Login with Nextcloud

[sunjam]

Oauth would Nextcloud users to log into Pepperminty-wiki. Relates to the roadmap for possible future integration with Nextcloud.

• Explanation of options for creating basic Oauth access
• Documentation on Nextcloud Oauth for external applications
  • Oauth access tokens can be generated within Nextcloud

[sbrl]

Hey there - thanks for opening this issue @sunjam! Sorry I'm late replying here - October is a busy month over in tldr-pages because of hacktoberfest.

OAuth2 support would be nice, but it's pretty complicated the last time I looked into it - I'd prefer to use a library to handle the backend complexities of OAuth2. Do you know of any super lightweight ones (i.e. a single file) at all?

I'm also somewhat wary about this bit in the documentation you link to:

Without scopes and restrictable access it is not recommended to use a Nextcloud instance as a user authentication service.

I wonder if it's possible to, as soon as the OAuth2 process has been completed and the user is logged in, to throw away the OAuth2 login token and maintain our own internal state there for security reasons - since the nextcloud docs say that the token given to us by them has the potential for full read/write access to the user's Nextcloud account, which we don't want to have.

[sunjam]

In that case I'll close this due to security concern. Thanks.

[sbrl]

Oh, no worries @sunjam! OAuth2 is definitely something I'd like to look at in the future, maybe as part of a larger login overhaul. If possible, LDAP support would be nice too - perhaps we could design sort of a plugin-based login system.

To address what I think is your original intent, login with Nextcloud is something we definitely need to tackle. Perhaps this issue could be reopened and renamed to Login with Nextcloud instead?