlcnJlZF91c2VybmFtZSI6ImdvZG1vZGUiLCJyYXQiOjE2NzgwNTAzMDAsInN1YiI6Ijk1NTI3Y2VmLWRhYzEtNDQwNy1hM2JlLTRiNjEzZThmYzU0MSJ9.T5KzlabK3EJD5_WeGL49sHoZM81QLOJYKTazwnhtEEkvXpmCaj3y2j9hk03OXMPFtkNxLreqjURfHJKwkcp4X_lMVZWZwb6kpV8Bsjeja5xEA1lgx1KqNXs8WF-kMwyHQJdoidRgXU49lQO6LUan96aUeWyN4oneHgff5QE6G3PGOy329cMi0_kbBJIqP1jOg5bMu7rHYkkLckrTzUz3tXofixTbn-VmPfec7QH0GHZ2GKOmZs0jOKPAzfsOqxH7GKwKjZVt5IHqQMVroy6TpIKOkIHhhtKfOBpSGTYVN2fo3OSZs7Wo3_dQ9qNeza83EtXO3kF7Pl8c-n6V_o-sxXydxoqLVMwyuEDNcBZCjbAft5XheKFvUzSuF7I4KEhVNP5OT6r3wv7iLBfvuz0ug5JRQE8cKz0FTIofkBnoEYGP4aV4uCykqFl7K9hWVVqV6wP5PsujijPWIvU0ZqyAIAWvdZzxOkomLuzHJS1oU6yeWEVmTe_1Gg6KrU0GLa6kf1iGynePceZ9rQuPInew4wvGLzC2oINJgC39CyUD2DvlHfa0alHaHF7bTRcN-qfVI91YjCQAJUf4QPBFcwmDUV-uWRfV5E4h_fmvzvB_VXBnVlyVWCZDuxNDLP4o3oyoJXNgzivoJKd_vA3iyINHr_202PEWPWRChzrH9MXXpJ0\",\"refresh_token\":\"authelia_rt_TA9t06C7zO8Sp_Ou-T_nuPUF2fxHaV9EQXZRQiTpH5E.BCGOAShbp9sMozyppYRT6pEI3sOWWPEGXvuwPMj9dFU\",\"scope\":\"openid offline_access email profile\",\"token_type\":\"bearer\"}]"
23-03-05 23:14:24:210 [ debug gui.account.manager ] [ OCC::AccountManager::saveAccount ]:   Saving account "https://cloud.domain.net/"
23-03-05 23:14:24:210 [ info gui.account.manager ]: Saving  0  unknown certs.
23-03-05 23:14:24:213 [ debug gui.account.manager ] [ OCC::AccountManager::saveAccount ]:   Saved account settings, status: QSettings::NoError
23-03-05 23:14:24:213 [ info sync.credentials.manager ]:    set "ownCloud_credentials:cloud.domain.net:ec236fb1-f60d-4d55-80cb-0f5f5157c118:http/oauthtoken"
23-03-05 23:14:24:213 [ info gui.account.state ]:   Fetched credentials for "https://cloud.domain.net/" attempting to connect
23-03-05 23:14:24:213 [ warning gui.account.state ]:    checkConnectivity blocking: false
23-03-05 23:14:24:213 [ debug sync.connectionvalidator ]    [ OCC::ConnectionValidator::checkServer ]:  Checking server and authentication
23-03-05 23:14:24:213 [ debug sync.connectionvalidator ]    [ OCC::ConnectionValidator::checkServer ]:  Trying to look up system proxy
23-03-05 23:14:24:213 [ debug sync.networkjob.jobqueue ]    [ OCC::JobQueue::unblock ]: unblock: 0 "myuser@cloud.domain.net"
23-03-05 23:14:24:216 [ info sync.credentials.manager ]:    added "ownCloud_credentials:cloud.domain.net:ec236fb1-f60d-4d55-80cb-0f5f5157c118:http/oauthtoken"
23-03-05 23:14:24:216 [ info sync.connectionvalidator ]:    No system proxy set by OS
23-03-05 23:14:24:217 [ info sync.httplogger ]: "f4e682eb-6b27-49a2-9083-254607c2b449: Request: GET https://cloud.domain.net/status.php Header: { OC-Connection-Validator: desktop, Authorization: Bearer [redacted], User-Agent: Mozilla/5.0 (Windows) mirall/3.2.0.10193 (ownCloud, windows-10.0.19045 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: f4e682eb-6b27-49a2-9083-254607c2b449, Original-Request-ID: f4e682eb-6b27-49a2-9083-254607c2b449, } Data: []"
23-03-05 23:14:24:276 [ info sync.httplogger ]: "f4e682eb-6b27-49a2-9083-254607c2b449: Response: GET 200 (58ms) https://cloud.domain.net/status.php Header: { Access-Control-Allow-Origin: *, Alt-Svc: h3=\":443\"; ma=2592000, Content-Length: 279, Content-Security-Policy: upgrade-insecure-requests, default-src 'none';, Content-Type: application/json, Date: Sun, 05 Mar 2023 21:14:24 GMT, Permissions-Policy: interest-cohort=(), Referrer-Policy: strict-origin-when-cross-origin, Server: Caddy, Strict-Transport-Security: max-age=31536000;, X-Content-Type-Options: nosniff, nosniff, X-Download-Options: noopen, X-Frame-Options: SAMEORIGIN, X-Permitted-Cross-Domain-Policies: none, X-Robots-Tag: none, X-Xss-Protection: 1; mode=block, } Data: [{\n    \"installed\": true,\n    \"maintenance\": false,\n    \"needsDbUpgrade\": false,\n    \"version\": \"10.11.0.0\",\n    \"versionstring\": \"10.11.0\",\n    \"edition\": \"Community\",\n    \"productname\": \"Infinite Scale\",\n    \"product\": \"Infinite Scale\",\n    \"productversion\": \"2.0.0+e63e46618\"\n}]"
23-03-05 23:14:24:276 [ info sync.checkserverjob ]: status.php returns:  QJsonDocument({"edition":"Community","installed":true,"maintenance":false,"needsDbUpgrade":false,"product":"Infinite Scale","productname":"Infinite Scale","productversion":"2.0.0+e63e46618","version":"10.11.0.0","versionstring":"10.11.0"})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x1ede3c51390)
23-03-05 23:14:24:276 [ info sync.connectionvalidator ]:    ** Application: ownCloud found:  QUrl("https://cloud.domain.net/")  with version  "10.11.0"
23-03-05 23:14:24:276 [ debug sync.connectionvalidator ]    [ OCC::ConnectionValidator::checkAuthentication ]:  # Check whether authenticated propfind works.

