Unable to use with Nextcloud SSO
MTRNord opened this issue · 17 comments
Hi I try to use the Nextcloud Android SSO in my android app but get the following error when doing a UploadFileRemoteOpreation
:
E/HttpMethodDirector: Credentials cannot be used for basic authentication: com.owncloud.android.lib.common.network.BearerCredentials
org.apache.commons.httpclient.auth.InvalidCredentialsException: Credentials cannot be used for basic authentication: com.owncloud.android.lib.common.network.BearerCredentials
Is the token from the Nextcloud Android SSO not a Bearer Token or am I doing something wrong? I am kind of confused
GitMate.io thinks possibly related issues are #197 (Nextcloud 15), #54 (Support Nextcloud notifications), and #133 (Java API for NextCloud?).
(Ps the sso I am referring to is this: https://github.com/nextcloud/Android-SingleSignOn )
Please have a look into the Readme, especially 4.2.
You should not need to handle token manually.
Token is to validate the connection between your app and files app.
OK so I either use the retrofit way or 4.2 instead of this lib?
No, 4.2 is using SSO and this library, but without Retrofit.
Nextcloud files app: needed for account and network handling
SSO: connector between any network call and files app: every network call will be executed on behalf of Nextcloud files app (and the selected account)
Nextcloud android library: functions to support any operation on the server (e.g. create folder, …)
I am also completely confused and get the same exception as the original poster @MTRNord .
We have a branded Nextcloud app, which is calling my app and passing directly the auth-token.
I thought that it would be possible to use this as authorization like this:
mClient = OwnCloudClientFactory.createOwnCloudClient(serverUri, context, true);
mClient.setCredentials(OwnCloudCredentialsFactory.newBearerCredentials(token));
But it obviously does not work. For some operations I get library crashes because it explicitly expects a OwnCloudBasicCredentials
, see GetRemoteUserInformation.java:111:
OwnCloudBasicCredentials credentials = (OwnCloudBasicCredentials) client.getCredentials();
At other places, I get the above exception, which looks to me like the http library tries to do basic authentication with the token.
Is there any way I can pass an auth token directly to this library?
In case this does not work and I have to use the SSO library, can I at least use that together with this library? I assume that I have to use a OwnCloudSamlSsoCredentials(username, sessionCookie)
for authentication in that case, but where do I get the sessionCookie from?
PS: yes, I read all the documentation I could find for both libraries, but I don't understand how it should work, or even whether it should work ...
@stefan-niedermann @desperateCoder maybe you can helpp here?
@tobiasKaminsky I have no clue. We use SSO with retrofit only for now. Retrofit itself is afaik not the way-to-go when it comes to files. We use the documented standard configuration of SSO, so we don't have had any experiences at this point. Maybe @David-Development can tell us more?
I re-read it again.
passing directly the auth-token.
Whole purpose of SSO library is to not have to deal with auth token / Client / etc.
Can you describe how you integrated SSO and for what exactly do you want to use it?
@MTRNord @farindk Maybe you guys can explain a little more in depth what you're trying to achieve and what you've tried yet?
If you use the new sso library, you don't need to interact with the android-library
project at all. Please make sure to read the introduction -> the sso library is for 3rd party apps, that want to access nextcloud (files / apis / etc.) but don't want to handle authentication / proxies / etc. themself.
As for wether you have to use retrofit: No, you don't need to use retrofit. If your app doesn't use retrofit yet and you don't want to use it, you can write the requests by yourself (Check the docs -> chapter 4.2 https://github.com/nextcloud/Android-SingleSignOn)
If you decide to use retrofit, it can make things easier as you don't have to write request objects yourself (Chapter 4.1). The point here is, that you can simply define the endpoints you want to access and the sso library creates the required request for you.
Hopefully that makes things a little clearer. Let me know if you have further questions!
I wanted to use the android-library
because I do not want to hand-craft low-level WebDAV, and I wanted to use the sso library
because we also want to offer other authorization schemes apart from username/password. From what I understand now, these two libraries do not work together and I can either use android-library
with a nice API, but limited authentication, or sso
and write my own WebDAV implementation (yes, exaggerated).
I just expected that both would work together...
@David-Development do you have an idea for this?
Sorry for the delay on this. I think this is somewhat related to this report: nextcloud/Android-SingleSignOn#41
While I agree that it would be great to have support for using the sso library together with the android-library I don't have any time to look into it right now. So I can't decide how complicated such an integration would be.
@tobiasKaminsky Do you have any idea if it would be possible to use a different "network" layer? Or is it tightly coupled with the Apache HTTP Library?
@tobiasKaminsky Do you have any idea if it would be possible to use a different "network" layer? Or is it tightly coupled with the Apache HTTP Library?
Currently we are tightly coupled with apache library, but plan is to move sooner or later to davx5 library.
I am having a bit problems to get this in my mind/how this should work:
- 3rd party app starts webdav request (e.g. CreateFolderRemoteOperation (from NC lib)
- this is passed through SSO
But CreateFolderRemoteOperation is doing a bit more than "only" one DAV/network call.
Also it returns RemoteOperationResult instead of HTTP code.
So I guess we would need to have a complete new "endpoint" to not only accept http calls, but also our on RemoteOperation calls.
Do you agree, David?
@David-Development your opinion please? :-)
@tobiasKaminsky sorry for the delay!
As of right now we support GET/POST/PUT/DELETE/PROPFIND/MKCOL. (As seen here: https://github.com/nextcloud/android/blob/master/src/main/java/com/nextcloud/android/sso/InputStreamBinder.java#L230)
I think if we want to add support for other WebDAV Methods, we would have to implement them. I'm not sure about the transition to DAVx5. Are there any docs out yet? On how it will be integrated? Another question is, what kind of operations do we want/need to support? And is the current nextcloud sso api flexible enough to handle such requests?
As far as I can see, the WebDAV requests such as
MkColMethod
request. So I guess we could provide some kind of abstraction or just let the devs handle the requests itself. But that means that the devs need to handle all the logic stuff for webdav... What do you think?If we provide some abstraction layer, it would also be possible that you guys can use this api in the nextcloud files app as well..?
uh oh.
This is indeed more complicate than I thought.
Regarding davx5, I will come up soon with a plan, which we can discuss.
For now I would like to postpone this to conf.