Android Talk app unable to add account using OpenIdConnect provider

Nextcloud version (eg, 29.0.5): 29.0.2
Operating system and version (eg, Ubuntu 24.04): community docker
Apache or nginx version (eg, Apache 2.4.25): community docker
PHP version (eg, 8.3): 8.2

Talk app on Android (Pixel 6a) is unable to add an account on NC instance with external authentication (user_oidc with OpenID Connect on keycloak IdP).

Steps to replicate it:

  1. start Talk on Android
  2. choose “add account” (another account exists)
  3. enter NC fqdn
  4. or login flow starts,
    • website with “login” and “grant access” button appears,
    • MFA requirement of IdP
    • connect FIDO2 key and confirm login
    • login flow completes without issues
  5. app returns to account picker dialog, new account is not added

Server configuration detail

expand
## Server configuration detail

**Operating system:** Linux 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64

**Webserver:** Unknown (cli)

**Database:** pgsql PostgreSQL 15.7 (Debian 15.7-1.pgdg120+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit

**PHP version:** 8.2.20

Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, ctype, curl, dom, fileinfo, filter, hash, iconv, json, mbstring, SPL, session, PDO, pdo_sqlite, standard, posix, random, readline, Reflection, Phar, SimpleXML, tokenizer, xml, xmlreader, xmlwriter, mysqlnd, apcu, bcmath, exif, ftp, gd, gmp, imagick, intl, ldap, memcached, pcntl, pdo_mysql, pdo_pgsql, redis, sodium, sysvsem, zip, Zend OPcache

**Nextcloud version:** 29.0.2 - 29.0.2.2

**Updated from an older Nextcloud/ownCloud or fresh install:**

**Where did you install Nextcloud from:** unknown

<details><summary>Signing status</summary>

[]
</details>

<details><summary>List of activated apps</summary>

Enabled:

  • activity: 2.21.1
  • admin_audit: 1.19.0
  • bookmarks: 14.2.2
  • bruteforcesettings: 2.9.0
  • calendar: 4.7.6
  • cfg_share_links: 5.1.0
  • cloud_federation_api: 1.12.0
  • comments: 1.19.0
  • contacts: 6.0.0
  • contactsinteraction: 1.10.0
  • dav: 1.30.1
  • federatedfilesharing: 1.19.0
  • federation: 1.19.0
  • files: 2.1.0
  • files_downloadlimit: 2.0.0
  • files_external: 1.21.0
  • files_pdfviewer: 2.10.0
  • files_reminders: 1.2.0
  • files_sharing: 1.21.0
  • files_trashbin: 1.19.0
  • files_versions: 1.22.0
  • forms: 4.2.4
  • groupfolders: 17.0.1
  • logreader: 2.14.0
  • lookup_server_connector: 1.17.0
  • mail: 3.7.1
  • maps: 1.4.0
  • memories: 7.3.1
  • notifications: 2.17.0
  • notify_push: 0.6.12
  • oauth2: 1.17.0
  • password_policy: 1.19.0
  • photos: 2.5.0
  • polls: 7.1.1
  • privacy: 1.13.0
  • provisioning_api: 1.19.0
  • recognize: 7.0.0
  • related_resources: 1.4.0
  • richdocuments: 8.4.3
  • serverinfo: 1.19.0
  • settings: 1.12.0
  • sharebymail: 1.19.0
  • sharelisting: 1.2.0
  • snappymail: 2.36.3
  • spreed: 19.0.3
  • support: 1.12.0
  • survey_client: 1.17.0
  • systemtags: 1.19.0
  • text: 3.10.0
  • theming: 2.4.0
  • theming_customcss: 1.16.0
  • twofactor_backupcodes: 1.18.0
  • twofactor_nextcloud_notification: 3.9.0
  • twofactor_totp: 11.0.0-dev
  • twofactor_webauthn: 1.4.0
  • user_oidc: 5.0.2
  • user_status: 1.9.0
  • viewer: 2.3.0
  • workflowengine: 2.11.0
    Disabled:
  • analytics: 4.13.0
  • circles: 0.19.11
  • dashboard: 7.3.0
  • encryption
  • files_accesscontrol: 1.19.1
  • firstrunwizard: 2.10.0
  • impersonate: 1.16.0
  • nextcloud_announcements: 1.12.0
  • notes: 4.10.0
  • recommendations: 1.1.0
  • suspicious_login: 5.0.0
  • tasks: 0.16.0
  • twofactor_admin: 4.5.0
  • updatenotification: 1.13.0
  • user_ldap
  • weather_status: 1.1.0
</details>

