Skip to content

SUNET/nextcloud-integration_oidc

BranchesTags

Repository files navigation

integration_oidc

This app provides a generic integration engine for OIDC providers. It provides a way to connect any oidc account to Nextcloud.

It works by running the oidc auth flow for a user, including getting consent, against any oidc provider and collects a refersh token that is used to periodically refesh access tokens allowing other apps to use them for integration, such as email sync, calendar sync or anything else.

NOTE: To be able to use this app, you need to be able to get tokens from a database table and use it for something sensible, most likely from another app. This is not the app you want if you are looking to login to Nextcloud using a OIDC Provider, or use Nextcloud as a OIDC provider for something else.

Configuration

For configuring an oidc provider for gmail, this is a sensible start:

name: Google
auth_endpoint: https://accounts.google.com/o/oauth2/v2/auth
client_id: <Client ID from https://console.cloud.google.com/apis/credentials>
client_secret: <Client Secret from https://console.cloud.google.com/apis/credentials>
scope: https://mail.google.com/ openid profile email
revoke_endpoint: https://oauth2.googleapis.com/revoke
token_endpoint: https://oauth2.googleapis.com/token
user_endpoint: https://accounts.google.com/o/oauth2/v2/user

And for M365, you need to add the following:

name: Microsoft
auth_endpoint: https://login.microsoftonline.com/beb73af0-54c3-4c95-886a-3e6de3a76471/oauth2/v2.0/authorize
client_id: <Client ID from https://microsoft.com/>
client_secret: <Client Secret from https://microsoft.com/>
scope: https://outlook.office365.com/IMAP.AccessAsUser.All openid email profile offline_access Mail.ReadWrite Contacts.ReadWrite Calendars.ReadWrite
revoke_endpoint: https://login.microsoftonline.com/<Tenant from https://microsoft.com >/oauth2/v2.0/logout
token_endpoint: https://login.microsoftonline.com/<Tenant from https://microsoft.com >/oauth2/v2.0/token
user_endpoint: https://graph.microsoft.com/oidc/userinfo
include_granted_scopes: 
prompt: 
response_mode: form_post
response_type: code
tenant: <Tenant from https://microsoft.com/>

Note: scope is a space separated list and you need openid and profile to get user info at all, and email if you want the users email.

About

No description, website, or topics provided.

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

1 star

Watchers

7 watching

Forks

0 forks
Report repository

Releases 5

v0.1.6 Latest
Sep 24, 2025
+ 4 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages