coop-cloud/nextcloud
10
5
Fork 10
Code Issues 16 Pull Requests 9 Releases Wiki Activity

improve keycloak integration #62

New Issue
Open
opened 2026-03-06 23:03:56 +00:00 by oxaliq · 4 comments
oxaliq commented 2026-03-06 23:03:56 +00:00
Contributor
Copy Link

i'd like to make keycloak integration more idiomatic (akin to integrating authentik as the OIDC provider.)

nextcloud maintains user_oidc app and recommends it as the default OIDC integration.

documentation for coop cloud's nextcloud recipe recommends oidc_login and configuration of nextcloud's config.php file. This is high touch, requiring changes made to the running container or maintaining the file in a local fork of the recipe and mounting the file as an EXTRA_VOLUME.

as a more idiomatic approach, a compose.keycloak.yml configuration could be used, in conjunction with changes to the keycloak recipe, to configure the integration via abra app config $DOMAIN and abra app secret generate ...

i'd love to take on this task based on what our coop has learned from deploying AIO nextcloud with ansible, but am proposing here first.

i'd like to make keycloak integration more idiomatic (akin to integrating authentik as the OIDC provider.) nextcloud maintains [user_oidc app](https://github.com/nextcloud/user_oidc) and recommends it as the default OIDC integration. documentation for coop cloud's nextcloud recipe recommends [oidc_login](https://github.com/pulsejet/nextcloud-oidc-login) and configuration of nextcloud's `config.php` file. This is high touch, requiring changes made to the running container or maintaining the file in a local fork of the recipe and mounting the file as an EXTRA_VOLUME. as a more idiomatic approach, a `compose.keycloak.yml` configuration could be used, in conjunction with changes to the keycloak recipe, to configure the integration via `abra app config $DOMAIN` and `abra app secret generate ...` i'd love to take on this task based on what our coop has learned from deploying AIO nextcloud with ansible, but am proposing here first.
❤️ 2
decentral1se commented 2026-03-07 15:39:30 +00:00
Owner
Copy Link

Hell yeh @oxaliq, would love to see the PR!

Hell yeh @oxaliq, would love to see the PR!
👍 1 🎉 1
dannygroenewegen commented 2026-03-09 10:56:52 +00:00
Member
Copy Link

@oxaliq Great! I also wanted to build this, but haven't had time yet. I was thinking, it should be possible to make this independent of Keycloak, right? Create a compose.user_oidc.yml to configure any OIDC provider? So this can also be used with e.g. Rauthy, not just Keycloak.

@oxaliq Great! I also wanted to build this, but haven't had time yet. I was thinking, it should be possible to make this independent of Keycloak, right? Create a compose.user_oidc.yml to configure any OIDC provider? So this can also be used with e.g. Rauthy, not just Keycloak.
👍 1 ❤️ 3
oxaliq commented 2026-03-11 20:06:37 +00:00
Author
Contributor
Copy Link

hey! i have a PR i'd like to open (incorporating @dannygroenewegen 's suggestion to focus on the Nextcloud app rather than the OIDC provider.)
I don't seem to have permissions to push to a new branch in this repo, though.

remote: 
remote: error:
remote: error: User permission denied for writing.
remote: error:
To ssh://git.coopcloud.tech:2222/coop-cloud/nextcloud.git
 ! [remote rejected] user_oidc_setup -> user_oidc_setup (pre-receive hook declined)
error: failed to push some refs to 'ssh://git.coopcloud.tech:2222/coop-cloud/nextcloud.git'
hey! i have a PR i'd like to open (incorporating @dannygroenewegen 's suggestion to focus on the Nextcloud app rather than the OIDC provider.) I don't seem to have permissions to push to a new branch in this repo, though. ``` remote: remote: error: remote: error: User permission denied for writing. remote: error: To ssh://git.coopcloud.tech:2222/coop-cloud/nextcloud.git ! [remote rejected] user_oidc_setup -> user_oidc_setup (pre-receive hook declined) error: failed to push some refs to 'ssh://git.coopcloud.tech:2222/coop-cloud/nextcloud.git' ```
👍 1
dannygroenewegen commented 2026-03-12 07:50:08 +00:00
Member
Copy Link

@oxaliq You can create a fork of the nextcloud repo, push the branch there, and use that for a PR.

@oxaliq You can create a fork of the nextcloud repo, push the branch there, and use that for a PR.
👍 2
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something is not working
documentation
For issues that are calling out documentation gap
duplicate
This issue or pull request already exists
enhancement
New feature
help wanted
Need some help
invalid
Something is wrong
question
More information is needed
wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud cyrnel decentral1se devydave fauno flancian Frando iexos jade javielico jjsfunhouse jmakdah2 joe-irving kawaiipunk knoflook kolaente lambdabundesverband linnealovespie marlon mayel mirsal moosemower moritz nicksellen notplants p4u1 pau pharaohgraphy PhiNatalie renovate-bot ripclap rix rscmbbng sef simon sixsmith stevensting tobias trav val vaznasty virtualboys wolcen wykwit xynosis yksflip
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/nextcloud#62
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?