<details><summary>Configuration (config/config.php)</summary>

{
“instanceid”: “REMOVED SENSITIVE VALUE”,
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“trusted_domains”: [
“nc.mydomain.tld”
],
“datadirectory”: “REMOVED SENSITIVE VALUE”,
“dbtype”: “pgsql”,
“version”: “29.0.2.2”,
“overwrite.cli.url”: “https://nc.mydomain.tld”,
“dbname”: “REMOVED SENSITIVE VALUE”,
“dbhost”: “REMOVED SENSITIVE VALUE”,
“dbport”: “”,
“dbtableprefix”: “oc_”,
“mysql.utf8mb4”: true,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“installed”: true,
“htaccess.RewriteBase”: “/”,
“memcache.local”: “\OC\Memcache\APCu”,
“apps_paths”: [
{
“path”: “/var/www/html/apps”,
“url”: “/apps”,
“writable”: false
},
{
“path”: “/var/www/html/custom_apps”,
“url”: “/custom_apps”,
“writable”: true
}
],
“overwritehost”: “nc.mydomain.tld”,
“overwriteprotocol”: “https”,
“trusted_proxies”: “REMOVED SENSITIVE VALUE”,
“maintenance”: false,
“loglevel”: “2”,
“mail_smtpmode”: “smtp”,
“mail_smtpsecure”: “ssl”,
“mail_sendmailmode”: “smtp”,
“mail_from_address”: “REMOVED SENSITIVE VALUE”,
“mail_domain”: “REMOVED SENSITIVE VALUE”,
“mail_smtpauthtype”: “PLAIN”,
“mail_smtpauth”: 1,
“mail_smtphost”: “REMOVED SENSITIVE VALUE”,
“mail_smtpport”: “465”,
“mail_smtpname”: “REMOVED SENSITIVE VALUE”,
“mail_smtppassword”: “REMOVED SENSITIVE VALUE”,
“app_install_overwrite”: {
“3”: “groupfolders”,
“4”: “impersonate”,
“5”: “sharelisting”,
“6”: “memories”,
“7”: “cfg_share_links”,
“8”: “spreed”,
“9”: “richdocuments”
},
“memcache.distributed”: “\OC\Memcache\Redis”,
“memcache.locking”: “\OC\Memcache\Redis”,
“redis”: {
“host”: “REMOVED SENSITIVE VALUE”,
“password”: “REMOVED SENSITIVE VALUE”,
“port”: 6379
},
“theme”: “”,
“default_phone_region”: “CH”,
“allow_local_remote_servers”: true,
“serverinfo”: {
“token”: “lmFaJ6JXR5e8wxCuyfSn”
},
“session_keepalive”: “true”,
“memories.exiftool”: “/var/www/html/custom_apps/memories/bin-ext/exiftool-amd64-glibc”,
“preview_max_x”: 1400,
“preview_max_y”: 800,
“preview_max_scale_factor”: “1”,
“jpeg_quality”: 60,
“memories.vod.path”: “/var/www/html/custom_apps/memories/bin-ext/go-vod-amd64”,
“enabledPreviewProviders”: [
“OC\Preview\MP3”,
“OC\Preview\TXT”,
“OC\Preview\MarkDown”,
“OC\Preview\OpenDocument”,
“OC\Preview\Krita”,
“OC\Preview\Imaginary”,
“OC\Preview\JPEG”,
“OC\Preview\PNG”,
“OC\Preview\BMP”,
“OC\Preview\MP3”,
“OC\Preview\TXT”,
“OC\Preview\MarkDown”
],
“preview_concurrency_all”: “12”,
“preview_concurrency_new”: “8”,
“preview_imaginary_url”: “REMOVED SENSITIVE VALUE”,
“log_rotate_size”: 52428800,
“preview_max_memory”: 1024,
“memories.vod.qf”: 25,
“maintenance_window_start”: “2”,
“simpleSignUpLink.shown”: “false”,
“memories.db.triggers.fcu”: true,
“upgrade.disable-web”: “false”,
“user_oidc”: {
“use_pkce”: true
}
}

