Oauth2 between 2 Nextcloud instances

Hello,

i’m trying to use oauth2 between two nextcloud instances. the login finished with a error. Both instances are version 17.

NC1 are the oauth2 provider:
settings > adminstration > security > OAuth 2.0 clients
Name: Nextcloud
Redirection URI: http://nextcloud01:8080/apps/sociallogin/custom_oauth2/nextcloud
Client Identifier: jO6wt[…]ZArg3
Secret: rBkYLa[…]EKf4R

NC2 is the oauth2 client, with the social login app installed.
settings > adminstration > sociallogin
Internal name: nextcloud
Title: nextcloud
API Base URL: https://nextcloud02/index.php
Authorize url (can be relative to base URL): https://nextcloud02/index.php/apps/oauth2/authorize
Token url (can be relative to base URL): https://nextcloud02/index.php/apps/oauth2/api/v1/token
Profile url (can be relative to base URL): https://nextcloud2/index.php
Logout URL (optional):
Client Id: jO6wt[…]ZArg3
Client Secret: rBkYLa[…]EKf4R
Scope (optional):
Profile Fields (optional, comma-separated):
Groups claim (optional):
Button style: OpenID
Default group: None

http://raspberrypi:8080/login
click on the button "“login with nextcloud” on the second instance.
redirect to

https://nextcloud2/index.php/login/flow?clientIdentifier=jO6wtA[...]60OqvT
click on the button “login”
redirect to

https://nextcloud2/index.php/login?redirect_url=/index.php/login/flow/grant%3FstateToken%3D86cqk[...]9R5WN%26oauthState%3DHA-WDQNR[...]GM2AH%26clientIdentifier%3DjO6wt[...]60OqvT
insert user and password & click on the button “login”
redirect to

https://nextcloud2/index.php/login/flow/grant?stateToken=86cqk[...]9R5WN&oauthState=HA-WDQNR[...]GM2AH&clientIdentifier=jO6wt[...]60OqvT
click on the button “grant access”
redirect to

http://raspberrypi:8080/apps/sociallogin/custom_oauth2/nextcloud?state=HA-WDQN[...]GM2AH&code=qWi8m[...]1VSuT
Provider API returned an unexpected response.

how can i resolve the error?

Thanks

  • The used host names are not FQDN, have you shortened the names to mask its real names?
  • Do you want to connect both servers on the same network or over the internet?
  • Why are you not using a https address to access you Raspberry Pi?
  • Have you activated the debug logging and what does the Nextcloud log file show when the error appears?
2 Likes
  • The used host names are not FQDN, have you shortened the names to mask its real names?
    Nextcloud2 has a public FQDN, raspberrypi has always a FQDN (raspberrypi.fritz.box) but is only accessible from teh local network

  • Do you want to connect both servers on the same network or over the internet?
    i want connect the local non public instance (oauth client) with the public instance (oauth provider)

  • Why are you not using a https address to access you Raspberry Pi?
    i’ve run ‘docker run -d -p 8080:80 nextcloud’ without configuration.

  • Have you activated the debug logging and what does the Nextcloud log file show when the error appears?
    the only log i’ve on the provider side

{“reqId”:“tf7vSrjIdupHwCuu3okz”,“level”:0,“time”:“December 03, 2019 20:14:23”,“remoteAddr”:“151.49.198.254”,“user”:"–",“app”:“core”,“method”:“GET”,“url”:"/index.php/login/flow/grant?stateToken=8CKaxTZmycZCzCvhkVa4LgYUttfFtp0wi4bCwvdrNDFVdUb8O3grQ1TtKqIZCngJ&oauthState=HA-DCT7LAWB24F0EY5R3G9S6QZ1OPKHUIJ8MVXN&clientIdentifier=jO6wtAe7RM3e7jbqVYQym6L8939J8P9HzPA3XjwEILIVHZArg3bkdXyl0160OqvT",“message”:{“Exception”:“OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException”,“Message”:“Current user is not logged in”,“Code”:401,“Trace”:[{“file”:"/var/www/nextcloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php",“line”:95,“function”:“beforeController”,“class”:“OC\AppFramework\Middleware\Security\SecurityMiddleware”,“type”:"->",“args”:[{“class”:“OC\Core\Controller\ClientFlowLoginController”},“grantPage”]},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:97,“function”:“beforeController”,“class”:“OC\AppFramework\Middleware\MiddlewareDispatcher”,“type”:"->",“args”:[{“class”:“OC\Core\Controller\ClientFlowLoginController”},“grantPage”]},{“file”:"/var/www/nextcloud/lib/private/AppFramework/App.php",“line”:126,“function”:“dispatch”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->",“args”:[{“class”:“OC\Core\Controller\ClientFlowLoginController”},“grantPage”]},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php",“line”:47,“function”:“main”,“class”:“OC\AppFramework\App”,“type”:"::",“args”:[“OC\Core\Controller\ClientFlowLoginController”,“grantPage”,{“class”:“OC\AppFramework\DependencyInjection\DIContainer”},{"_route":“core.ClientFlowLogin.grantPage”}]},{“function”:"__invoke",“class”:“OC\AppFramework\Routing\RouteActionHandler”,“type”:"->",“args”:[{"_route":“core.ClientFlowLogin.grantPage”}]},{“file”:"/var/www/nextcloud/lib/private/Route/Router.php",“line”:297,“function”:“call_user_func”,“args”:[{“class”:“OC\AppFramework\Routing\RouteActionHandler”},{"_route":“core.ClientFlowLogin.grantPage”}]},{“file”:"/var/www/nextcloud/lib/base.php",“line”:1000,“function”:“match”,“class”:“OC\Route\Router”,“type”:"->",“args”:["/login/flow/grant"]},{“file”:"/var/www/nextcloud/index.php",“line”:42,“function”:“handleRequest”,“class”:“OC”,“type”:"::",“args”:[]}],“File”:"/var/www/nextcloud/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php",“Line”:135,“CustomMessage”:"–"},“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0”,“version”:“17.0.1.1”}
{“reqId”:“58YJAbnLQIpLxCSfCRLn”,“level”:0,“time”:“December 03, 2019 20:14:27”,“remoteAddr”:“151.49.198.254”,“user”:“local”,“app”:“files_skeleton”,“method”:“POST”,“url”:"/index.php/login",“message”:“copying skeleton for local from /var/www/nextcloud/core/skeleton to /local/files/”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0”,“version”:“17.0.1.1”}
{“reqId”:“Bjgwi1MuMpKArT4tT17H”,“level”:0,“time”:“December 03, 2019 20:14:31”,“remoteAddr”:“151.49.198.254”,“user”:“local”,“app”:“core”,“method”:“GET”,“url”:"/index.php?",“message”:“User backend OC_User_IMAP already initialized.”,“userAgent”:“HybridAuth, PHP Social Authentication Library (https://github.com/hybridauth/hybridauth)”,“version”:“17.0.1.1”}