Android app: Weird "login token is invalid or has expired" error since 3.30

Hi!

I am trying to login via the Android client to a (not self-hosted, so I don’t have direct access to the server logs) Nextcloud, running server version 28.0.12. Unfortunately when I enter the URL and the login process switches to the webbrowser, I immediately get an Access denied - Your login token is invalid or has expired. I don’t even get to see the login credentials fields.

What I tried: Changed the standard browser between Firefox and Chrome. Lowered the browsing security and cookie settings. Reinstalled the app. Tried on multiple devices, namely a Unihertz Titan Pocket with Android 11 and a Samsung Galaxy Tab A7 Lite.

The problem arises with a change in the login handling of the client. Up to version 3.29, the login prompt opens directly within the app. Starting from 3.30 (which is only on F-Droid and not yet distributed by Google Play), the app passes the login procedure on to the system browser where then the error occurs.

What works is to use an older version of the app, login there and then update to the most recent version of the Nextcloud client for Android.

What also works is to add a device password manually in the web interface and then login via scanning the QR code in the app. Unfortunately this doesn’t work on my Samsung tablet because in the app the camera doesn’t focus correctly and/or only delivers a very low resolution. Login via webbrowser (for the web interface) works also well.

What makes things weird is that it works well if I try to connect to a different server URL. It also works if I use the Nextcloud client in an emulated Android system on the computer.

I can only imagine some problem on the server side, refusing the new login workflow for these devices that I have been using for a long time now. Maybe there is some kind of blacklist? Or a problem with passing on the tokens between app, browser and server in this specific server version?

Thanks for any advice. If somebody can tell me what exactly to look for in the server logs, I could also pass that on to the admins.