As you are realizing, there are problems with providing Oauth from your own Nextcloud. The best of my understanding:
You’ll need a central Nextcloud instance to provide Oauth.
Oauth would have to be from a specified Nextcloud instance. So only from cloud.nextcloud.com rather than my.cloud.xyz or anywhere else. That instance would generate the Oauth token and then the token could be added to the forum via a plugin.
Oauth token currently grants full r+w access
This is a security concern for even just one central Nextcloud instance being used until scoped access is introduced. This caveat is also explained in the admin documentation at the bottom.
For the moment, Oauth is not a great choice for this.
DiscourseSSO is an app for adding specific Discourse access from a specified Nextcloud
Note this means you’ll be dependent on this app and can still only use one specified Nextcloud instance.
OpenID is yet another choice for Nextcloud and Discourse.
Here is an app, which I’ve never used. You’ll have to read up on OpenID to learn more, but it also uses Oauth so the same caveats above will apply.
Hope this helps you to search out more info.