Implemented Nextcloud OAuth2 Hack

Fixed: OAuth2 authentication via Nextcloud(tested Nextcloud 17.0.2-18.0.0) Todo: actually use the profile data: Fullname and Email in Profile
2025-04-23 13:37:09 -04:00 · 2020-01-22 22:28:03 +01:00 · 2020-01-22 22:28:03 +01:00 · 7bba07ccbf
commit 7bba07ccbf
parent 70f5326099
2 changed files with 26 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -342,6 +342,31 @@ services:
      # Tthe claim name you want to map to the email field:
      #- OAUTH2_EMAIL_MAP=email
      #-----------------------------------------------------------------
+      # ==== OAUTH2 Nextcloud ====
+      # 1) Register the application with Nextcloud: https://your.nextcloud/settings/admin/security
+      #    Make sure you capture the application ID as well as generate a secret key.
+      # 2) Configure the environment variables. This differs slightly
+      #     by installation type, but make sure you have the following:
+      #- OAUTH2_ENABLED=true
+      # OAuth2 login style: popup or redirect.
+      #- OAUTH2_LOGIN_STYLE=redirect
+      # Application GUID captured during app registration:
+      #- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
+      # Secret key generated during app registration:
+      #- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+      #- OAUTH2_SERVER_URL=https://your-nextcloud.tld
+      #- OAUTH2_AUTH_ENDPOINT=/index.php/apps/oauth2/authorize
+      #- OAUTH2_USERINFO_ENDPOINT=/ocs/v2.php/cloud/user?format=json
+      #- OAUTH2_TOKEN_ENDPOINT=/index.php/apps/oauth2/api/v1/token
+      # The claim name you want to map to the unique ID field:
+      #- OAUTH2_ID_MAP=id
+      # The claim name you want to map to the username field:
+      #- OAUTH2_USERNAME_MAP=id
+      # The claim name you want to map to the full name field:
+      #- OAUTH2_FULLNAME_MAP=display-name
+      # Tthe claim name you want to map to the email field:
+      #- OAUTH2_EMAIL_MAP=email
+      #-----------------------------------------------------------------
      # ==== OAUTH2 KEYCLOAK ====
      # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
      #- OAUTH2_ENABLED=true
--- a/packages/wekan-oidc/oidc_server.js
+++ b/packages/wekan-oidc/oidc_server.js
@ -10,6 +10,7 @@ OAuth.registerService('oidc', 2, null, function (query) {
  var expiresAt = (+new Date) + (1000 * parseInt(token.expires_in, 10));

  var userinfo = getUserInfo(accessToken);
+  if (userinfo.ocs) userinfo = userinfo.ocs.data; // Nextcloud hack
  if (debug) console.log('XXX: userinfo:', userinfo);

  var serviceData = {};