Nextcloud OpenID Connect Provider App - 1.8.0
This is the an OIDC App for Nextcloud. This application allows to use your Nextcloud Login at other services supporting OpenID Connect.
Provided features:
- Support for OpenID Connect Code (response_type = code) and Implicit (response_type = id_token) Flow - Implicit Flow must be activated per client.
- Configuration of accepted client for whom JWT Tokens are provided. Public and confidential types are supported.
- Creation of JWT Token with claims based on requested scope. (Currently supported scopes openid, profile, email, roles and groups)
- Supported signing algorithms RS256 (default) and HS256
- Group memberships are passed as roles in JWT token.
- Support multiple Redirect URIs per client
- Limit access for a client to specific user groups
- Support for RFC9068 JWT Access Tokens (must be activated per client)
- Discovery & WebFinger endpoint provided
- Logout endpoint supports partial RP-Initated logout (support for id_token_hint, client_id and post_logout_redirect_uri attributes)
- Dynamic Client Registration - Disabled by default
- Administration of clients via CLI
- Access Token generation and validation via events
Changes:
- Rework of admin settings - Settings are now in own section
- Added possibility to limit scopes per client
- Added possibility to define regex for selection of mail used within id token and userinfo endpoint
- Restrict information passed in ID token and provided at userinfo endpoint
- Allow users to restrict the provided information to external services on their own
- Updated dependencies
- Updated translations
Full documentation can be found at: