No access token returned to client oauth

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 29.0.5): 26.0.13
Operating system and version (eg, Ubuntu 29.04): RedHat 7.9
Apache or nginx version (eg, Apache 2.4.25): Nginx 1.25.5
PHP version (eg, 8.3): 8.2.18

The issue you are facing:

Hi,

I defined an Oauth client in the settings and configured it correctly.

This is the integration of Nextcloud with Zimbra (see doc. Zimbra Collaboration Administrator Guide)

In the Nextcloud logs, I clearly see the request for code (authorize) then for grant but at no time do I get a response with the token.

There is no POST /index.php/apps/oauth2/api/v1/token request sent.

However, in the MySQL database, I see a token that is created at each attempt.

MariaDB [nc]> select * from oc_oauth2_access_tokens;
±----±---------±----------±---------------------------------------------------------------------------------------------------------------------------------±-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------±----------------±------------+
| id | token_id | client_id | hashed_code | encrypted_token | code_created_at | token_count |
±----±---------±----------±---------------------------------------------------------------------------------------------------------------------------------±-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------±----------------±------------+
| 105 | 2155818 | 8 | 15ebd58c29e944b5972e0612a04965c22710ca29e879cdc86718cfca4c7d1a390f38be7fc3a866938b33906fda1e0156f011aa82bb3b1d26f6121dfe2a6effc5 | 7086cae6e2658b3f5619bbd4be3c2dcc0915bd416d1d6695baa369671547691787c66be2cfd8c989f60ab1a5527b9f3b2c85296bc5a0e9f40c5|b3ab3e972c24c96366dea6bc8876449a|66ccdbf557fd5bf2142d576e0b18d5ebdb9a8459aa77c3e86bbba2b35a6b70c28f50300ecfd4b367297|3 | 1718094865 | 0 |
| 106 | 2155903 | 8 | f00c7219f8060deac5687764418a577ee91c67537e09859c7db457abfc812f4846b3ea095c035c5d1f9d251eda9eec918269fba99ac8d1fd35db3f873334beda | 4acb9ef52b17f6a7069edc8bd1a96957e3295aed8be246fc2b11bf873d96a0fb024003c0522076f407f36a2384aa0137e880baa6583d7cbdf3f|ec7902e408da934ce6e747bf24746a74|b1d51de584af69fe3da98c40d743896102bcc984eff1147c1ae591dd1b06535ce0772c148821f5e8c3b|3 | 1718096011 | 0 |
±----±---------±----------±---------------------------------------------------------------------------------------------------------------------------------±--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Also, I don’t understand where the problem could come from.

Regards,

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

The output of your Nextcloud log in Admin > Logging:

PASTE HERE

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'xxx',
  'passwordsalt' => 'xxx',
  'secret' => 'xxx',
  'trusted_domains' =>
  array (
    0 => 'cirrus.universite-paris-saclay.fr',
    1 => 'nextcloud.swarm.di.u-psud.fr',
  ),
  'datadirectory' => '/mnt/ncdata',
  'dbtype' => 'mysql',
  'version' => '26.0.13.1',
  'overwrite.cli.url' => 'https://cirrus.universite-paris-saclay.fr',
  'overwriteprotocol' => 'https',
  'dbname' => 'nc',
  'dbhost' => 'maxscale.dsi.universite-paris-saclay.fr',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nc_write_prod',
  'dbpassword' => 'xxx',
  'dbdriveroptions' =>
  array (
    1002 => 'SET wait_timeout = 28800',
  ),
  'installed' => true,
  'maintenance' => false,
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'filelocking.enabled' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'redis',
    'port' => 6379,
  ),
  'log_type' => 'file',
  'logdateformat' => 'F d, Y H:i:s',
  'loglevel' => 0,
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'logtimezone' => 'Europe/Paris',
  'log.condition' =>
  array (
    'apps' =>
    array (
      0 => 'admin_audit',
    ),
  ),
  'mail_from_address' => 'cirrus-noreply',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'universite-paris-saclay.fr',
  'mail_smtphost' => 'smtp.universite-paris-saclay.fr',
  'mail_smtpport' => '25',
  'mail_smtpstreamoptions' =>
  array (
    'ssl' =>
    array (
      'allow_self_signed' => true,
      'verify_peer' => false,
      'verify_peer_name' => false,
    ),
  ),
  'trusted_proxies' =>
  array (
    0 => '10.0.4.0/16',
    1 => '172.20.8.0/24',
    2 => '172.20.4.0/24',
    3 => '10.0.1.0/24',
  ),
  'forwarded_for_headers' =>
  array (
    0 => 'HTTP_X_FORWARDED_FOR',
    1 => 'X-Forwarded-For',
    2 => 'HTTP_X_FORWARDED',
    3 => 'HTTP_FORWARDED_FOR',
  ),
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'skeletondirectory' => '/mnt/ncdata/skeleton',
  'twofactor_enforced' => 'false',
  'twofactor_enforced_groups' =>
  array (
  ),
  'twofactor_enforced_excluded_groups' =>
  array (
  ),
  'htaccess.RewriteBase' => '/',
  'theme' => '',
  'filelocking.ttl' => 43200,
  'knowledgebaseenabled' => false,
  'default_language' => 'fr',
  'default_locale' => 'fr_FR',
  'trashbin_retention_obligation' => '30, 60',
  'app_install_overwrite' =>
  array (
    0 => 'files_clipboard',
    1 => 'dashboard',
    2 => 'zimbrasoap',
    3 => 'occweb',
    4 => 'activitylog',
    5 => 'emlviewer',
    6 => 'files_lock',
  ),
  'simpleSignUpLink.shown' => false,
  'sharing.maxAutocompleteResults' => 10,
  'sharing.minSearchStringLength' => 3,
  'upgrade.disable-web' => true,
  'default_phone_region' => 'FR',
  'ldapUserCleanupInterval' => 32,
  'sharing.enable_share_accept' => false,
  'sharing.force_share_accept' => false,
  'auth.bruteforce.protection.enabled' => false,
  'csrf.disabled' => 'true',
  'enable_previews' => true,
  'enabledPreviewProviders' =>
  array (
    0 => 'OC\\Preview\\PNG',
    1 => 'OC\\Preview\\JPEG',
    2 => 'OC\\Preview\\GIF',
    3 => 'OC\\Preview\\HEIC',
    4 => 'OC\\Preview\\BMP',
    5 => 'OC\\Preview\\XBitmap',
    6 => 'OC\\Preview\\MP3',
    7 => 'OC\\Preview\\TXT',
    8 => 'OC\\Preview\\MarkDown',
    9 => 'OC\\Preview\\Krita',
    10 => 'OC\\Preview\\Movie',
    11 => 'OC\\Preview\\PDF',
    12 => 'OC\\Preview\\SVG',
  ),
  'onlyoffice' =>
  array (
    'verify_peer_off' => true,
  ),
  'updater.server.url' => 'https://updates.nextcloud.com/customers/PFDDT-Y4ADC-VXLG8-Q35E0-TBDVZ/',
  'updatechecker' => true,
  'has_internet_connection' => true,
  'encryption.legacy_format_support' => false,
  'encryption.key_storage_migrated' => false,
  'allow_local_remote_servers' => true,
  'http.cookie.samesite' => 'None',
);

