How make Webdav work with 2FA turned on?

Having reverse success trying to make Webdav work together with 2FA. Could use some help.

Tried implementing 2FA through ‘code via e-mail’, and realized Webdav connectivity stops working if you do this. Thought this was a bug at first, but after reading I picked up on that one can use “App Passwords” to make this work.

Looking at my Web UI as admin, I’m assuming this means the “App Passwords” dialog box at the bottom of Settings → Security (?). This dialog asks of me to input an “app name”, and I’m not sure what this refers to. I’m using FileZilla to test Webdav connectivity but I somehow doubt putting “Filezilla” in that textfield will be correct. I’m not sure what to put in here, and I’m also not certain if I will know how to use whatever info comes out from doing this.

Furthermore, I also noticed that only my Admin account offers me an App Passwords dialog box at the bottom of Settings → Security, but non-admin user accounts does not show this option in the settings; and I see no way for the admin to choose which user this App Password is to apply to. So how do I …

The Nextcloud Bible uses TOTP as example to describe this procedure in general, which is not applicable to 2FA/Webdav. And the only other clue I’ve gathered is what the description text in the UI says: “If you use third party applications to connect to Nextcloud, please make sure to create and configure an app password for each before enabling second factor authentication”.

So … if I already enabled 2FA I should disable that, for all users, and input something which is unclear into the app passwords textbox, and this will give me back something that I’m not sure how to utilize or what individual users this applies to?
Oh and if a user already enabled 2FA via e-mail, will this app password thing still work if the user disables 2FA (is says above I need to create a web password BEFORE enabling 2FA), or will I need to delete the user’s account and create a new one for this to work?

Gah, I’m half lost in this ‘lack-of-direction jungle’. I could use some guidance if someone won’t mind. Starting with what to input in the App Passwords textbox input, what that will output and how to utilitze the output, and how to know which users this applies to.

Grateful in advance

The text field is used to comment for yourself how you used that app password (remember every app password can just be used for one app). So if you want to generate an app password for use with for example contacts sync with an iOS device, describe it as “Contacts My iOS-Device”. As you need a second one for calendar sync set up another one and use “Calendars My iOS-Device”.

I’m not sure right now if a user must first enable TFA in their own account settings to generate apps passwords, but in the end there is nothing to do on the admin side to allow users the use of app passwords.

If you enable TFA you can force users to use TFA, so that they also need to use app passwords. TFA needs some admin settings and additional Apps depending on the authorisation method.

@Cryx : Thanks for responding.
I tried what you suggested and I understand the process better now. The input in the textbox gets listed in the “Devices & Sessions” list, inside Settings → Security. So far so good.

However this setting only appears to be valid for the Admin account. One cannot create an App Password for a different username from within the Admin account.

I have tried to change settings around in order to provoke the “App Passwords” dialog to appear for non-admin users - including forcing 2FA for all users, enabling and disabling for each account etc etc. I have no success so far. This setting only appears to be accessible for the Admin account, at this time, for me.

This is using NC 27.1.1 on Linux Ubuntu installed as Snap.

Sure and logical, it’s restricted to the user itself to setup an app password!!! The admin can’t do this for other user, tcats a security feature, no bug. The app password is only readable once, so if the admin would be able to create the app password for a user he would need to scooy and share that app password with the user… That would be strange and against the logic of app passwords.

Ah, right. That makes sense.

So, before I can try if this works for non-admin users as well, I need to figure out why the “App Password” setting option is not visible to non-admin users in their web GUIs.
Presently, it is only visible in the admin account. But if I log into one of my non-admin accounts, this settings option isn’t there at all in the GUI.

Guess I have to review all settings and group settings of both native options as well as options within 3rd party apps. This may be like following a specific ant through an anthill :slight_smile: