Nextcloud 22 Oauth2 and Moodle

pabsta · September 26, 2021, 12:16am

Nextcloud version: 22.1.1
Operating system and version: Debian 10 buster
Apache or nginx version : nginx 1.14.2
PHP version : 7.3

The issue you are facing:

I get a « unable to upgrade token » error when connecting NC Oauth2 API with moodle.

Is this the first time you’ve seen this error? : Yes.

Steps to replicate it:

Use moodle 3.11.2 and Nextcloud 21.X (everything is fine)
Migrate to NC 22.
Attempt an Oauth2 login on Moodle.

The Oauth2 service from NC works well with other clients (e.g. Hedgedoc).
The Moodle Oauth2 mechanism works well with other clients (e.g. google).

The output of your Nextcloud log in Admin > Logging:

[core] Warning: Login failed: '[redacted]' (Remote IP: '[redacted]')

POST /index.php/apps/oauth2/api/v1/token
from [redacted] at 2021-09-25T23:20:53+00:00

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'instanceid' => '[redacted]',
  'passwordsalt' => '[redacted]',
  'secret' => '[redacted]',
  'trusted_domains' => 
  array (
    0 => 'example.com',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '22.1.1.2',
  'overwrite.cli.url' => 'https://example.com',
  'dbname' => '[redacted]',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '[redacted]',
  'dbpassword' => '[redacted]',
  'installed' => true,
  'mail_from_address' => 'simple',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'example.com',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => '[redacted]',
  'mail_smtpport' => '[redacted]',
  'mail_smtpname' => '[redacted]',
  'mail_smtppassword' => '[redacted]',
  'app.mail.transport' => 'php-mail',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'app_install_overwrite' => 
  array (
    0 => 'calendar',
    1 => 'groupfolders',
    2 => 'breezedark',
  ),
  'mail_smtpsecure' => 'ssl',
  'default_phone_region' => 'CA',
  'memcache.local' => '\\OC\\Memcache\\APCu',
);

The output of your Apache/nginx/system log in /var/log/____:

[redacted ip] - - [25/Sep/2021:20:11:35 -0400] "POST /login/flow HTTP/2.0" 303 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0"
[redacted ip] - [redacted secret] [25/Sep/2021:20:11:35 -0400] "POST /index.php/apps/oauth2/api/v1/token HTTP/2.0" 401 14 "-" "MoodleBot/3.11 (+https://moodle.example.com)"

One thing that I had to redact, that seems odd, is that the client id is said to be wrong, although it is accurately written.

Endpoints are also accurately written (as of the latest documentation availlable).

Any clues on what to do?

Best,

Pier-André

pabsta · September 26, 2021, 2:25am

Update: I have attempted the same task (Oauth login on Moodle) on a fresh install for both Nextcloud 21.04 and Moodle 3.11.3 (latest moodle) and it works. Thus, it seems that something was lost in the Upgrade from NC 21 → NC 22.

ricki-z · October 17, 2021, 5:50pm

I can confirm the problem with a fresh install of Moodle and NC 22.
We would really like to connect Nextcloud to Moodle for some schools, but if we can’t upgrade without loosing this connections then we need to look for another solution …

Rajko

just · October 17, 2021, 9:43pm

See if this issue is what you are experiencing.

github.com/nextcloud/server

OAuth broken with 22.2.0 (since 22.0.0)