</details>

**Cron Configuration:** Array
(
    [backgroundjobs_mode] => cron
    [lastcron] => 1721812206
)


**External storages:** yes

<details><summary>External storage configuration</summary>

±---------±------------±--------±--------------------±--------------------------±--------±-----------------±-------------------±------+
| Mount ID | Mount Point | Storage | Authentication Type | Configuration | Options | Applicable Users | Applicable Groups | Type |
±---------±------------±--------±--------------------±--------------------------±--------±-----------------±-------------------±------+
| 9 | /media | Local | None | datadir: “/mnt/media/” | | | Willi und Kristina | Admin |
±---------±------------±--------±--------------------±--------------------------±--------±-----------------±-------------------±------+

</details>

**Encryption:** no

**User-backends:**
 * OCA\UserOIDC\User\Backend
 * OC\User\Database


**Talk configuration:**

STUN servers
 * stun.nextcloud.com:443

TURN servers
 * turn:nc.mydomain.tld:3478 - udp,tcp

Signaling servers (mode: default):
 * SIP dialin is disabled
 * SIP dialout is disabled
 * no custom server configured

Recording servers:
 * Recording is enabled
 * Recording consent is set to "default"
 * no recording server configured


**Browser:** unknown

The output of your Apache/nginx/system log in /var/log/____:

