Access Nextcloud Data from an external Web App (Single Page Application)

Hey there,

I am a Web Developer (React, Angular, etc.) and I would like create some Apps and access data of my Nextcloud instance. An example would be a Cookbook SPA or a bookmark SPA to use on my mobile phone (I don’t have Android or Apple).

I did some research and also found a lot of documentation (e.g. Clients and Client APIs — Nextcloud latest Developer Manual latest documentation ), but most of the stuff is for Android development. The closest thing I found is the “Login flow v2”. I did some local tests, but I always run into CORS problems, e.g. the endpoint does not even allow an OPTIONS call. Other REST API’s respond to the OPTIONS call with a 302 redirect to the login page, which is not even allowed in CORS.

So is there a proper way for external Web Apps to authenticate against a nextcloud instance? Has somebody ever done something similar?

What do you use for your mobile phone?

I am sorry, that’s just wrong, my fault. I do use Android, but no Google and no Google Play Store. I also do have access to some existing F-Droid Apps (e.g. Cookbook, Bookmarks), but they do not fit my needs. But actually it doesn’t matter.
My business is to develop PWA (Progressive Web Apps) and I am not a big fan of native Apps.
I definitely do not want to discuss pros/cons of PWA and native Apps here, but for instance my wife is using Apple and there are no native apps for my examples for iOS, so a simple Web App would be perfect (and also not a very big deal to develop). But therefore I need to login from a client, which is not hosted on the same domain, to be able to use the corresponding REST Api’s.

Hmm, perhaps this can go in the Development section of the forum? Might get a few more relevant eyes there.

Talking out my ears here, but login flow v1 docs say to “set the OCS-APIREQUEST header to true.” Any chance that applies to v2 as well?

The other thing I’d say is: have you considered deploying these web apps to your Nextcloud server? I know that doing this disables some useful security protections, but it’s worth considering. You could deploy them by adding an alias in your web server config, or by setting them up as ‘proper’ Nextcloud web apps, if you’re so inclined.