App passwords stopped working only when TOTP is enabled

Nextcloud version (eg, 20.0.5): Nextcloud Hub II (23.0.3)
Operating system and version (eg, Ubuntu 20.04): CentOS 8
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.37
PHP version (eg, 7.4): 8.0.17

The issue you are facing:

2-3 days ago I set up the CalDAV and all with TOTP (so I generated app passwords for Thunderbird to be able to read the calendars). Everything worked flawlessly.

Today I was gonna set it up the exact same way I did on another pc I own and at first it worked but I revoked the App Password I had just created because the name was bad (I know it can be renamed, I went too fast and missed that). Since then I’ve tried creating new passwords but it’s not working. On tbSync I can create the profile but can’t sync the calendars, on Lightning I can import the calendar (so I can connect to the instance) but the calendar won’t get enabled.

I went to check my other pc, the one that’s been working for the last days, and it’s not working there either. I disabled TOTP and all the calendars started working again, without changing the app password. I re-enabled TOTP and they all instantly stopped working.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Enable TOTP
  2. See calendars not working
  3. Disable TOTP
  4. See calendars working

The output of your Nextcloud log in Admin > Logging:

{"reqId":"YkrxuQGcKRXspxrHnOTMmgAAA8Q","level":3,"time":"2022-04-04T13:25:14+00:00","remoteAddr":"<IP>","user":"username","app":"index","method":"GET","url":"/login/v2/grant","message":"OC\\Core\\Controller\\ClientFlowLoginV2Controller::grantPage(): Argument #1 ($stateToken) must be of type string, null given, called in /var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php on line 217 in file '/var/www/html/nextcloud/core/Controller/ClientFlowLoginV2Controller.php' line 152","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0","version":"23.0.3.2","exception":{"Exception":"Exception","Message":"OC\\Core\\Controller\\ClientFlowLoginV2Controller::grantPage(): Argument #1 ($stateToken) must be of type string, null given, called in /var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php on line 217 in file '/var/www/html/nextcloud/core/Controller/ClientFlowLoginV2Controller.php' line 152","Code":0,"Trace":[{"file":"/var/www/html/nextcloud/lib/private/AppFramework/App.php","line":157,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/nextcloud/lib/base.php","line":1006,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","Line":158,"Previous":{"Exception":"TypeError","Message":"OC\\Core\\Controller\\ClientFlowLoginV2Controller::grantPage(): Argument #1 ($stateToken) must be of type string, null given, called in /var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php on line 217","Code":0,"Trace":[{"file":"/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":217,"function":"grantPage","class":"OC\\Core\\Controller\\ClientFlowLoginV2Controller","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":126,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/App.php","line":157,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/nextcloud/lib/base.php","line":1006,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/nextcloud/core/Controller/ClientFlowLoginV2Controller.php","Line":152},"CustomMessage":"--"}}
{"reqId":"YksHOwGcKRXspxrHnOTNvQAAA8g","level":3,"time":"2022-04-04T14:56:59+00:00","remoteAddr":"<IP>","user":"--","app":"no app in context","method":"PROPFIND","url":"/remote.php/dav/","message":"App token login name does not match","userAgent":"Thunderbird CalDAV/CardDAV","version":"23.0.3.2"}
{"reqId":"YksOvIUZgSWNpZXWPREXpAAAABI","level":2,"time":"2022-04-04T15:29:00+00:00","remoteAddr":"<IP>","user":"--","app":"core","method":"PROPFIND","url":"/remote.php/dav/calendars/username/personal/","message":"Login failed: 'username' (Remote IP: '<IP>')","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0","version":"23.0.3.2"}

What I seem to get from the 2nd and 3rd lines of the log, is that it seems like it’s not sending the username. I’ve tried deleting the calendars and creating them from scratch and doesn’t seem to be working.