Nextcloud webAuthn

Welcome to the Wiki. Enjoy this experiment where your posts here can be edited and expanded by others.
You are responsible for the quality of your edits.
This is the german tutorial for it.
In this guide we will show you today how to log into your Nextcloud with webAuth.

This means you no longer need a password to log into your cloud.

First of all we need to install the right app.

App in the Nextcloud store

The app is called Two-Factor WebAuthn and is installed quite quickly.

To configure it we go to this URL:

“https://nextcloud.yourcloud.tld/index.php/settings/user/security”

“nextcloud.yourcloud.tld” must be replaced with your own Nextcloud domain.

Going further down, we already see that we can set up authentication without a password.

WebAuthn Anleitung Nextcloud (1)644×221 7.21 KB

Here we tap on “Add WebAuthn device”

This is where our face is then scanned - assuming you have a supported camera. Most of the time he asks the face twice.

Then comes the dialog that it was successful.

As a last step we have to assign a name and we’re done!

In order to be able to use this tool, we have to tap “Log in with a device” when logging in.

WebAuthn Anleitung Nextcloud (2)507×563 99.5 KB

image547×331 24.4 KB

Here we then type in the username and we are asked for the face.

If you have any questions or problems, feel free to write them back in the comments!

@SchBenedikt some of your images do not show, and opening them independently, an error is shown:

grafik738×464 19 KB

Perhaps integrate the images directly…

Without the snapshots, some information is perhaps missing. But not all WebAuthn devices have a camera? Wasn’t this the option for the U2F devices as well, where then they ask you to put the device in?

Thank you for your suggestion – and I think it works with U2F, too. I’ve now uploaded the images as is and no longer embedded them via a link.

So scanning your image is linked to a specific app or device?

First, it’s important to distinguish between passwordless login and two-factor authentication (2FA) via WebAuthn.

For passwordless login, you don’t need the Two-Factor WebAuthn app, because this functionality is already built into the Nextcloud core. So there’s no need to install any additional app.

As the name suggests, the Two-Factor WebAuthn app is specifically for adding a WebAuthn device as a second factor. In that case, you first log in with your username and password, and then confirm your identity using the WebAuthn device.

Secondly, whether or not you can scan your face depends on the type of WebAuthn device you are using. My YubiKey doesn’t have a camera, so face scanning would be rather difficult!