1

I would like to develop an application (NodeJS, vueJS, postgreSQL) that uses the nextcloud user accounts. The idea is that the user authenticates with his nextcloud ID, and can then access both nextcloud and my website. Note that my application is not a nextcloud module or nextcloud application. It’s a full web site, but I would like to base it on nextcloud to identify the user

I did some research on the web, but I did not find a simple explanation of how to do it … is it possible?

Olivier

Ikit
  • 31
  • 1
  • 4

1 Answers1

2

There are a few different approaches that you can take in order to authenticate users of an external app via an account in your nextcloud instance. These include:

  1. Creating a custom app in your nextcloud instance that your website would redirect users to. Said custom app would then (upon successful authentication inside nextcloud) redirect the user back to your application with an access token (for instance as a GET url query parameter). Your website's backend would then send a request to and API endpoint hosted by the custom app in order to determine the validity of received token (not recommended, I will explain why in a second).
  2. Asking the user for their nextcloud login credentials and attempting to login via IMAP, SMB or FTP in order to determine validity of provided credentials. This option is not recommended, since it requires the user to expose their credentials to your website's backend.
  3. Using an approach somewhat similar to 1) without reinventing the wheel - thanks to the fact that Nextcloud supports external authentication via OAuth 2.0

Using OAuth 2.0 would allow your website to authenticate users externally via your nextcloud instance.

Here is how that would work in your case:

  1. Your websites redirects the user to the OAuth authorization endpoint (can be done via a plain link) of your nextcloud instance (nextcloud-instance-address/index.php/apps/oauth2/authorize) while identifying itself using a Client Identifier
  2. Nextcloud instance takes care of authentication (the users sees a regular login screen with additional info regarding the fact that your website wants to access their account)
  3. Upon successful login, the nextcloud instance generates a request token and redirects the user back to your website (to a specified Redirection URI)
  4. Your website retrieves the request token (it gets it via Redirection URI) and sends it to your Nextcloud instance's token endpoint (your-instance-address/index.php/apps/oauth2/api/v1/token) with Client secret key. Your website acquires access token as a response.
  5. Your website can now use the access token (as bearer token) to make authorized requests to the User provisioning API of your nextcloud instance nextcloud-instance-address/index.php/ocs/v2.php/cloud/user?format=json

It's a good idea to store the access token in a cookie-based session.

Setup is quite simple (at least on the side of your nextcloud instance) - you have to add your website in Administrator Security Settings section of nextcloud's admin account. You will have to specify the Redirection URI which your website will use to retrieve the request token upon successful login. The Client secret key and Client Identifier will both be generated for you in nextcloud's admin panel.

This tutorial will help you with creating your webiste's backend in node.js. In your case The consumer is your website and The service provider is your nextcloud instance.

Feel free to ask if something seems unclear. Good luck and happy coding!

Paweł Kuffel
  • 451
  • 2
  • 5
  • Merci beaucoup ! Thanks a lot for your complete answer :) I will try the OAuth2 solution – Ikit May 24 '19 at 10:03