webdav bearer auth problem

Hello,

Big thanks for your plugin and the new ability to connect via webdav, that's amazing.

I have LemonLdap as my IDP and Nextcloud / Roundcube behind. I configured the Roundcube carddav plugin in order to have Nc addressbooks automatically added to Roundcube sessions using bearer auth.

I were able to make it work, but to achieve that, I had to hack a line in "./lib/Service/LoginService.php" (line 86),

From this:
$uid = $profile[$attr['id']];
To this:
$uid = $profile['sub'];

The problem is it couldn't retrieve my uid from the profile data. And I don't know if it's a problem with the code or a bad configuration from me in LemonLdap (I'll tend for the latter)

Here are the data the class loginService has:

Array attr:
  id => preferred_username
  name => name
  mail => email
  quota => nextCloudQuota
  home => homeDirectory
  ldap_uid => uid            ( the option "oidc_login_proxy_ldap" is set to false in Nc config)
  groups => groupsNc
  is_admin => adminNc

Array profile:
  jti => 9cb97612.........086edb95
  iat => 163.....856
  aud => Array
  aud_0 => rp-roundcube
  aud_rp-roundcube => rp-roundcube
  aud_1 => rp-nextcloud
  aud_rp-nextcloud => rp-nextcloud
  iss => https://auth.mydomain.tld
  scope => email profile openid
  client_id => rp-roundcube
  sub => test1
  exp => 1636047456

The line 86 is trying to get the uid from "$profile[$attr['id']]" ( = $profile["preferred_username"]), but the profile array doesn't include that information, so the uid is null and an error is returned.

If I change line 86 by "$uid = $profile['sub'];", then it works and my addressbook is auto added in my Roundcube.

Why can't Nextcloud ask for the "preferred_username" value to the Idp (LemonLdap). That attribute is in the scope. And Nc is able to retrieve it when I connect to the web Ui.

At this point, I'm uncertain what path to take to fix this.

Thanks, Kenny

pulsejet / nextcloud-oidc-login

webdav bearer auth problem #129