I want to authorize my login against a OAuth2 Server. It uses Grant Type Authorization Code according to this link:
Besides username I do also receive information about group-memberships.
What I already programmed is: Link to the login, callback function in Nextcloud, receives authorization. My idea now was to create the user @ nextcloud and assign it to the corresponding groups @ nextcloud. This works as well.
What I am currently facing is the problem, that I cannot log in this user. I tried \OCP\IUserSession->login() but it always returns false.
AFAIK currently not (and the OAuth provider/server option does not give access to user details).
You could maybe build a bridge with Keycloak and the SAML plugin, but that one also depends on LDAP for user details, so it becomes a complex mess…
IMHO the best would be probably to make a new app that implements Hybridauth, see: https://hybridauth.github.io/
(They are releasing a major update version 3.0 this month… so perfect timing for someone to take that up? )
If I recall correctly (has been a while since I last used this app) it does not involve changing any of these details. All the manual account linking does is to enable people to use the one-click login method offered by OIDC with their existing regular NC account.