How to log-in on Nextcloud web UI with oauth


I am trying to integrate Nextcloud in a 3rd party web application using OAuth. I want the user to be able to access the nextcloud web UI, when clicking a link in the 3rd party web application. So the end result will resemble a lite Single Sign on.

I have it working by combining these two documentation pages:

The LoginFlow seems to assume I develop a mobile app, as in the final step the user is redirected using a custom protocol handler nc:// And there are some curl examples, they all works fine.

Since I need to log-in from a web browser, from a different domain, I need to honor CORS.

When I POST a request to Nextcloud with a valid HTTP header Authentication Bearer the CORS OPTIONS request is rejected by Nextcloud.

I have made sure that this is all set-up well in apache, because if I create a test.php and post to there, it all works, I can even log-in by reposting using javascript from test.php. So it seems the PHP code from Nextcloud is rejecting CORS OPTIONS requests.

So my question: What end-point can I call to make the user log-in in the NC web UI when I have a valid HTTP Bearer token and come from a different domain?

1 Like is not an option?

No that does not work, as it also reject the HTTP OPTIONS method, which is a CORS preflight check.

You can see the headers here (click show original !!!):

Again, if I put a self-coded test.php on the Nexctloud server, and http post to test.php from my webapp domain, then all posted data is reaching test.php and the XMLHttp (cross domain) succeeds. With said test.php I can repost using javascript to nextcloud’s index.php, then it works. Since it is not a CORS request anymore (no OPTIONS request to nextcloud).

Of course I do not want a custom php file on my nextcloud server for this.

Here is the Apache config

The issue is actually about WebDAV but the option request is also discussed. I guess the best way to solve that today is to proxy the request with your application until Nextcloud support the preflight request :disappointed:

cc @rullzer @blizzz

As a matter of fact the back-end of my webapp is written in Java and does proxy all webdav requests.

So I have no issue there, but I would like to use the oauth code and bearer token I already have (for using webdav) and use it to log in to the Nextcloud web-ui. The only thing why this is not working, is because I dunno why cors options is rejected by NC. Maybe it is a setting somewhere…?