mirror of
https://github.com/nextcloud/documentation.git
synced 2026-01-03 02:09:45 +07:00
Merge pull request #642 from nextcloud/flow_docs
Add documentation for the new login flow
This commit is contained in:
Morris Jobke
56
developer_manual/client_apis/LoginFlow/index.rst
Normal file
56
developer_manual/client_apis/LoginFlow/index.rst
Normal file
@@ -0,0 +1,56 @@
|
||||
.. _loginflowindex:
|
||||
|
||||
==========
|
||||
Login Flow
|
||||
==========
|
||||
|
||||
This document provides a quick overview of the new login flow that should be used by clients to obtain
|
||||
login credentials. This will assure that each client gets it own set of credentials. This has several advantages:
|
||||
|
||||
1. The client never stores the password of the user
|
||||
2. The user can revoke on a per client basis from the web
|
||||
|
||||
Opening the webview
|
||||
-------------------
|
||||
|
||||
The client should open a webview to :code:`<server>/index.php/login/flow`. Be sure to set the :code:`OCS-APIREQUEST`
|
||||
header to :code:`true`.
|
||||
|
||||
The client will register an URL handler to catch urls of the :code:`nc` protocol. This is required to obtain the
|
||||
credentials in the final stage.
|
||||
|
||||
This should be a one time webview. Which means:
|
||||
* There should be no cookies set when creating the webview
|
||||
* Passwords should not be stored
|
||||
* No state should be preserved after the webview has terminated
|
||||
|
||||
To have a good user experince please consider the following things:
|
||||
* set a proper :code:`ACCEPT_LANGUAGE` header
|
||||
* set a proper :code:`USER_AGENT` header
|
||||
|
||||
|
||||
Login in the user
|
||||
-----------------
|
||||
|
||||
The user will now see a webpage telling them they will grant access to :code:`USER_AGENT`. When they follow the steps
|
||||
they will be asked to login. If they have two factor authentication enabled they will require this to login. But since
|
||||
this is all in the webview itself the client does not need to care about this.
|
||||
|
||||
|
||||
Obtaining the login credentials
|
||||
-------------------------------
|
||||
|
||||
On the final login the server will do a redirect to a url of the following format:
|
||||
|
||||
.. code::
|
||||
|
||||
nc://login/server:<server>&user:<username>&password:<password>
|
||||
|
||||
* server: The address of the server to connect to. The server may specify a protocol (http or https). If no protocol is specified the client will assume https.
|
||||
* username: The username that the client must use to login
|
||||
* password: The password that the client must use to login and store securely
|
||||
|
||||
This information will be used by the client to create a new account.
|
||||
After this the webview is destroyed including all the state the webview holds.
|
||||
|
||||
.. note:: On Nextcloud 12 the returned server is just the server address without any possible subfolder. This is corrected in Nextcloud 13.
|
||||
@@ -24,10 +24,17 @@ Other OCS API documentations:
|
||||
* `Notifications API - Register a device for push notifications <https://github.com/nextcloud/notifications/blob/5a2d3607952bad675e4057620a9c7de8a7f84f0b/docs/push-v3.md>`_
|
||||
|
||||
|
||||
Login Flow
|
||||
----------
|
||||
|
||||
Clients can obtain an apptoken via the login flow. See :doc:`LoginFlow/index`
|
||||
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
:hidden:
|
||||
|
||||
WebDAV/index
|
||||
OCS/index
|
||||
LoginFlow/index
|
||||
|
||||
|
||||
Reference in New Issue
Block a user