Hi Karan, In my opinion, the ideal approach to use in this scenario would be OAuth based authorization. KeyCloak supports OAuth and you can register a service provider and use that to give a prompt to the user to authorize the desktop client to communicate with the NextCloud server. After the user authorizes the client, KeyCloak will issue an access token which can be used on behalf of the user. NextCloud server will have to use this token and get it validated from the KeyCloak server to ensure the token bearer is authorized to access the NextCloud server.
For obtaining this access token there several grant flows in OAuth that you can use. Based on the type of the client and the level of security you can decide which grant flow to use. https://alexbilbie.com/guide-to-oauth-2-grants/ contains a good summary of OAuth grant flows. I think the implicit grant flow will be most appropriate in this scenario. [1] - https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21092/airavata-security-escience16.pdf?sequence=1 On Fri, May 18, 2018 at 8:55 PM, Sachin Kariyattin <sachin9...@gmail.com> wrote: > Hi Karan, > > The following wiki lists the basic steps to configure keycloak with > NextCloud > > https://github.com/sachinkariyattin/NextCloud/wiki > > This can get you started > > On Fri, May 18, 2018 at 7:57 PM, Kotabagi, Karan <kkota...@iu.edu> wrote: > >> Hi All, >> >> >> I am working with the following Seagrid-rich client to replace the file >> upload mechanism with the next cloud instead of the SFTP. >> >> >> I have the different nextcloud API code set-up that uploads the file to >> the Nextcloud server that is set-up locally in Ubuntu. At present the >> password is hardcoded, so this should be authenticated with the help of >> keycloak as discussed with Suresh. >> >> >> I have discussed the things with Sachin and I have received some inputs >> to proceed with keycloak authentication and after that I can proceed >> to implement the same with the nextcloud API, after this is successful I >> need to integrate nextcloud API with the Seagrid-rich client. >> >> >> Further steps will also include to set-up Nextcloud in the existing file >> server and point the upload of the input files from the client to the same >> location where the existing files are saved (This needs to be further >> looked into with all the configurations). >> >> >> Any suggestions or inputs to proceed with the keycloak authentication >> mechanism to work instead of the password would be appreciated. >> >> >> Regards >> >> Karan >> >> >> >> >> >> > > > -- > > > *Regards,Sachin Kariyattin* >
