Nextcloud Oauth 2 Login

#1

I'm trying to log into my Node-red instance using Nextcloud 14's new Oath2 implementation. I get through the login with nextcloud and get re-directed to the callback url
https://example.tld/node-red/auth/strategy/callback?state=&code=################################################################################################################################ but then I just get re-directed back to the node-red login screen

Nginx settings for node-red

  #############
  # Node-Red  #
  #############
  location ^~ /node-red/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://127.0.0.1:1880/node-red/;
  }

my settings.js based off the http://www.passportjs.org/packages/passport-oauth2/#usage example

  adminAuth: {
        type:"strategy",
        strategy: {
            name: "oauth2",
            label: 'Sign in with nextcloud',
            icon:"fa-cloud",
            strategy: require("passport-oauth2").Strategy,
            options: {
              authorizationURL: "https://example.tld/apps/oauth2/authorize",
              tokenURL: "https://example.tld/apps/oauth2/api/v1/token",
              clientID: "#####################################################################",
              clientSecret: "#####################################################################",
              callbackURL: "https://example.tld/node-red/auth/strategy/callback",
              proxy: true
            },
            verify: function(accessToken, refreshToken, profile, done) {
                done(null, profile);
            }
       },
       users: [{
            username: "dugite.code",
            permissions: ["*"]
        }]
    },

Looking at this guy's gitlab login example it should all be possible:
https://www.claudiuscoenen.de/2018/10/oauth2-with-nextcloud-provider-and-gitlab-client/

There is a user information url available but passport didn't call for it.
"user_info_url" : "/ocs/v2.php/cloud/user?format=json"

I'm probably missing somethings simple

#2

That is where the OAuth process sends you once you are authenticated. So it needs to point at Node-RED. If you are on a local network, it might be something like:

https://192.168.1.20:1880/auth/strategy/callback

or whatever your normal URL is.

I am not sure, however, whether the path is influenced by other settings. For example, my admin interface tends to be on /red. The docs imply that it is impacted. So, for me, it might be something like:

https://192.168.1.20/red/auth/strategy/callback

Once you get it sorted, it might be handy for others if you were to submit a PR against the docs to clarify things.

#3

I'm not sure I understand what your saying?
"https://example.tld/node-red/auth/strategy/callback" is pointing to my node-red instance

#4

I added my nginx config as that might be one of the issues

I also added proxy: true to the options field as suggested here

#5

Ok so Reading here it looks like I do need to call "/ocs/v2.php/cloud/user?format=json" url somehow in order to actually get the username for the profile object.

Don't know how to do that yet

#6

One issue I've had when doing something similar for dokuwiki is the empty state nextcloud issues Don't know if this will trip me up.

As Gitlab oauth2 is similar to nextcloud I'm looking at this to see if it will provide any hints