app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:10 +0000] "GET /login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn HTTP/1.1" 303 918 "https://nc.mydomain.tld/index.php/login/flow" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:10 +0000] "GET /login?redirect_url=/login/flow/grant?clientIdentifier%3D%26user%3D%26direct%3D0%26stateToken%3Dsq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn HTTP/1.1" 302 1024 "https://nc.mydomain.tld/index.php/login/flow" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:10 +0000] "GET /apps/user_oidc/login/5?redirectUrl=/login/flow/grant?clientIdentifier%3D%26user%3D%26direct%3D0%26stateToken%3Dsq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn HTTP/1.1" 303 1564 "https://nc.mydomain.tld/index.php/login/flow" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:30 +0000] "GET /apps/user_oidc/code?state=ZTI9VHN5EZT88O5X3JYY4JEES682G835&session_state=58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765&iss=https%3A%2F%2Flogin.mydomain.tld%2Frealms%2Fmydomain.tld&code=7a29bf08-899f-4255-8972-393c93d9c260.58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765.abb6bb52-30e2-47a2-baf6-520f98e0c6ec HTTP/1.1" 303 2027 "-" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn HTTP/1.1" 200 13485 "-" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /core/js/login/grant.js?v=74fd81b2-57 HTTP/1.1" 200 807 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /apps/theming/theme/default.css?plain=1&v=7e32f2db HTTP/1.1" 200 1913 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /custom_apps/spreed/js/talk-search.js?v=74fd81b2-57 HTTP/1.1" 200 61775 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /apps/theming/theme/dark.css?plain=0&v=7e32f2db HTTP/1.1" 200 1910 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /apps/theming/theme/opendyslexic.css?plain=0&v=7e32f2db HTTP/1.1" 200 1169 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /apps/theming/theme/light.css?plain=0&v=7e32f2db HTTP/1.1" 200 1937 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /apps/theming/theme/dark.css?plain=1&v=7e32f2db HTTP/1.1" 200 1887 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /js/core/merged-template-prepend.js?v=74fd81b2-57 HTTP/1.1" 304 871 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /apps/theming/theme/light-highcontrast.css?plain=0&v=7e32f2db HTTP/1.1" 200 1983 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /apps/theming/theme/dark-highcontrast.css?plain=1&v=7e32f2db HTTP/1.1" 200 1978 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /apps/theming/theme/light.css?plain=1&v=7e32f2db HTTP/1.1" 200 1913 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /apps/theming/theme/dark-highcontrast.css?plain=0&v=7e32f2db HTTP/1.1" 200 1998 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:31 +0000] "GET /apps/theming/image/background?v=57 HTTP/1.1" 304 1577 "https://nc.mydomain.tld/core/css/guest.css?v=74fd81b2-57" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:32 +0000] "GET /apps/theming/theme/light-highcontrast.css?plain=1&v=7e32f2db HTTP/1.1" 200 1963 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:32 +0000] "GET /apps/theming/favicon?v=7e32f2db HTTP/1.1" 304 847 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.203 - - [24/Jul/2024:20:38:35 +0000] "GET /csrftoken HTTP/1.1" 200 893 "https://nc.mydomain.tld/apps/spreed/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:36 +0000] "GET /core/img/loading-small.gif HTTP/1.1" 200 2233 "https://nc.mydomain.tld/core/css/guest.css?v=74fd81b2-57" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:36 +0000] "POST /login/flow HTTP/1.1" 303 988 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - - [24/Jul/2024:20:38:36 +0000] "GET /apps/theming/favicon?v=7e32f2db HTTP/1.1" 304 2168 "https://nc.mydomain.tld/login/flow/grant?clientIdentifier=&user=&direct=0&stateToken=sq1SZvWm5MUYvugf8xXZc2cZUyZwLUvAN7FY7YbebrMzObvugxBLQmcHKpszNEsn" "Google Pixel 6a (Nextcloud Talk)"
app-1  | 192.x.x.243 - willi [24/Jul/2024:20:38:36 +0000] "GET /ocs/v2.php/apps/spreed/api/v1/federation/invitation HTTP/1.1" 200 2602 "-" "Mozilla/5.0 (Android) Nextcloud-Talk v19.0.1"
app-1  | 192.x.x.243 - willi [24/Jul/2024:20:38:36 +0000] "POST /ocs/v2.php/apps/notifications/api/v2/push?devicePublicKey=-----BEGIN%20PUBLIC%20KEY-----%0AM...QAB%0A-----END%20PUBLIC%20KEY-----&proxyServer=https%3A%2F%2Fpush-notifications.nextcloud.com&format=json&pushTokenHash=00bce268276e114818fefc7d34b2ea1996b79609a71569a2a4583a3638e19fdf5649d8add71b82448db287a6c0e2c8ba4542ee85deb70b240810b2b9cc0e1c6d HTTP/1.1" 201 3370 "-" "Mozilla/5.0 (Android) Nextcloud-Talk v19.0.1"

