pulsejet
commented
9 months ago Can you try removing the return type of getTokenProfile? YOu may need to restart the php server after this to clear the opcache.
Open klasyc opened 9 months ago
pulsejet
commented
9 months ago Can you try removing the return type of getTokenProfile? YOu may need to restart the php server after this to clear the opcache.
klasyc
commented
9 months ago I had to remove:
lib/WebDAV/BasicAuthBackend.php line 75 (already mentioned above).lib/Provider/OpenIDConnectClient.php::getTokenProfile().lib/Service/LoginService.php::login() function.lib/Service/LoginService.php::flatten() function.Then the basic authentication for WebDAV started to work.
After removing the same type check at lib/WebDAV/BearerAuthBackend.php line 76 also the Bearer authentication started to work.
pulsejet
commented
9 months ago Thanks for helping debug this. Can you revert your changes (just uninstall / re-install the app maybe) and test this patch? https://github.com/pulsejet/nextcloud-oidc-login/commit/ac62355682673be1248c793c254bd4b3d9d3446f
klasyc
commented
9 months ago Hi, I re-created the docker container and applied your patch. Basic authorization works fine, but bearer token does not work - I always get error 401.
pulsejet
commented
9 months ago Does removing the type check in bearerauthbackend fix this? Maybe the event is something else...
klasyc
commented
9 months ago No, it does not help. Perhaps there is some issue in the token validation...
pulsejet
commented
9 months ago That's .. weird. That commit changed nothing related to tokens
klasyc
commented
8 months ago After the next round of testing, I finally got it working. Your patch was OK, but my access token was not. The iss and aud fields had wrong values because of bad Keycloak configuration. Unfortunately, the server did not give me helpful error messages, which made me think the plugin is broken... Could you turn your commit into a new release?
vlntnpprwrk
commented
8 months ago +1, do you think this fix will be turned into a release soon ? Got the same problem with WebDAV login since Nextcloud 27 upgrade
pulsejet
commented
8 months ago 3.0.2 is up
SpiderD555
commented
4 months ago I have just made a test with 3.0.2 sitting on Nextcloud 28.0.4 and Authentik 2024.2.3 along with app password - tested with Joplin. I can confirm it works, although the app password for now is limited in duration to 30 minutes until the next release of Authentik 2024.4
Hello,
I am trying to configure Nextcloud 27 to authenticate against Keycloak 23 for development purposes. I run both applications inside docker containers, the Nextcloud is a clean
nextcloud:latestdocker image withnextcloud-oidc-loginapp installed. Web authentication works as expected, but I am not able to get the WebDAV authentication working.I enabled the WebDAV authentication in the
config.php:And now I am trying to use the basic WebDAV authentication via
curl:I am getting error 401 for my Keycloak user, but the request succeeds for the
adminuser, which has a native Nextcloud account.To investigate further, I checked if the
BasicAuthBackend::handle()method correctly registers the OIDC backend, but I found out that the initial event check fails because the event is of classOCP\SabrePluginEventand not the\OCA\DAV\Events\SabrePluginAuthInitEventin my case. Therefore, the OIDC backend is not registered at all and authentication, of course, fails.Then I tried to comment out the type check, but I finished with the following exception:
OCA\OIDCLogin\Provider\OpenIDConnectClient::getTokenProfile(): Return value must be of type array, stdClass returned.I checked the JWT passed to the
getTokenProfile()method, and it is valid according to jwt.io. Since the exception is thrown by thedecodeJWT()method which comes from the 3rd party library, it seems like some kind of interface incompatibility...Could you help me to troubleshoot the WebDAV authentication?