🚀 Feature: Manually set Client ID and Client Secret #438

New Issue

Closed

opened 2025-10-08 00:08:37 +03:00 by OVERLORD · 4 comments

OVERLORD commented 2025-10-08 00:08:37 +03:00

Owner

Copy Link

Originally created by @varialflip on GitHub.

Feature description

Editing the Client ID and Secret

Pitch

I'm currently trying to setup Pocket ID as my IDP for OwnCloud. However it requires a hard coded Client ID and Secret to use the mobile and desktop clients.

Originally created by @varialflip on GitHub. ### Feature description Editing the Client ID and Secret ### Pitch I'm currently trying to setup Pocket ID as my IDP for OwnCloud. However it requires a hard coded Client ID and Secret to use the mobile and desktop clients.

OVERLORD added the feature label 2025-10-08 00:08:37 +03:00

OVERLORD closed this issue 2025-10-08 00:08:38 +03:00

OVERLORD commented 2025-10-08 00:08:40 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Yeah the docs are indeed a bit confusing. As far as I understand you either have to use the hard-coded client ID and secret or hard-code the credentials provided by Pocket ID into the source code of the OwnCloud clients and rebuild the app:

The desktop and mobile apps (clients) have a default client ID and secret hard-coded, which are used for ownCloud’s oauth2 app. When using Kopano as IdP, it does not pre-define a client ID and secret. You can use the default ones of the client to configure Kopano properly. With some IdPs like MS-Azure, these and other required parameters come from the IdP and must be coded into the client. Note that each IdP has different requirements. Get in touch with ownCloud for a branding subscription to customize the clients according to your needs.

If you choose to use a hard-coded client secret, it inherently becomes insecure since the secret is no longer private. For this reason, I’ve decided not to implement the ability to set your own client ID and secret directly.

That said, if you still want to proceed with this insecure approach, you can manually update the client ID and secret in the database with the following commands:

cd path-to-pocket-id

docker compose exec pocket-id apk add sqlite
docker compose exec pocket-id sqlite3 backend/data/pocket-id.db "UPDATE oidc_clients SET id='owncloud-client-id', secret='owncloud-client-secret-bcrypt-hashed' WHERE id='current-client-id';"

Here’s how to replace the placeholders:

• Replace owncloud-client-id with the desired client ID.
• Replace owncloud-client-secret-bcrypt-hashed with the bcrypt-hashed version of the client secret you want to use. To generate this hash, visit https://bcrypt-generator.com/, input your client secret, and use the resulting hash.
• Replace current-client-id with the client ID of the existing client you want to update.

@stonith404 commented on GitHub: Yeah the docs are indeed a bit confusing. As far as I understand you either have to use the hard-coded client ID and secret or hard-code the credentials provided by Pocket ID into the source code of the OwnCloud clients and rebuild the app: > The desktop and mobile apps (clients) have a default client ID and secret hard-coded, which are used for ownCloud’s oauth2 app. When using Kopano as IdP, it does not pre-define a client ID and secret. You can use the default ones of the client to configure Kopano properly. With some IdPs like MS-Azure, these and other required parameters come from the IdP and must be coded into the client. Note that each IdP has different requirements. Get in touch with ownCloud for a branding subscription to customize the clients according to your needs. If you choose to use a hard-coded client secret, it inherently becomes insecure since the secret is no longer private. For this reason, I’ve decided not to implement the ability to set your own client ID and secret directly. That said, if you still want to proceed with this insecure approach, you can manually update the client ID and secret in the database with the following commands: ```bash cd path-to-pocket-id docker compose exec pocket-id apk add sqlite docker compose exec pocket-id sqlite3 backend/data/pocket-id.db "UPDATE oidc_clients SET id='owncloud-client-id', secret='owncloud-client-secret-bcrypt-hashed' WHERE id='current-client-id';" ``` Here’s how to replace the placeholders: - Replace `owncloud-client-id` with the desired client ID. - Replace `owncloud-client-secret-bcrypt-hashed` with the bcrypt-hashed version of the client secret you want to use. To generate this hash, visit https://bcrypt-generator.com/, input your client secret, and use the resulting hash. - Replace `current-client-id` with the client ID of the existing client you want to update.

OVERLORD commented 2025-10-08 00:08:40 +03:00

Author

Owner

Copy Link

@etho201 commented on GitHub:

Thank you @stonith404 for providing details on how to work around the issue. As I implemented this in my own setup, I documented the steps I took: https://github.com/etho201/docker-pi-stacks/blob/master/dev/pocket-id/owncloud.md

@etho201 commented on GitHub: Thank you @stonith404 for providing details on how to work around the issue. As I implemented this in my own setup, I documented the steps I took: https://github.com/etho201/docker-pi-stacks/blob/master/dev/pocket-id/owncloud.md

OVERLORD commented 2025-10-08 00:08:41 +03:00

Author

Owner

Copy Link

@varialflip commented on GitHub:

Owncloud docs have been hard for me to understand.
Here’s the relevant information:
https://doc.owncloud.com/server/next/admin_manual/configuration/user/oidc/oidc.html#client-ids-secrets-and-redirect-uris

This applies to Owncloud server (not ocis) but I believe the clients are the same.

@varialflip commented on GitHub: Owncloud docs have been hard for me to understand. Here’s the relevant information: https://doc.owncloud.com/server/next/admin_manual/configuration/user/oidc/oidc.html#client-ids-secrets-and-redirect-uris This applies to Owncloud server (not ocis) but I believe the clients are the same.

OVERLORD commented 2025-10-08 00:08:41 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Are you sure that you have to set the client ID and client secret manually? Can you share where you've read that?

@stonith404 commented on GitHub: Are you sure that you have to set the client ID and client secret manually? Can you share where you've read that?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

oidc-scopes

breaking/v2

i18n_crowdin

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#438