Hello,
I’m planning to use OIDC as the auth mechanism for Nextcloud, but I can’t find anything about user Lifecycle management.
How to handle (automatic) user lifecycle using OIDC (user activation/deactivation, updating attributes…) in sync with the IdP ?
Thanks.
there is no mechanism to “sync” users from the OIDC IdP. this is simply not part of the protocol. new users are automatically created (if allowed) and attributes are updated on each (fresh?) login… but they would remain forever on NC side if they don’t login anymore… IMHO best approach would be to handle user retirement in your provisioning scripts - at the time you disable/remove the user on IdP do the same on NC using API or occ otherwise you could perform periodic cleanup according to “last login” attribute