2FA and synchronization with apple calendar and contacts

2FA with TOTP (Google Ais working fine for the web interface. But when I activate the 2fa the synchronization of my calendar and contacts on my apple devices give problems. It is impossible to establish a connection, due to wrong credentials.
How do I put the 2fa code of Google Authentication in the password of the DAV-account of my apple devices?

The usual way here is, to use app passwords.
You login to the server via browser (with 2FA), go to Settings -> Security.
There is an input text field, where you can enter an app name. Enter something like “iPhone DAV” and hit the button right next to it (generate app password or something like that).

A generate, random password will be shown to you. Copy that password (, safe it in your password store, if you have one) and use that app password on your apple device.
If you have another device (say tablet), you create an additional app password for this device as well.


Thank you! All is working well now. Good to experience this forum offers such a quick response.

1 Like

We try to and give our best :slight_smile:

1 Like

Btw, if anybody has ideas for how we can improve this in the future please let me know! It’s unfortunately often assumed that apps can still use the login password, although that defeats the purpose of 2FA. Would be awesome if there was a (technical) way to make this set up error a bit less confusing for end users.

Hi @ChristophWurst

I just checked on the desktop client for Linux and saw the input fields named “Username” and “App Token”. This is a very good start in my opinion, to make clear this is not the usual user password which is required here. I hope that’s the case in every client - I can’t check.
In addition to that I suggest some information button (i) next to the password field, which can either be clicked or just hovered to open a small balloon tip with a short explanation what the app token is.

Another idea (maybe in addition) is, to place an hyperlink somewhere on that login screen (where the app password is required), which directly leads to the Settings / Security page (server.tld/settings/user/security - or with an hook directly to that input field), so that user’s who didn’t know yet, where to setup an app password, are directly guided to the correct spot.
Of course, they probably need to login there in the browser first (if not already), but they know how to do that at least.

I hope it’s somehow comprehensible what I mean :slight_smile:

Hi @ChristophWurst

Just wanted to ask if you received the notification and read my answer. Is this something to consider or are there concerns about the ideas?


yes, I have. Thanks.

If the user is on the web interface, yeah, we can do a bit better with some text or links. But if they just try to set up Nextcloud on their phone and enter the login password, there isn’t much we can do.

Hi all
This doe not work for me.
I’m trying to ync my nextcloud contacts in thunderbird with cardBook, so I created a new addressbook and tried to link it with my dav contacts that I got from the contact book app in nextcloud (copy link at the bottom left) : https://nextcloud.mydomain/remote.php/dav/addressbooks/users/me/contacts/ then I go the security page and generate a password that I’m uing in the cardbook form with my user…
It fails (validation error) :frowning:
Anything I’m doing wrong?
(It worked before I use totp)

1 Like