RocketChat User Authentication for Nextcloud

Description

We set up RocketChat (RC) with internal Authentication / User Management.
Now - few weeks later - i try to connect Nextcloud (NC) to it by OAuth, so RC users can login into NC with their RC credentials too.

We did so far:

  • set up a OAuth App for our NC instance in RC
  • installed “Social Login” on NC and set up OAuth2 with the RC Server

On NC, after clicking on Rocketchat, loggin in to RC and click to “allow”, RC leads back to NC, but
NC throws thhe error:

“Can not get identifier from provider”

It seems the “authorization state” is provided and consumed, but NC expects some kind of further “indentifier” from RC?..

Any ideas / experiences / hints with this or such a setup? I know this is probably more NC related (will ask there too), but no clue so far.

Is OAuth2 (NC “Social Login”) the right way to do that?

Any help or hint is very welcome.

many thanks,

niels.

Server Setup Information

  • Version of Rocket.Chat Server: 3.18.3
  • Operating System: Gentoo Linux
  • Deployment Method: snap
  • Number of Running Instances: 1
  • DB Replicaset Oplog: 232
  • NodeJS Version: v12.22.1
  • MongoDB Version: 3.6.14 / wiredTiger (oplog active)
  • Proxy: nginx
  • Firewalls involved: pfSense / FreeBSD (NAT / port forwading)

Any additional Information

nothing in the logs of RC nor RC

In RC:
Redirect URL: *ttps://nextcloud.yxz/apps/sociallogin/custom_oauth2/rchat
Auth URL: *ttps://rchat.xyz/oauth/authorize
Access token: *ttps://rchat.yxz/oauth/token

In NC (Social Login):
OAuth2
API base URL: *ttps://rchat.yxz/oauth
Authorize URL: *ttps://rchat.yxz/oauth/authorize
Token URL: *ttps://rchat.xyz/oauth/token
Profile URL: *ttps://rchat.yxz/oauth/userinfo (???)
Client ID: xxxx (ID from RC)
Client Secret: xxxxx (secret from RC)
Scope (optional): (empty)
Profile Fields (optional): (empty)
Groups Claim (optional): (empty)
Default Group: “staff”