Please support Nextclouds SingleSignOn SSO


  • developer

    What do you think of this solution:

    In the normal DAVx⁵ Login activity, there’s no special “Login with Nextcloud”. However, when the activity is launched from the Nextcloud app with a certain parameter, DAVx⁵ will show a special “Login with Nextcloud” fragment. This fragment then uses Nextcloud Login flow in a WebView to support two-factor auth without the need of app-specific passwords.



  • Hm… I think it is better than the current app-specific-password but worse than Single-Sign-On.
    So if you are not able to implement Single-Sign-On, I would be more happy about this solution, than the current situation with the app-specific-password, of course.
    Nonetheless, thank you for thinking over it!

    What about this: When launching the activity from the Nextcloud app with a certain parameter, DAVx^5 will show a Single-Sign-on-with-Nextcloud-popup instead of the Nextcloud Login flow?


  • developer

    @szaimen said in Please support Nextclouds SingleSignOn SSO:

    What about this: When launching the activity from the Nextcloud app with a certain parameter, DAVx^5 will show a Single-Sign-on-with-Nextcloud-popup instead of the Nextcloud Login flow?

    What would be the advantage? A Nextcloud developer told me that Login flow would be the preferred way for third party apps to access Nextcloud, because it allows access to features like remote wipe (= just disable the auth token for a specific app). For me, it makes sense to separate access permission for the various apps.



  • The main advantage would be, that I than do not have to enter my username, password and 2FA for each app, that I want to use. When using more than a few Nextcloud-Apps it gets very fast really annoying, when I have to login into every single one.
    So the more apps support SSO, the better it gets from a user’s point of view.
    Look at Google Apps and Services: there is a reason you do not have to think about login into every Google Service you want to use anymore: it is just fast and very convenient - I am not saying, that everything they are doing is great, but this ist just really nice.

    Also I do not know, if remote wipe is not supported with SSO. Because of that I created an issue here: Issue and ask there for a clear statement on that. Maybe remote wipe is possible but then with just one click for every service, that is connected with this one app-specific-password. Because e.g. why should I disconnect and remote wipe every single app, that I connected on that special device I have lost, if i can do this with just one click?

    Also if you support remote wipe you most likely have to implement it into your app.
    But I know many other services that can do that just better and these do not have to be implemented for each app, because they work for the whole OS.
    So why not using this time and implementing SSO instead of the Nextcloud Login flow with remote wipe?



  • @rfc2822 said in Please support Nextclouds SingleSignOn SSO:

    Currently there are indeed some limitations in-place when using SSO which seem unlikely to be solved in the “near” future - some of them include remote wipe and push notifications.

    Do you need them or not is up to you, but that’s just how it is which is why I still recommend the login flow.

    Signed: Nextcloud developer™


  • developer

    @mario I have now implemented the Login flow as recommended and it works fine 🙂 I’m especially happy that I now can use 2FA without having to transfer the app password manually. However the Webview method with the redirect to nc:// doesn’t work with Android 10 (and maybe 9); I will have to find out why. Do you know anything about it?



  • @rfc2822 where can I get the source for this to help you debug?


  • developer

    I have pushed it to the https://gitlab.com/bitfireAT/davx5-ose/tree/nc-login-flow-ose branch. I hope it’s working (not the development repo). To start the Intent, I use adb shell am start-activity -d https://nextcloud.example.com/index.php/login/flow --ei loginFlow 1 --es davPath remote.php/dav/ at.bitfire.davdroid/at.bitfire.davdroid.ui.setup.LoginActivity



  • @rfc2822 tested on both 9 and 10 and the redirect works as expected 😕


  • developer

    @mario Thanks for testing. I have set up the emulator again and now it works. Maybe there was something wrong with the image (there was also an image update from Android SDK).

    So I think this will make it to the next DAVx⁵ beta. Then I’ll document it and suggest it to the Nextcloud app so that they can call the new Intent 🙂


Log in to reply
 

Similar topics