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

{"reqId":"Gv2iLf3Z1DH26Jm1kgTL","level":0,"time":"June 11, 2024 11:19:08","remoteAddr":"10.255.3.50","user":"denis.casanova","app":"zimbrasoap","method":"GET","url":"/index.php/apps/oauth2/authorize?client_id=xxx&redirect_uri=https%3A%2F%2Fhermes.universite-paris-saclay.fr%2Fservice%2Fextension%2Foauth2%2Fauthenticate%2Fnextcloud&response_type=code&state=%3Bnoop","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0","version":"26.0.13.1","data":{"app":"zimbrasoap"}}

{"reqId":"Gv2iLf3Z1DH26Jm1kgTL","level":0,"time":"June 11, 2024 11:19:08","remoteAddr":"10.255.3.50","user":"denis.casanova","app":"user_ldap","method":"GET","url":"/index.php/apps/oauth2/authorize?client_id=xxx&redirect_uri=https%3A%2F%2Fhermes.universite-paris-saclay.fr%2Fservice%2Fextension%2Foauth2%2Fauthenticate%2Fnextcloud&response_type=code&state=%3Bnoop","message":"Calling LDAP function ldap_explode_dn with parameters [\"denis.casanova\",0]","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0","version":"26.0.13.1","data":{"app":"user_ldap"}}

{"reqId":"NQMyoYmPagPdiURKo590","level":0,"time":"June 11, 2024 11:19:11","remoteAddr":"10.255.3.82","user":"denis.casanova","app":"zimbrasoap","method":"GET","url":"/login/flow/grant?user=&direct=0&oauthState=&noop&stateToken=UYUfDp4fMu4ZizTcRGi6yAPJYdB8PITXRvGDV3H59OvZwc23UzL7DbnAwHJ0HRCy&clientIdentifier=xxx","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0","version":"26.0.13.1","data":{"app":"zimbrasoap"}}

{"reqId":"NQMyoYmPagPdiURKo590","level":0,"time":"June 11, 2024 11:19:11","remoteAddr":"10.255.3.82","user":"denis.casanova","app":"user_saml","method":"GET","url":"/login/flow/grant?user=&direct=0&oauthState=&noop&stateToken=UYUfDp4fMu4ZizTcRGi6yAPJYdB8PITXRvGDV3H59OvZwc23UzL7DbnAwHJ0HRCy&clientIdentifier=xxx","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0","version":"26.0.13.1","data":{"app":"user_saml"}}

{"reqId":"NQMyoYmPagPdiURKo590","level":0,"time":"June 11, 2024 11:19:11","remoteAddr":"10.255.3.82","user":"denis.casanova","app":"user_ldap","method":"GET","url":"/login/flow/grant?user=&direct=0&oauthState=&noop&stateToken=UYUfDp4fMu4ZizTcRGi6yAPJYdB8PITXRvGDV3H59OvZwc23UzL7DbnAwHJ0HRCy&clientIdentifier=xxx","message":"Calling LDAP function ldap_explode_dn with parameters [\"denis.casanova\",0]","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0","version":"26.0.13.1","data":{"app":"user_ldap"}}