Nextcloud OAuth Setup

Prev Next

Nextcloud is an open-source storage and collaboration platform. You can allow users to sign in to your Rocket.Chat workspace with their Nextcloud credentials. Setup involves alternating between your Nextcloud admin settings and your Rocket.Chat admin panel, so keep both open in separate tabs.

Important

Per Nextcloud's own documentation, Nextcloud's OAuth2 implementation does not support scoped access. Every issued token has full read and write access to the user's complete Nextcloud account, including stored files. Nextcloud states that, without scoped access, it is "not recommended to use a Nextcloud instance as a user authentication service." Review this tradeoff before proceeding.

Prerequisites

  • Administrator access to your Nextcloud server

  • Administrator access to your Rocket.Chat workspace

Step 1: Add an OAuth 2.0 client in Nextcloud

  1. Sign in to your Nextcloud server as an administrator.

  2. Go to Settings → Administration → Security. Do not confuse this with Personal Security Settings, which is for your own password.

  3. Scroll to OAuth 2.0 clients and locate the Add client row.

  4. Enter a Name (for example, Rocket.Chat). You will provide the Redirection URI in Step 3.

Leave this page open. You will return to it in Step 3.

Step 2: Get the callback URL from Rocket.Chat

  1. Sign in to your Rocket.Chat workspace as an administrator.

  2. Go to Manage → Workspace → Settings → OAuth.

  3. Expand the Nextcloud section.

  4. Copy the value of Nextcloud Callback URL. It looks like https://your-domain/_oauth/nextcloud.

Step 3: Add the redirect URI and capture credentials

  1. Return to your Nextcloud OAuth 2.0 clients page.

  2. Paste the callback URL you copied from Rocket.Chat into the Redirection URI field.

  3. Select Add. A new row appears with the Client Identifier and Secret.

  4. Note the Client Identifier and reveal and copy the Secret. You will paste these into Rocket.Chat in Step 4.

Step 4: Configure Nextcloud OAuth in Rocket.Chat

Back in Rocket.Chat, in the same OAuth > Nextcloud section:

  1. Turn OAuth Enabled on.

  2. Enter the following values:

    • Nextcloud Server URL: the base URL of your Nextcloud instance, for example https://cloud.example.org

    • Nextcloud Id: the Client Identifier from your Nextcloud OAuth client

    • Client Secret: the Secret from your Nextcloud OAuth client

  3. Optional: customize the sign-in button using Button Text, Button Text Color, and Button Color.

  4. Select Save changes.

Accessibility note

Changing the button text or background color may produce combinations that fail WCAG contrast requirements. Verify your chosen colors against a contrast checker before saving.

Verify the setup

  1. Sign out of your workspace.

  2. On the sign-in page, confirm that the Sign in with Nextcloud button (or your custom button label) appears.

  3. Select it and complete the Nextcloud sign-in flow. You should be returned to your workspace and signed in.

Troubleshooting

Sign-in fails with a redirect or URI error

The Redirection URI in Nextcloud and the Nextcloud Callback URL in Rocket.Chat are not identical. Re-copy the value from Rocket.Chat and paste it into Nextcloud exactly as shown, including the scheme and trailing path.

The Sign in with Nextcloud button does not appear

Confirm that OAuth Enabled is on, that Nextcloud Server URL, Nextcloud Id, and Client Secret are filled in, and that you saved changes. A hard refresh of the sign-in page may be needed.

Sign-in redirects to a 404 or a Nextcloud login loop

Check that your Nextcloud Server URL is the base URL only, with no trailing slash and no /index.php or /apps/... path appended. If your Nextcloud instance is not configured with pretty URLs, consult Nextcloud's OAuth2 documentation for endpoint requirements.

Rocket.Chat versions receive support for six months after release. End-of-life for any version is the last day of the month when support ends.