Login issues, primarily with Android app (though other issues could be related?)

Nextcloud version : 21.0.1
Operating system and version: Ubuntu Server LTS 20.04.2
Nginx version: 1.18.0
PHP version: 7.4.15

The issue you are facing:

I have seen a bunch of posts and github requests that describe similar issues, but not all, and the workarounds suggested have not worked for me. I’m not sure if these issues are related, or should be addressed separately, but I’ll add them all here, in case they are related.

The issues I’ve noticed are:

  1. I can’t log in with username, only with email (in browser). This is onyl true for some users, I can use the username for the “administrator” user I initially created. All usernames (incl. the “administrator” that works fine) is a single word, capitalized, with no special characters or numbers.
  2. Authenticating/logging in to an account on Android app fails (have tried both with QR code and manually), with the error message:
    Access failed: Operation finished with HTTP status code -1 (fail).
  • I have logged in as, and used the “administrator user” in the same Android app on the same phone for a while with no issues. This error is for one of the users where I can’t use username to log in via browser (though it didn’t matter if I used email when trying to log in via App).
  1. Sometimes the app will throw an error log on the screen (but only occasionally), I’ve inserted it below.
Error message in Adroid App
************ CAUSE OF ERROR ************

at com.nextcloud.ui.ChooseAccountDialogFragment.getBinding(ChooseAccountDialogFragment.kt:71)
at com.nextcloud.ui.ChooseAccountDialogFragment.avatarGenerated(ChooseAccountDialogFragment.kt:196)
at com.owncloud.android.datamodel.ThumbnailsCacheManager$AvatarGenerationTask.onPostExecute(ThumbnailsCacheManager.java:921)
at com.owncloud.android.datamodel.ThumbnailsCacheManager$AvatarGenerationTask.onPostExecute(ThumbnailsCacheManager.java:868)
at android.os.AsyncTask.finish(AsyncTask.java:797)
at android.os.AsyncTask.access$900(AsyncTask.java:195)
at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:814)
at android.os.Handler.dispatchMessage(Handler.java:110)
at android.os.Looper.loop(Looper.java:219)
at android.app.ActivityThread.main(ActivityThread.java:8387)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:513)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1055)

************ APP INFORMATION ************
ID: com.nextcloud.client
Version: 30160090
Build flavor: gplay

************ DEVICE INFORMATION ************
Device: HWVOG
Model: VOG-L29
Product: VOG-L29EEA

************ FIRMWARE ************
SDK: 29
Release: 10
  1. If I try the App Token approach, and create an app password (I’m assuming that what Nextcloud calls “App Password” is the same as the Android app call “App Token”?) under settingssecurity (logged in as the new user I want to use for the Android app), I get an error when pressing “grant access” saying: Access forbidden - Invalid app password

I saw some similar issues in other posts, that were related to the Android app not being compatible with TLS 1.3, but I tried adding both TLS 1.2 and 1.3 to my nginx config, and the problem persists.

Is this the first time you’ve seen this error?: Yes (but also the first time I’ve tried to change password)

Steps to replicate it:

Method 1:
Outlined above. Briefly:
For username not recognized:

  1. Navigate to log in page.
  2. Log in using username (first letter capital, as it is shown under Users for both (1) the user/administrator that can use username to log in, and (2) users that can’t.
  • NOTE: I first thought it was a password issue, and tried resetting the password. Here, the username wasn’t recognized either.

For Android App authentication:

  1. Press “Add account” in the Adroid App.
  2. Try to log in with either (1) maunal, logging into the “web” version to grant access, (2) using a QR code generated in browser under SettingsSecurityDevices & sessions, or (3) using the App Token/password generated the same place.

NOTE: I have a user (not the admin) set up on a Windows PC and the iOS app. This was done a long time ago, though, so I can’t say if these platforms would also be affected by this (I don’t dare to log them out, since I’ve just convinced that it was safe enough to actually use, and it still works for them atm.).

The output of your Nextcloud log in Admin > Logging:

Nextcloud log


The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
  'passwordsalt' => 'REDACTED,
  'secret' => 'REDACTED',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '',
    2 => 'REDACTED',
  'trusted_proxies' =>
  array (
    0 => '',
    1 => '',
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '',
  'overwrite.cli.url' => 'http://localhost',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => '',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'REDACTED',
  'installed' => true,
  'instanceid' => 'ockk1xgxvfzi',
  'loglevel' => 2,
  'maintenance' => false,
  'mail_smtpmode' => 'smtp',
  'mail_smtphost' => 'REDACTED',
  'mail_sendmailmode' => 'smtp',
  'mail_smtpport' => '587',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_from_address' => 'REDACTED',
  'mail_domain' => 'REDACTED',
  'mail_smtpname' => 'REDACTED',
  'mail_smtppassword' => 'REDACTED',

The output of your Apache/nginx/system log in /var/log/____:
(I think this is the one? I run in docker, so the location is different, but I’ve added the error log).
Nextcloud is at what I have redacted to be next.MY.DOMAIN.

Nginx error log

(couldn’t post with this included, it was too long)