%PDF-
%PDF-
Mini Shell
Mini Shell
<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="../">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>OAuth2 — Nextcloud latest Administration Manual latest documentation</title>
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../_static/css/theme.css?v=19f00094" />
<link rel="stylesheet" type="text/css" href="../_static/copybutton.css?v=76b2166b" />
<link rel="stylesheet" type="text/css" href="../_static/dark_mode_css/general.css?v=c0a7eb24" />
<link rel="stylesheet" type="text/css" href="../_static/dark_mode_css/dark.css?v=70edf1c7" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
<!--[if lt IE 9]>
<script src="../_static/js/html5shiv.min.js"></script>
<![endif]-->
<script src="../_static/jquery.js?v=5d32c60e"></script>
<script src="../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../_static/documentation_options.js?v=c6e86fd7"></script>
<script src="../_static/doctools.js?v=888ff710"></script>
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../_static/clipboard.min.js?v=a7894cd8"></script>
<script src="../_static/copybutton.js?v=f281be69"></script>
<script src="../_static/dark_mode_js/default_light.js?v=c2e647ce"></script>
<script src="../_static/dark_mode_js/theme_switcher.js?v=358d3910"></script>
<script src="../_static/js/theme.js"></script>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="Reverse proxy" href="reverse_proxy_configuration.html" />
<link rel="prev" title="Logging" href="logging_configuration.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" >
<a href="../contents.html">
<img src="../_static/logo-white.png" class="logo" alt="Logo"/>
</a>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../index.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../release_notes/index.html">Release notes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../release_schedule.html">Maintenance and release schedule</a></li>
<li class="toctree-l1"><a class="reference internal" href="../installation/index.html">Installation and server configuration</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Nextcloud configuration</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="security_setup_warnings.html">Warnings on admin page</a></li>
<li class="toctree-l2"><a class="reference internal" href="occ_command.html">Using the occ command</a></li>
<li class="toctree-l2"><a class="reference internal" href="config_sample_php_parameters.html">Configuration Parameters</a></li>
<li class="toctree-l2"><a class="reference internal" href="activity_configuration.html">Activity app</a></li>
<li class="toctree-l2"><a class="reference internal" href="admin_delegation_configuration.html">Administration privileges (Delegation)</a></li>
<li class="toctree-l2"><a class="reference internal" href="antivirus_configuration.html">Antivirus scanner</a></li>
<li class="toctree-l2"><a class="reference internal" href="automatic_configuration.html">Automatic setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="background_jobs_configuration.html">Background jobs</a></li>
<li class="toctree-l2"><a class="reference internal" href="bruteforce_configuration.html">Brute force protection</a></li>
<li class="toctree-l2"><a class="reference internal" href="caching_configuration.html">Memory caching</a></li>
<li class="toctree-l2"><a class="reference internal" href="dashboard_configuration.html">Dashboard app</a></li>
<li class="toctree-l2"><a class="reference internal" href="domain_change.html">Domain Change</a></li>
<li class="toctree-l2"><a class="reference internal" href="email_configuration.html">Email</a></li>
<li class="toctree-l2"><a class="reference internal" href="external_sites.html">Linking external sites</a></li>
<li class="toctree-l2"><a class="reference internal" href="language_configuration.html">Language & Locale</a></li>
<li class="toctree-l2"><a class="reference internal" href="logging_configuration.html">Logging</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">OAuth2</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#add-an-oauth2-application">Add an OAuth2 Application</a></li>
<li class="toctree-l3"><a class="reference internal" href="#the-access-token">The access token</a></li>
<li class="toctree-l3"><a class="reference internal" href="#security-considerations">Security considerations</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="reverse_proxy_configuration.html">Reverse proxy</a></li>
<li class="toctree-l2"><a class="reference internal" href="text_configuration.html">Text app</a></li>
<li class="toctree-l2"><a class="reference internal" href="theming.html">Theming</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../apps_management.html">Apps management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_user/index.html">User management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_files/index.html">File sharing and management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../file_workflows/index.html">Flow</a></li>
<li class="toctree-l1"><a class="reference internal" href="../groupware/index.html">Groupware</a></li>
<li class="toctree-l1"><a class="reference internal" href="../office/index.html">Office</a></li>
<li class="toctree-l1"><a class="reference internal" href="../reference/index.html">Reference management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../ai/index.html">Artificial Intelligence</a></li>
<li class="toctree-l1"><a class="reference internal" href="../webhook_listeners/index.html">Webhook Listeners</a></li>
<li class="toctree-l1"><a class="reference internal" href="../windmill_workflows/index.html">Windmill Workflows</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_database/index.html">Database configuration</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_mimetypes/index.html">Mimetypes management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../maintenance/index.html">Maintenance</a></li>
<li class="toctree-l1"><a class="reference internal" href="../issues/index.html">Issues and troubleshooting</a></li>
<li class="toctree-l1"><a class="reference internal" href="../gdpr/index.html">GDPR-compliance</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../contents.html">Nextcloud latest Administration Manual</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content style-external-links">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../contents.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item"><a href="index.html">Nextcloud configuration</a></li>
<li class="breadcrumb-item active">OAuth2</li>
<li class="wy-breadcrumbs-aside">
<a href="https://github.com/nextcloud/documentation/edit/master/admin_manual/configuration_server/oauth2.rst" class="fa fa-github"> Edit on GitHub</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<section id="oauth2">
<h1>OAuth2<a class="headerlink" href="#oauth2" title="Link to this heading"></a></h1>
<p>Nextcloud allows connecting external services (for example Moodle) to your Nextcloud.
