40 lines
1.8 KiB
Markdown
40 lines
1.8 KiB
Markdown
---
|
||
title: Nextcloud OIDC
|
||
visible: false
|
||
media_order: authentik-create-provider.webp, authentik-create-application.webp
|
||
---
|
||
|
||
[toc]
|
||
|
||
https://blog.cubieserver.de/2022/complete-guide-to-nextcloud-oidc-authentication-with-authentik/
|
||
|
||
This guide will be using OIDC with the [user_oidc](https://github.com/nextcloud/user_oidc) plugin.
|
||
|
||
## Authentik
|
||
|
||
### Create provider
|
||
|
||
First, a new provider needs to be created. The setting can be found under `Applications > Providers`, click `Create`
|
||
|
||
In the first screen, select `OAuth2/OpenID Provider` and click `Next`
|
||
|
||
![Screenshot of the provider creation page with settings filled in](authentik-create-provider.webp)
|
||
|
||
- _Authorization flow_: default-provider-authorization-implicit-consent (Choosing explicit consent instead means the user has to approve every login)
|
||
- _Client type_: Confidential
|
||
- _Client ID_: The auto generated value is fine, copy it for use later.
|
||
- _Client Secret_: **WARNING** user_oidc currently only supports values up to 64 characters in length. Make sure to trim the value below that, or generate a new secret with less characters. `openssl rand -base64 60` [Issue on user_oidc GitHub](https://github.com/nextcloud/user_oidc/issues/405)
|
||
- _Redirect URIs/Origins_: https://{NEXTCLOUD URL}/apps/user_oidc/code
|
||
- _Advanced protocol settings > Subject mode_: Based on the User's username, this setting should be used to ensure Nextcloud’s federated cloud ID will have a human-readable value
|
||
|
||
### Create application
|
||
|
||
Now it is time to create the application.
|
||
Go to `Applications > Applications` and click `Create`
|
||
Set a name and choose the previously created provider under the `Provider` setting.
|
||
Other settings can be left at their defaults.
|
||
|
||
![Screenshot of application creation dialog](authentik-create-application.webp)
|
||
|
||
## Nextcloud
|