opened 04:00PM - 30 Jul 21 UTC

sephentos

bug 1. to develop feature: authentication

The way an OAuth login works doesn't seem to work anymore. So far I have always used an OAuth sign-in in RocketChat (configuration and more see below). That doesn't seem to work anymore. The only thing Nextcloud outputs as a log is a "Login failed: <OAuth Client ID>". But I don't know where there would be more logs (if Nextcloud creates more logs at all). If there are more logs, please let me know where I can find these logs and I will be happy to provide them as soon as possible but my search did not result to more useful informations. ### Steps to reproduce 1. Login on RocketChat with OAuth 2. Give access to RocketChat OAuth Client within the Nextcloud Authorization Flow 3. After successfull Nextcloud Authorization Flow the OAuth Client receives that: ```Exception while invoking method login Error: Failed to complete OAuth handshake with nextcloud at https://XXXXXXXX/index.php/apps/oauth2/api/v1/token. failed [401] {"message":""} ``` - while Nextcloud does only log that: ```Login failed: '<OAuth Client ID)' (Remote IP: 'XXX')``` ### Server configuration **Operating system:** Debian 10 **Web server:** Latest NGINX **Database:** MySQL 10.3.29 **PHP version:** 7.4.21 **Nextcloud version:** 22.0.0.11 **Where did you install Nextcloud from:** Website **Signing status:** <details> <summary>Signing status</summary> ``` No errors have been found. ``` </details> **List of activated apps:** <details> <summary>App list</summary> ``` Enabled: - accessibility: 1.7.0 - activity: 2.15.0 - admin_audit: 1.11.0 - apporder: 0.13.0 - bruteforcesettings: 2.2.0 - circles: 22.0.0 - cloud_federation_api: 1.4.0 - comments: 1.11.0 - contacts: 4.0.1 - contactsinteraction: 1.2.0 - dashboard: 7.1.0 - dav: 1.18.0 - external: 3.9.0 - extract: 1.3.2 - federatedfilesharing: 1.11.0 - files: 1.16.0 - files_accesscontrol: 1.12.0 - files_pdfviewer: 2.3.0 - files_rightclick: 1.1.0 - files_sharing: 1.13.2 - files_trashbin: 1.11.0 - files_versions: 1.14.0 - files_videoplayer: 1.11.0 - firstrunwizard: 2.11.0 - groupfolders: 10.0.0-beta1 - impersonate: 1.9.0 - integration_gitlab: 1.0.1 - logreader: 2.7.0 - lookup_server_connector: 1.9.0 - mail: 1.10.2 - nextcloud_announcements: 1.11.0 - notes: 4.1.0 - notifications: 2.10.1 - oauth2: 1.9.0 - password_policy: 1.12.0 - passwords: 2021.7.23 - photos: 1.4.0 - privacy: 1.6.0 - provisioning_api: 1.11.0 - quota_warning: 1.11.0 - recommendations: 1.1.0 - serverinfo: 1.12.0 - settings: 1.3.0 - sharebymail: 1.11.0 - spreed: 12.0.1 - survey_client: 1.10.0 - systemtags: 1.11.0 - text: 3.3.0 - theming: 1.12.0 - twofactor_backupcodes: 1.10.1 - updatenotification: 1.11.0 - user_status: 1.1.1 - viewer: 1.6.0 - weather_status: 1.1.0 - workflowengine: 2.3.0 Disabled: - afterlogic - deck - encryption - federation - files_external - files_texteditor - hsts - metadata - polls - social - support - user_ldap ``` </details> **Nextcloud configuration:** <details> <summary>Config report</summary> ``` { "system": { "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "default_language": "de_DE", "activity_expire_days": 1, "force_language": "de_DE", "default_locale": "de_DE", "default_phone_region": "DE", "trusted_domains": [ "localhost", "<OAuth Client URL :)>" ], "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "22.0.0.11", "overwrite.cli.url": "http:\/\/localhost", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_smtpauthtype": "LOGIN", "mail_sendmailmode": "smtp", "mail_smtpauth": 1, "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpsecure": "ssl", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "465", "memcache.local": "\\OC\\Memcache\\APCu", "maintenance": false, "loglevel": 2, "updater.secret": "***REMOVED SENSITIVE VALUE***", "theme": "", "updater.release.channel": "stable" } } ``` </details> **Are you using encryption:** no **Are you using an external user-backend, if yes which one:** no ### Client configuration **Browser:** Latest Firefox, latest Chrome **Operating system:** Win10 Log from OAuth Client (RocketChat): ``` I20210730-15:34:19.956(0) Exception while invoking method login Error: Failed to complete OAuth handshake with nextcloud at https://XXXXXXXX/index.php/apps/oauth2/api/v1/token. failed [401] {"message":""} ``` - No useful logs from Webserver nextcloud.log ``` {"reqId":"xxxx","level":2,"time":"2021-07-30T15:34:19+00:00","remoteAddr":"xxxxx","user":"--","app":"core","method":"POST","url":"/index.php/apps/oauth2/api/v1/token","message":"Login failed: '<OAuth Client ID>' (Remote IP: 'XXX')","userAgent":"Meteor/METEOR@2.1.1","version":"22.0.0.11"} ``` ![grafik](https://user-images.githubusercontent.com/35430448/127677194-abc2bec1-5409-4c4a-a629-735a2e6056ae.png) ![grafik](https://user-images.githubusercontent.com/35430448/127677626-31af838c-14d6-4c23-bf6b-4703dc399804.png) Again: please let me know where I can find more logs and I will be happy to provide them as soon as possible but my search did not result to more useful informations from Nextcloud. I wish to see more informations what exactly has gone wrong. It seems to be an issue since Nextcloud 22, because before it had worked. Edit: It's been almost 3 months now, I can confirm that with 22.2.0 OAuth is still not working.

pabsta · October 17, 2021, 11:13pm

Just,
thanks for your reply. I have read the thread and it seems pretty close. However, the error message is not the same as OP (maybe because the login problem is with RocketChat instead of Moodle). I will report this page to the thread, though.

Thanks,

P-A

just · October 17, 2021, 11:22pm

If it is not the same I recommend opening a new issue. You can mention the existing issue in github with #issuenumber

pabsta · December 5, 2021, 8:34am

The issue was resolved two upgrades ago. Thanks!