Hi,
I am trying to upload the files to the nextcloud server, and I am using the Keycloak Server as the external authentication server. The flow to upload the files via the access token is represented in Figure 1.
I have configured the nextcloud with the SSO and SAML authentication app, and if the user accesses the nextcloud url he is redirected to get it authenticated from the keycloak server and this works fine.
Now, I need to upload the files to the nextcloud server with the same authentication mechanism from the external client application by obtaining the access token from the keycloak server (authorization server). My question is if this is possible with the nextcloud server ? Can nextcloud validate the external token and grant access to the user to upload and download the files, and how can this be acheived over any API that nextcloud provides? I have tried the webDAV API and we can get the API call authenticated via username and password but we can’t get the authentication working with the token from the external server.
Here is the brief explanation of the steps:
-
Client application requests the access token from the authorization server with a particular grant type.
-
Authorization server (which is keycloak in this scenario) generates the access token and passes the access token to the client application.
-
Client application uses the same access token and sends it to the nextcloud server.
-
Nextcloud server validates the access token and grants the permission for the client application to use the protected resources.
-
Client application which now has been authorized can upload the files to the nextcloud server
Is it possible to achieve this login flow?
If yes, then how is this possible? I have tried this over the webDAV API and tested using the simple CURL calls (with the access token generated from keycloak server) but this is not possible.
Is there any other way to achieve the same, so that I can complete the login flow and push/download the files from the client application to the nextcloud server with this login flow?