Use real names in nextcloud circles

Hi!

I have a user-interface question. We’re using Circles to extensively manage user access to shared resources. Access to the Circles is granted to both external users (non-registered) via e-mail and actual, registered-in-our-nextcloud users. These real users are managed via Keycloak.

When administrating the circles, the access via e-mail address is quite easy to manage, they simply appear with the e-mail address used for sharing. The other ones show by some weird internal keycloak identifier:

image

Is this intentional? It would be very helpful to see the full names somewhere.

you didn’t provide enough technical background to know exactly bu I suppose the problem is related to “provider prefix” of user_oidc user_oidc-app if you created all the users this way already you might need to migrate all the users to new setup (search for “transfer ownership”)

I’ll try to provide more background.

I’m not using the nextcloud as an identity provider, I’m using it as the client. The OpenID provider is a keycloak instance that is configured via https://apps.nextcloud.com/apps/sociallogin:

image

Authorize, token, user info, logout urls have all been set. Display name claim has not, but that does not seem to be the problem (see below, the display name is fetched). A default group and some group mappings are configured.

The users can login, and when looking in Administration → Users, the users look like you would expect. Their profiles have a human-readable username, an e-mail address, and said keycloak identifier. Users are correctly assigned their groups based on the configuration above.

Only after adding them to the circle, and only in the circle administration page, they appear as shown in the screenshot above.

Two things that are particularly odd about this:

  1. I can use the keycloak-$uuid identifier when adding new members to a circle and it will show me the full username. Again, after adding, the circle admin page doesn’t show it.
  2. I can not use the keycloak-$uuid identifier in the global search, or when searching through contacts. I can use the nextcloud-identified users’ e-mail addresses.

I hope this provides some required additional context. Thanks for any help!

all the mentioned apps are designed to “consume” external identity from IdP. I tested sociallogin in the past but switched to nextcloud-oidc-login as latter allows mapping to existing NC accounts and later switched to official user_oidc as there is no active development for nextcloud-oidc-login anymore… but I remember there was a way to map UID-like attrbute like preferred_username to Nextcloud username - look at the docs on GH as #sociallogin-app is well documented.