User_oidc : unable to disable 'auto_provision'

docker based NextcloudAIO
App affected: user_oidc

I am able to use the app with

'user_oidc' => [
    'auto_provision' => true,

But I need to disable adding users automatically, setting the value to false raises an Access forbidden Error.


I have enbled user_oidc - and i can log-in with my provider, but I need to create users manually and avoid user_oidc auto-provisioning.

I tried to create an user manually from the NextCloud Admin interface, and the set auto-provisioning to false in my config.php by adding:

  'user_oidc' => [
    'auto_provision' => false,

But then, when I try to log-in with my provider, user_oidc is refusing to log-in and prompt me to the following message:

Access forbidden

Failed to provision the user

Am I doing something wrong?

maybe somethinbg missing in the way how I configure user_oidc ?

I left empty the following section:

Attribute mapping

    User ID mapping

And I have the following as scope:

openid email profile

Thanks for any help!

— edit —

I see from the docs:

When soft_auto_provision is disabled
We refuse Oidc login of users that already exist in other backends

Does this means that if I manually create a user, I can not use OIDC login?
It looks like OIDC is not detecting that the user already exist … I am probably missing something in the settings :frowning:

crossposting the topic, – I opened an issue on:
unable to disable 'auto_provision' · Issue #869 · nextcloud/user_oidc · GitHub

likely your IdP user doesn’t match the pre-created NC user. You should map the user ID from IdP to NC user ID and login should work then. I tested this in the past but don’t remember the right settings for this setup.

it was a mapping issue, correct!
I finally fixed it by setting “preferred_username” as username mapping from my log-in provider

  • found some clue from the “well-known/openid-configuration” provider link

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.