---
title: Nextcloud OIDC
visible: false
media_order: authentik-create-provider.webp, authentik-create-application.webp
---

[toc]

https://blog.cubieserver.de/2022/complete-guide-to-nextcloud-oidc-authentication-with-authentik/

This guide will be using OIDC with the [user_oidc](https://github.com/nextcloud/user_oidc) plugin.

## Authentik

### Create provider

First, a new provider needs to be created. The setting can be found under `Applications > Providers`, click `Create`

In the first screen, select `OAuth2/OpenID Provider` and click `Next`

![Screenshot of the provider creation page with settings filled in](authentik-create-provider.webp)

- _Authorization flow_: default-provider-authorization-implicit-consent (Choosing explicit consent instead means the user has to approve every login)
- _Client type_: Confidential
- _Client ID_: The auto generated value is fine, copy it for use later.
- _Client Secret_: **WARNING** user_oidc currently only supports values up to 64 characters in length. Make sure to trim the value below that, or generate a new secret with less characters. `openssl rand -base64 60` [Issue on user_oidc GitHub](https://github.com/nextcloud/user_oidc/issues/405)
- _Redirect URIs/Origins_: https://{NEXTCLOUD URL}/apps/user_oidc/code
- _Advanced protocol settings > Subject mode_: Based on the User's username, this setting should be used to ensure Nextcloud’s federated cloud ID will have a human-readable value

### Create application

Now it is time to create the application.  
Go to `Applications > Applications` and click `Create`  
Set a name and choose the previously created provider under the `Provider` setting.  
Other settings can be left at their defaults.

![Screenshot of application creation dialog](authentik-create-application.webp)

## Nextcloud