Make it possible to create users and log in via Telegram, OAuth, or OpenID.

For OAuth, you must create an app with certain providers. Login buttons will appear on the login page if an app ID is specified. Settings are located in the "Social login" section of the settings page.

Log in to your Nextcloud installation as an administrator. Under "Apps", click "Download and enable" next to the "Social Login" app.

See below for setup and configuration instructions.

You can use groups from your custom provider. For this, specify the "Groups claim" in the custom OAuth2/OIDC provider settings. This claim should be returned from the provider in the id_token or at the user info endpoint. The format should be an array or a comma-separated string. E.g., (with a claim named roles):

{"roles": ["admin", "user"]}

or

{"roles": "admin,user"}

Nested claims are also supported. For example, resource_access.client-id.roles for:

"resource_access": {
   "client-id": {
     "roles": [
       "client-role-1",
       "client-role-2"
     ]
   }
}

DisplayName support is also available:

{"roles": [{"gid": 1, "displayName": "admin"}, {"gid": 2, "displayName": "user"}]}

You can use provider groups in two ways:

1. Map provider groups to existing Nextcloud groups.
2. Create provider groups in Nextcloud and associate them with users (if the appropriate option is enabled).

To sync groups on every login, ensure the "Update user profile every login" setting is checked.

• Configure WSO2IS to return a roles claim with OIDC here.
• GitLab OIDC configuration to allow specific GitLab groups.

Copy the link from a specific login button to get the correct "redirect URL" for OAuth app settings.

• Amazon
• Apple
• Codeberg
• Discord
• Facebook
• GitHub
• GitLab
• Google
• Keycloak
• Mail.ru
• PlexTv: Use any title as the app ID.
• Telegram
• Twitter

For details about Google's "Allow login only from specified domain" setting, see #44. Use a comma-separated list for multiple domains.

Add 'social_login_auto_redirect' => true to config.php to automatically redirect unauthorized users to social login if only one provider is configured. To temporarily disable this (e.g., for local admin login), add noredir=1 to the login URL: https://cloud.domain.com/login?noredir=1.

Configure HTTP client options using:

  'social_login_http_client' => [
    'timeout' => 45,
    'proxy' => 'socks4://127.0.0.1:9050', // See <https://curl.se/libcurl/c/CURLOPT_PROXY.html> for allowed formats
  ],

in config.php.

Use the occ utility to configure providers via the command line. Replace variables and URLs with your deployment values:

php occ config:app:set sociallogin custom_providers --value='{"custom_oidc": [{"name": "gitlab_oidc", "title": "Gitlab", "authorizeUrl": "https://gitlab.my-domain.org/oauth/authorize", "tokenUrl": "https://gitlab.my-domain.org/oauth/token", "userInfoUrl": "https://gitlab.my-domain.org/oauth/userinfo", "logoutUrl": "", "clientId": "$my_application_id", "clientSecret": "$my_super_secret_secret", "scope": "openid", "groupsClaim": "groups", "style": "gitlab", "defaultGroup": ""}]}'

For Docker, prepend docker exec -t -uwww-data CONTAINER_NAME to the command or run interactively via docker exec -it -uwww-data CONTAINER_NAME sh.

To inspect configurations:

mysql -u nextcloud -p nextcloud
Password: <yourpassword>

> SELECT * FROM oc_appconfig WHERE appid='sociallogin';

Or run:

docker exec -t -uwww-data CONTAINER_NAME php occ config:app:get sociallogin custom_providers

1. Create a Discord application at Discord Developer Portal.
2. Navigate to Settings > OAuth2 > General. Add a redirect URL: https://nextcloud.mydomain.com/apps/sociallogin/oauth/discord.
3. Copy the CLIENT ID and generate a CLIENT SECRET.
4. In Nextcloud, go to Settings > Social Login. Paste the CLIENT ID into "App id" and CLIENT SECRET into "Secret".
5. Select a default group for new users.
6. For group mapping, see #395.

Copy the link from a login button on the Nextcloud login page and use it as the callback URL on your provider's site. To make the button visible temporarily, fill provider settings with placeholder data and update later.

If you encounter callback URL errors despite correct settings, ensure your Nextcloud server generates HTTPS URLs by adding 'overwriteprotocol' => 'https' to config.php.