This is done via <code class="docutils literal notranslate"><span class="pre">OAuth2</span></code>. See <a class="reference external" href="https://tools.ietf.org/html/rfc6749">RFC6749</a> for the
OAuth2 specification.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Nextcloud does only support confidential clients.</p>
</div>
<section id="add-an-oauth2-application">
<h2>Add an OAuth2 Application<a class="headerlink" href="#add-an-oauth2-application" title="Link to this heading"></a></h2>
<p>Head over to your Administrator Security Settings. Here you can add a new <code class="docutils literal notranslate"><span class="pre">OAuth2</span></code> client.</p>
<figure class="align-default">
<img alt="../_images/oauth2-settings.png" src="../_images/oauth2-settings.png" />
</figure>
<p>Enter the name of your application and provide a redirection url.
You should now have a Client Identifier and Secret. Enter those into your <code class="docutils literal notranslate"><span class="pre">OAuth2</span></code> client.</p>
<p>Please provide the OAuth2 application the following details:</p>
<ul class="simple">
<li><p>Authorization endpoint: <code class="docutils literal notranslate"><span class="pre">https://cloud.example.org/apps/oauth2/authorize</span></code></p></li>
<li><p>Token endpoint: <code class="docutils literal notranslate"><span class="pre">https://cloud.example.org/apps/oauth2/api/v1/token</span></code></p></li>
</ul>
<p>Note that you must include <code class="docutils literal notranslate"><span class="pre">index.php</span></code> if pretty URL is not configured - i.e. <code class="docutils literal notranslate"><span class="pre">https://cloud.example.org/index.php/apps/oauth2/api/v1/token</span></code>.</p>
</section>
<section id="the-access-token">
<h2>The access token<a class="headerlink" href="#the-access-token" title="Link to this heading"></a></h2>
<p>The access token obtained is a so called Bearer token. Which means that for request to the
Nextcloud server you will have to send the proper authorization header.</p>
<p>Authorization: Bearer <TOKEN></p>
<p>Note that apache by default strips this. Make sure you have <code class="docutils literal notranslate"><span class="pre">mod_headers</span></code>, <code class="docutils literal notranslate"><span class="pre">mod_rewrite</span></code> and <code class="docutils literal notranslate"><span class="pre">mod_env</span></code> enabled.</p>
</section>
<section id="security-considerations">
<h2>Security considerations<a class="headerlink" href="#security-considerations" title="Link to this heading"></a></h2>
<p>Nextcloud <code class="docutils literal notranslate"><span class="pre">OAuth2</span></code> implementation currently does not support scoped access. This means that every token has full access to the complete account including read and write permission to the stored files. It is essential to store the <code class="docutils literal notranslate"><span class="pre">OAuth2</span></code> tokens in a safe way!</p>
<p>Without scopes and restrictable access it is not recommended to use a Nextcloud instance as a user authentication service.</p>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="logging_configuration.html" class="btn btn-neutral float-left" title="Logging" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="reverse_proxy_configuration.html" class="btn btn-neutral float-right" title="Reverse proxy" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>© Copyright 2024 Nextcloud GmbH.</p>
</div>
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" data-toggle="rst-versions" role="note" aria-label="Versions">
<span class="rst-current-version" data-toggle="rst-current-version">
<span class="fa fa-book"> Read the Docs</span>
v: latest
<span class="fa fa-caret-down"></span>
</span>
<div class="rst-other-versions">
<dl>
<dt>Versions</dt>
<dd><a href="https://docs.nextcloud.com/server/28/admin_manual">28</a></dd>
<dd><a href="https://docs.nextcloud.com/server/29/admin_manual">29</a></dd>
<dd><a href="https://docs.nextcloud.com/server/stable/admin_manual">stable</a></dd>
<dd><a href="https://docs.nextcloud.com/server/latest/admin_manual">latest</a></dd>
</dl>
<dl>
<dt>Downloads</dt>
</dl>
<dl>
<dt>On Read the Docs</dt>
<dd>
<a href="///projects//?fromdocs=">Project Home</a>
</dd>
<dd>
<a href="///builds//?fromdocs=">Builds</a>
</dd>
</dl>
</div>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Zerion Mini Shell 1.0