starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-05 00:39:38 +03:00
Code Issues 61 Packages Projects Releases 10 Wiki Activity

🚀 Feature: OIDC with Nextcloud #36

New Issue
Closed
opened 2026-02-04 16:50:58 +03:00 by OVERLORD · 4 comments
OVERLORD commented 2026-02-04 16:50:58 +03:00
Owner
Copy Link

Originally created by @breitero on GitHub (Oct 15, 2024).

Feature description

Tutorial for OIDC with Nextcloud

Pitch

I wrote stonith404 for help with OIDC-Login in Nextcloud.
Here is what I got so you can also use this as tutorial.

Nextcloud: Install the app https://apps.nextcloud.com/apps/oidc_login and edit the config.php where you add the following lines:

  'allow_user_to_change_display_name' => false,
  'lost_password_link' => 'disabled',
  'oidc_login_provider_url' => 'https://pocket-id',
  'oidc_login_client_id' => '<your_client_id>',
  'oidc_login_client_secret' => '<your_secret>',
  'oidc_login_auto_redirect' => true,
  'oidc_login_button_text' => 'Log in with Pocket ID',
  'oidc_login_hide_password_form' => false,
  'oidc_login_use_id_token' => true,
  'oidc_login_disable_registration' => true,
  'oidc_login_scope' => 'openid profile email',
  'oidc_login_attributes' => 
  array (
    'id' => 'preferred_username',
    'name' => 'name',
    'mail' => 'email',
  ),

Pocket-ID:
The Callback-URL which you use in Pocket-ID is: https://nextcloud/apps/oidc_login/oidc

Originally created by @breitero on GitHub (Oct 15, 2024). ### Feature description Tutorial for OIDC with Nextcloud ### Pitch I wrote stonith404 for help with OIDC-Login in Nextcloud. Here is what I got so you can also use this as tutorial. Nextcloud: Install the app https://apps.nextcloud.com/apps/oidc_login and edit the config.php where you add the following lines: ``` 'allow_user_to_change_display_name' => false, 'lost_password_link' => 'disabled', 'oidc_login_provider_url' => 'https://pocket-id', 'oidc_login_client_id' => '<your_client_id>', 'oidc_login_client_secret' => '<your_secret>', 'oidc_login_auto_redirect' => true, 'oidc_login_button_text' => 'Log in with Pocket ID', 'oidc_login_hide_password_form' => false, 'oidc_login_use_id_token' => true, 'oidc_login_disable_registration' => true, 'oidc_login_scope' => 'openid profile email', 'oidc_login_attributes' => array ( 'id' => 'preferred_username', 'name' => 'name', 'mail' => 'email', ), ``` Pocket-ID: The Callback-URL which you use in Pocket-ID is: https://nextcloud/apps/oidc_login/oidc
OVERLORD added the feature label 2026-02-04 16:50:58 +03:00
OVERLORD commented 2026-02-04 16:51:09 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub (Oct 15, 2024):

Thanks for sharing :)

@stonith404 commented on GitHub (Oct 15, 2024): Thanks for sharing :)
OVERLORD commented 2026-02-04 16:51:14 +03:00
Author
Owner
Copy Link

@tarunkumar519 commented on GitHub (Feb 2, 2025):

Hi, using the above flow, pocket-id keeps creating new users but does not link to old users with same username or Email. If i use 'oidc_login_disable_registration' => true, it won't create a new user but fails auth entirely. I already have users in nextcloud with their own usernames and Email, how do i link to these with same pocket-id emails? (linking to pocket-id usernames is also fine)

@tarunkumar519 commented on GitHub (Feb 2, 2025): Hi, using the above flow, pocket-id keeps creating new users but does not link to old users with same username or Email. If i use 'oidc_login_disable_registration' => true, it won't create a new user but fails auth entirely. I already have users in nextcloud with their own usernames and Email, how do i link to these with same pocket-id emails? (linking to pocket-id usernames is also fine)
OVERLORD commented 2026-02-04 16:51:23 +03:00
Author
Owner
Copy Link

@EweSparky commented on GitHub (Feb 2, 2025):

@tarunkumar519 I used user_oidc and configured it as such:

Pocket ID:

Nextcloud:

  • Set the identifier, client ID, and client secret from Pocket ID.
  • Discovery endpoint: https://pocketid.example.com/.well-known/openid-configuration
  • Scope: openid email profile
  • Extra claims: username
  • I de-checked all other settings except "Use group provisioning" and "Check Bearer token on API and WebDAV requests"

Edit your config.php file:

'user_oidc' => [
	'auto_provision' => true, // default: true
	'soft_auto_provision' => true, // default: true
	'disable_account_creation' => true, // default: false
],
@EweSparky commented on GitHub (Feb 2, 2025): @tarunkumar519 I used [user_oidc](https://apps.nextcloud.com/apps/user_oidc) and configured it as such: **Pocket ID:** - Callback URL: https://nextcloud.example.com/apps/user_oidc/code - Unselect `PKCE`; apparently `user_oidc` supports it but I keep getting an error with it - Add an extra claim to each user of `username` and their Nextcloud username **Nextcloud:** - Set the identifier, client ID, and client secret from Pocket ID. - Discovery endpoint: https://pocketid.example.com/.well-known/openid-configuration - Scope: openid email profile - Extra claims: username - I de-checked all other settings except "Use group provisioning" and "Check Bearer token on API and WebDAV requests" Edit your `config.php` file: ```php 'user_oidc' => [ 'auto_provision' => true, // default: true 'soft_auto_provision' => true, // default: true 'disable_account_creation' => true, // default: false ], ```
OVERLORD commented 2026-02-04 16:51:24 +03:00
Author
Owner
Copy Link

@tarunkumar519 commented on GitHub (Feb 2, 2025):

Hi @EweSparky thanks for sharing but for some reason it says 'Failed to provision user when i try to login with your inputs.
What am i doing wrong? Here's my config where I feel there might be a mistake

image
In above picture, 'admin' is the nextcloud username for user 'tarun' in pocked-id

Below is nextcloud config, I don't know if all of this is required


'oidc_login_use_id_token' => true,
'oidc_login_disable_registration' => true,
'oidc_login_attributes' =>
array (
'id' => 'preferred_username',
'name' => 'name',
'mail' => 'email',
),
'user_oidc' => [
'auto_provision' => true, // default: true
'soft_auto_provision' => true, // default: true
'disable_account_creation' => true, // default: false
],
@tarunkumar519 commented on GitHub (Feb 2, 2025): Hi @EweSparky thanks for sharing but for some reason it says 'Failed to provision user when i try to login with your inputs. What am i doing wrong? Here's my config where I feel there might be a mistake ![image](https://github.com/user-attachments/assets/906487d4-22ab-49e8-88bf-070d711abb44) In above picture, 'admin' is the nextcloud username for user 'tarun' in pocked-id Below is nextcloud config, I don't know if all of this is required ``` 'oidc_login_use_id_token' => true, ��'oidc_login_disable_registration' => true, ��'oidc_login_attributes' => ��array ( ����'id' => 'preferred_username', ����'name' => 'name', ����'mail' => 'email', ��), 'user_oidc' => [ ��������'auto_provision' => true, // default: true ��������'soft_auto_provision' => true, // default: true ��������'disable_account_creation' => true, // default: false ], ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
bug
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#36
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?