I am trying to integrate Nextcloud in a 3rd party web application using OAuth. I want the user to be able to access the nextcloud web UI, when clicking a link in the 3rd party web application. So the end result will resemble a lite Single Sign on.
The LoginFlow seems to assume I develop a mobile app, as in the final step the user is redirected using a custom protocol handler nc:// And there are some curl examples, they all works fine.
Since I need to log-in from a web browser, from a different domain, I need to honor CORS.
When I POST a request to Nextcloud with a valid HTTP header Authentication Bearer the CORS OPTIONS request is rejected by Nextcloud.
So my question: What end-point can I call to make the user log-in in the NC web UI when I have a valid HTTP Bearer token and come from a different domain?
No that does not work, as it also reject the HTTP OPTIONS method, which is a CORS preflight check.
You can see the headers here (click show original !!!):
Of course I do not want a custom php file on my nextcloud server for this.
The issue is actually about WebDAV but the option request is also discussed. I guess the best way to solve that today is to proxy the request with your application until Nextcloud support the preflight request
As a matter of fact the back-end of my webapp is written in Java and does proxy all webdav requests.
So I have no issue there, but I would like to use the oauth code and bearer token I already have (for using webdav) and use it to log in to the Nextcloud web-ui. The only thing why this is not working, is because I dunno why cors options is rejected by NC. Maybe it is a setting somewhere…?