[IljaN]

@m3shat Thanks for the logs:

The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client

The info returned by the IDP is vague on purpose for security reasons. Could you please check the Authentik logs if there is a more specific reason somewhere?

[michaelstingl]

Here is a successful Authentik setup: https://helgeklein.com/blog/owncloud-infinite-scale-with-openid-connect-authentication-for-home-networks/

[michaelstingl]

Related:

• https://github.com/owncloud/ocis/issues/5740

[IljaN]

@C8opmBM The log you provided does not seem to contain any authentication issues. Maybe it is from a different timespan? Could you please provide following values from your Authelia config to make sure that the tokens didn't expire?

access_token_lifespan
authorize_code_lifespan
id_token_lifespan
refresh_token_lifespan

The documented defaults seem to be pretty short, see: https://www.authelia.com/configuration/identity-providers/open-id-connect . Maybe the token expires while the machine is off?

[C8opmBM]

@IljaN It's possible that the logs got mixed up a bit, I will try to look more into it and post the logs again.

As for the token values from Authelia, I have the default ones. Should I attempt to try different configuration for them? You think token expired? It shouldn't as the refresh token has 30 minutes more than the others.

identity_providers:
  oidc:
    access_token_lifespan: 1h
    authorize_code_lifespan: 1m
    id_token_lifespan: 1h
    refresh_token_lifespan: 90m

@michaelstingl I'm aslo using the guide from your link for deploying ocis with Authelia and Caddy v2. No issues except the the desktop client. I don't know if this is an Authelia thing, but as @m3shat pointed out, it also happens with Authentik.

