Wish list: create a camera qr code to grant access

[Spacial]

The main idea is using a qrcode on server (on sync clients), so you dont need to type the app specific password, just point and everything is configured (server, user and otp).

Could even (in qr code) some hash of the server's certificate to guarantee no MITM attack.

[tflidd]

ref: nextcloud/server#5659

[ChristophWurst]

Server ticket: nextcloud/server#429
Server PR: nextcloud/server#429
Android implementation: nextcloud/android#3383

@marinofaggiana any status on this? Is it feasible to integrate a qr code reader into the login screen?

[marinofaggiana]

@ChristophWurst it is in TODO ... 😨

[marinofaggiana]

Available on TestFlight 2.23.2 (Build 3)

[ChristophWurst]

Awesome!

[AndrStnz]

It works, with the example provided in the "server Issue # 429" ... so now how do I enable it for my own server 😄

[ChristophWurst]

Thanks for testing @AndrewwHummer! That's great to hear. You'll have to be patient a bit as we're stabilizing Nextcloud 16 at the moment. It will take a few more weeks before the final release, but you can also check out a beta release once ready: https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule

[AndrStnz]

Thanks for the information. Will try the beta as soon its ready! :)

[tobiasKaminsky]

works for me also, but you QR needs to include http/https protocol, otherwise it will fail.

[marinofaggiana]

Should be obligatory the protocol in qrcode !? Otherwise I don't know if it's http or https @ChristophWurst

[tobiasKaminsky]

I just created a qrcode on my own and on android we always first try https if no protocol is specified. It https is not working, we test http and show a warning that it is unsecure.

[tobiasKaminsky]

Background: It can happen that people generate the qr code on their own, for e.g. easy roll out of clients, etc. and therefore it should be as error prone as possible.

[ChristophWurst]

is there anything we have to change on the server?

[marinofaggiana]

Ok, I add this strange control, but for me the qrcode should have the protocol.

[ChristophWurst]

If so, please open a ticket in the server repo and let me know about the exact format of the URL. I'm also unsure if we should or have to URL encode any parameter and how that is handled on the mobile apps.

[tobiasKaminsky]

is there anything we have to change on the server?

nc://login/user:tobi&password:XJdpw-R9kF3-Liy5C-MjNEZ-aTjSN&server:http://localhost/nc

looks fine.
However I have not tested it with withespaces/@ in userId, but I'll do now.

EDIT: works fine on Android & iOS.

[ChristophWurst]

Okay, thanks for testing. Just let me know if we have to fix anything on the server-side :)

[marinofaggiana]

I have add the check whether server: contain protocol. If not add https:// by default.