Hi,
I have enabled two-factors authentication on my Nextcloud instance. Everything works ok using the web interface and the NC client.
But when it comes to accessing CalDAV etc, I configured device tokens ; because of TOTP client-incompatibility. Like said in the docs.
As far as I could understand it, using the username/token, an application can read/write my whole files. I couldn’t find an option to say (for example) « this token can only manage calendars ». And I can use the same token for iCal, iContacts and even rclone/webdav ; which should get various access rights.
If this is correct, I wonder if using « device token » lowers the security of the whole instance. If token are « harder » because they are 29 characters long, then I could simply use a single 29 chars long password for login the the Web UI and configure my third-party apps.
I must be missing something. Maybe there’s an option to configure specifics rights to App tokens?
Any thoughts?
Thank you.