[michaelstingl]

    refresh_token_lifespan: 90m

refresh_token shouldn't expire. Desktop client persists the refresh_token in system keychain, to query a new access_token at startup (hours, days or weeks later). Whenever refresh_token expires, desktop client will trigger a new login.

[C8opmBM]

Is the refresh token causing this issue then? So I should increase the refresh token lifespan to an acceptable timeframe (say 1 week?).

https://docs.apigee.com/api-platform/antipatterns/oauth-long-expiration

[michaelstingl]

Use case for short lifespan is only, if you require your users to login very often (security policies etc) Desktop clients send scope=offline_access, so they expect tokens don't expire.

• https://auth0.com/learn/refresh-tokens
• https://www.keycloak.org/docs/latest/server_admin/index.html#_offline-access

[kehralexander]

Refresh Token validity is set to 30 days in my Authentik configuration:
Sadly I wan't able to extract more meaningful logs from my authentik instance, I don't see the _invalidgrant response in my logs (neither webui nor container logs) - will have to investigate that further...

I've also noticed that logging out from the computer/windows account and logging back in immediately will also invalidate the login. This also happens when putting the users laptop to standby for a few minutes.

[michaelstingl]

@m3shat I did check your /.well-known/openid-configuration from the log in https://github.com/owncloud/ocis/issues/5653#issuecomment-1455182903 :

  \"scopes_supported\": [
    \"profile\",
    \"email\",
    \"openid\"
  ],

offline_access is missing?? Pre-2023.2 Authentik version? (see https://goauthentik.io/docs/releases/2023.2)

You can compare with other oCIS examples:

• Konnect: https://ocis.ocis-traefik.released.owncloud.works/.well-known/openid-configuration
• Keycloak: https://ocis.ocis-keycloak.released.owncloud.works/.well-known/openid-configuration

[C8opmBM]

Thank you @michaelstingl I updated my refresh token lifespan to 3 months. Will report back tomorrow if the behaviour is changed. refresh_token_lifespan: 3M

[kehralexander]

@michaelstingl Oh, good find! I did not notice that I don't see or know of any way to set the _scopessupported in the /.well-known/openid-configuration I am running 2023.2.2, the oidc provider has also been created on this version. Successfully authorized requests look like this in Authentiks logs:

Context
{
    "flow": "b640213dfb7f45f480af50fe2fbbc69f",
    "scopes": "openid offline_access email profile",
    "http_request": {
        "args": {
            "query": "response_type=code&client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&redirect_uri=http%3A%2F%2F127.0.0.1%3A39883&code_challenge=[...redacted...]&code_challenge_method=S256&scope=openid+offline_access+email+profile&prompt=select_account+consent&state=[...redacted...]&login_hint=alexanderkehr&user=alexanderkehr"
        },
        "path": "/api/v3/flows/executor/default-provider-authorization-explicit-consent/",
        "method": "GET"
    },
    "authorized_application": {
        "pk": "33b72f0f1a614be0ad6437937d4ac213",
        "app": "authentik_core",
        "name": "Files (Desktop)",
        "model_name": "application"
    }
}
[...]

So what might be happening is that Authentik ignores the _offlineaccess scope? looking forward to hear from @C8opmBM tomorrow, maybe it's an authentik specific issue and needs to be taken care of on their side

[C8opmBM]

I confirm my client was automatically logged in this morning.

Therefore, in my case, the issue was with Authelia refresh_token_lifespan being too short lived. Thank you for your help. I suspect in @m3shat 's case, something similar could occur with Authentik.

[michaelstingl]

Desktop clients will prompt for new login in 3M. (refresh_token_lifespan: 3M)

➡️ works as designed ✅

[mtthidoteu]

Refresh Token validity is set to 30 days in my Authentik configuration: Sadly I wan't able to extract more meaningful logs from my authentik instance, I don't see the _invalidgrant response in my logs (neither webui nor container logs) - will have to investigate that further...

I've also noticed that logging out from the computer/windows account and logging back in immediately will also invalidate the login. This also happens when putting the users laptop to standby for a few minutes.

Did you ever fix this?