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

{
  "time": "2024-07-24T20:38:30+00:00",
  "remoteIp": "192.x.x.243",
  "userAgent": "Google Pixel 6a (Nextcloud Talk)",
  "url": "/apps/user_oidc/code?state=ZTI9VHN5EZT88O5X3JYY4JEES682G835&session_state=58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765&iss=https%3A%2F%2Flogin.mydomain.tld%2Frealms%2Fmydomain.tld&code=7a29bf08-899f-4255-8972-393c93d9c260.58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765.abb6bb52-30e2-47a2-baf6-520f98e0c6ec",
  "message": "Undefined array key \"street_address\" at /var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php#212"
}
{
  "time": "2024-07-24T20:38:30+00:00",
  "remoteIp": "192.x.x.243",
  "userAgent": "Google Pixel 6a (Nextcloud Talk)",
  "url": "/apps/user_oidc/code?state=ZTI9VHN5EZT88O5X3JYY4JEES682G835&session_state=58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765&iss=https%3A%2F%2Flogin.mydomain.tld%2Frealms%2Fmydomain.tld&code=7a29bf08-899f-4255-8972-393c93d9c260.58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765.abb6bb52-30e2-47a2-baf6-520f98e0c6ec",
  "message": "Undefined array key \"postal_code\" at /var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php#213"
}
{
  "time": "2024-07-24T20:38:30+00:00",
  "remoteIp": "192.x.x.243",
  "userAgent": "Google Pixel 6a (Nextcloud Talk)",
  "url": "/apps/user_oidc/code?state=ZTI9VHN5EZT88O5X3JYY4JEES682G835&session_state=58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765&iss=https%3A%2F%2Flogin.mydomain.tld%2Frealms%2Fmydomain.tld&code=7a29bf08-899f-4255-8972-393c93d9c260.58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765.abb6bb52-30e2-47a2-baf6-520f98e0c6ec",
  "message": "Undefined array key \"locality\" at /var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php#213"
}
{
  "time": "2024-07-24T20:38:30+00:00",
  "remoteIp": "192.x.x.243",
  "userAgent": "Google Pixel 6a (Nextcloud Talk)",
  "url": "/apps/user_oidc/code?state=ZTI9VHN5EZT88O5X3JYY4JEES682G835&session_state=58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765&iss=https%3A%2F%2Flogin.mydomain.tld%2Frealms%2Fmydomain.tld&code=7a29bf08-899f-4255-8972-393c93d9c260.58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765.abb6bb52-30e2-47a2-baf6-520f98e0c6ec",
  "message": "Undefined array key \"region\" at /var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php#214"
}
{
  "time": "2024-07-24T20:38:30+00:00",
  "remoteIp": "192.x.x.243",
  "userAgent": "Google Pixel 6a (Nextcloud Talk)",
  "url": "/apps/user_oidc/code?state=ZTI9VHN5EZT88O5X3JYY4JEES682G835&session_state=58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765&iss=https%3A%2F%2Flogin.mydomain.tld%2Frealms%2Fmydomain.tld&code=7a29bf08-899f-4255-8972-393c93d9c260.58ebf9c6-3ab0-4bf3-b2af-5f4d4bf5f765.abb6bb52-30e2-47a2-baf6-520f98e0c6ec",
  "message": "Undefined array key \"country\" at /var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php#215"
}
{
  "time": "2024-07-24T20:40:42+00:00",
  "remoteIp": "192.x.x.243",
  "userAgent": "Mozilla/5.0 (Android) Nextcloud-android/3.29.2",
  "url": "/remote.php/dav/uploads/willi/16cd9ad14ae792411b2f4588ea3dd0ea/000002",
  "message": "Expected filesize of 5226497 bytes but read (from Nextcloud client) and wrote (to Nextcloud storage) 5226496 bytes. Could either be a network problem on the sending side or a problem writing to the storage on the server side."
}

the system seems to do a POST with device cert… but it fails? "Undefined array key .. seems to mark some problem with this cert? or user token? any idea where to start?

UPDATE: checking the users security page shows the session was successfully created on the server side, the problem seems to be the client didn’t consume the token right:

Values in message “Expected filesize of 5226497 <…snip…> 5226496” differ in one byte - likely some math problem (0-based vs 1-based calculation)

In the meanwhile I found few related bug reports without a solution

but then I decided to test server name with leading https:// as it was recommended in one issue - without success… but then I decided to test login with my dev instance (same IdP) and this one successfully logged in… and even more surprizing - previously invisible production account became functional as well, now I can use both production and dev account in the app.

Very strange issue… I have to test with another device but at the moment it works, close the topic so far.