Connecting existing account to new OIDC provider doesn't seem to work

[skuzzle]

I'm currently migrating from Keycloak to Authentik (https://github.com/goauthentik/authentik) as primary OIDC provider. I would like to keep the existing user accounts in nextcloud, but connect them to the new OIDC provider. I assumed that the following should be possible:

1. Add Authentik as second OIDC provider in global Social Login settings
2. Login with keycloak
3. At the user's Social Login settings page, connect this user account with the new Authentik OIDC provider
4. Now it should be possible to login with either keycloak or Authentik, both resolving to the same nextcloud user.

When I try to connect a user account with the new Authentik provider, the Social Login plugin presents the current access token (obtained from keycloak) to the new provider's user info end point. This, of course, fails as the Authentik instance can not make sense of keycloak access tokens.

My naive understanding of the feature was that it should start a normal login flow with the new provider, in order to obtain the authorization and subsequently the user's ID within the new provider's database.

I'm running Nextcloud version 22.2.3 with Social Login version 4.10.0, self hosted on Docker Swarm with traefik as reverse proxy.

[zorn-v]

My naive understanding of the feature was that it should start a normal login flow with the new provider, in order to obtain the authorization and subsequently the user's ID within the new provider's database.

Yes, it should work like this. Try update to v4.10.1

[skuzzle]

Just tried and it works now, big thx for the fast support. This issue was driving me nuts because I thought I had a misconfiguration in the new OIDC provider