SSO access token instead of user:pass in web-DAV apis , upload , download ,share ,

Yeganeh_Ahmadnejad · May 11, 2020, 7:47am

hello
I have exactly the same problem as describes here

I get my access toke from keycloak and send a request to nextcloud server as

curl -X POST "http://XXXXX/ocs/v2.php/apps/files_sharing/api/v1/shares" --header "Content-Type: application/x-www-form-urlencoded" --header "OCS-APIRequest: true" --header "Authorization: Bearer eyJhbGciOiJSUzI1NiIsXXXXXXXiSldUIiwia2lkIiA6ICJKMzQyZE9NSWxqdHFGaE5hZ0JLSXgyeEFSNFdFQUtJbG12Y3hEZWhTMzBNIn0.eyJleHAiOjE1ODkyMTAxODMsImlhdCI6MTU4OTE3NDE4MywianRpIjoiYjU3YjgyMWEtZGViNS00ZjY4LTk1ZTYtMTMyZjM1NzFhZGY4IiwiaXNzIjoiaHR0cDovL3Nzby50b29iYXRlY2guaXIvYXV0aC9yZWFsbXMvVG9vYmEiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDhmYzUzZjgtZmE4Yy00OWQ3LWE5ZWItNWIzZTE0MzM1OGMxIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoic3RvcmFnZSIsInNlc3Npb25fc3RhdGUiOiIzNWUyY2IzMC05ZWU5LTQ5ZGQtYWJiYi03MjBhYjY5M2VjMzYiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly92c3RvcmUuYWx6YWhyYS5hYy5pciJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoieWVnYW5zc28gc3NvIiwicHJlZmVycmVkX3VzZXJuYW1lIjoieWVnYW5lc3NvIiwiZ2l2ZW5fbmFtZSI6XXXXXXXXX3NvIiwiZmFtaWx5X25hbWUiOiJzc28iLCJlbWFpbCI6ImFobWFkbmVqYWRzc29Ab3NzbC5pciJ9.Q7Sj-SiM0xfSJm9gvvzTOfSY-D2lrSdR_gTbYRiIAufgjmXI6HFuZ2eiorbyHG5eRXfpxVv8i4onyxxk81FIJV7BcE-VFzfgT7I9mLnyHwZTKq_qOYRzLGkB6adi-dYsit0U6zUppFWsNA9LMGh5F-2k_ULbgLSEZapg8dmQJmPEtmQqSaaWFYleMPFjFAKSSx4GyknXcjWVwC_ghpENNGYI06tpYe21MPizvVXbaZ6ylcCLu6f3tZFNaFIGXDWfuTFQkD7E1AyvpIVyYxy4xOsdsv1N4LQlQYZp__aTeZ9KGczbw1a5o_TrnPvSgLMAHvpwW15sJaywOgHudX9efw" --data-urlencode "path=toobatel.PNG" --data-urlencode "shareType=0" --data-urlencode "permissions=1" --data-urlencode "expireDate=2020-07-20" --data-urlencode "shareWith=alex"

API respones is

<?xml version="1.0"?>
<ocs>
 <meta>
  <status>failure</status>
  <statuscode>997</statuscode>
  <message>Current user is not logged in</message>
 </meta>
 <data/>
</ocs>

mfoster · May 29, 2020, 5:38pm

We too need this functionality as we are building a custom application that loads Nextcloud directories in an iframe and need a way to securly pull in content that the logged in user has access to. Is there any plans to implement this? The Webdav API is extremely weak. We may have to look at Seafile as it has a full feature REST API for accessing files.