Make possible create users and login via Telegram, OAuth or OpenID

For OAuth you must create app for certain providers. Login button appear at login page if app id specified. Settings are in "Social login" section of settings page.

Login to your NextCloud installation as an administrator and under "Apps" click "Download and enable" next to the "Social Login" app.

See below for setup and configuration instructions.

You can use groups from your custom provider. For that you should specify "Groups claim" in custom OAuth2/OIDC provider settings. That claim should be returned from provider in id_token or at user info endpoint. Format should be array or comma separated string. Eg (with claim named roles)

{"roles": ["admin", "user"]}
or
{"roles": "admin,user"}

Also nested claims is supported. For example resource_access.client-id.roles for

"resource_access": {
   "client-id": {
     "roles": [
       "client-role-1",
       "client-role-2"
     ]
   }
}

You can use provider groups in two ways:

1. Map provider groups to existing nextcloud groups
2. Create provider groups in nextcloud and associate it to user (if appropriate option specified)

If you want sync groups on every login do not forget to check "Update user profile every login" setting

You can find example how to configure WSO2IS for return roles claim with OIDC at https://medium.com/@dewni.matheesha/claim-mapping-and-retrieving-end-user-information-in-wso2is-cffd5f3937ff

Add BotFather

/newbot
nameof_bot

Save the API key somewhere you will need to put it in nextcloud along with your bot username in the social login section.

Go here

Add your bot username and change the authoriazation type to "Redirect to URL" Enter your nextcloud domain followed by:

/apps/sociallogin/oauth/telegram

https://cloud.nextcloud.com/apps/sociallogin/oauth/telegram

Login with Telegram

Go back to BotFather

/mybots

Select your bot

/setdomain
cloud.nextcloud.com

Go to your nextcloud settings social login admin page. Enter your Telegram bot name

nameof_bot

and your API key that you copied when you created your bot

And thats it

For using telegram login you need create bot and connect it to domain as described here https://core.telegram.org/widgets/login

Then specify bot login and token in "Social login" section of admin settings page

Telegram auth will not work everywhere another than browser.*

You can copy link of certain login button to get proper "redirect url" for OAuth app setting.

• Google
• Amazon
• Facebook
• Twitter
• GitHub
• Discord

Details about "Allow login only from specified domain" google setting you can find here #44 You can use comma separated list for multiple domains

You can use 'social_login_auto_redirect' => true setting in config.php for auto redirect unauthorized users to social login if only one provider is configured.

You can copy link from specific login button on login page and paste it on provider's website as callback url! Some users may get strange reply(Callback) url error from provider even if you pasted the right url, that's because your nextcloud server may generate http urls when you are actually using https. Please set 'overwriteprotocol' => 'https', in your config.php file.