Need help - cannot connect to Nextcloud with OAuth or Access Token

Hi,

I’m stuck ! I tried everything and still, I can not connect my n8n services to my Nextcloud. I tried both method and nothing is working. I get errors like these two depending on authentification method :

- OAuth :

{"code":0,"message":"Unable to connect to cloud.my-domainname.co:443","hint":""}

This error comes from the web browser (in the popup created to accept terms) at the end. So right after user accept terms the popup get redirect to https://sub.my-domain.co/rest/oauth2-credential/callback?state=<token_state>&code=<token_code> and it create this error. I do not see any error on Nextcloud. On n8n the log gave me this :

2022-08-19T01:50:12.044Z | verbose  | Credential updated "{ credentialId: '5', file: 'credentials.api.js' }"
2022-08-19T01:50:12.209Z | verbose  | OAuth2 authentication successful for new credential "{\n  userId: '444-444-4d41-8f78-xxx444',\n  credentialId: '5',\n  file: 'oauth2Credential.api.js'\n}"

Even if it looks like it has been successfull in n8n… nothing works in the workflows. So something happen at the end of OAuth procedure that makes impossible to n8n to finish the transaction.

- Access token :

2022-08-19T01:46:40.842Z | debug    | Credential test failed UNKNOWN ERROR - check the detailed error for more information 
.... ....
httpCode: 'ECONNREFUSED',\n    description: 'connect ECONNREFUSED 10.0.3.82:443'\n  },\n  timestamp: 1660873600842,\n  node: {\n    id: 'temp',\n    parameters: { temp: '' },\n    name: 'Temp-Node',\n    type: 'n8n-nodes-base.noOp',\n    typeVersion: 1,\n    position: [ 0, 0 ],\n    credentials: { nextCloudApi: [Object] }\n  },\n  httpCode: null,\n  description: 'connect ECONNREFUSED 10.0.3.82:443',\n  file: 'CredentialsHelper.js',\n  function: 'testCredentials'\n}"

What I already tried

  • I tested n8n from n8n.io and OAuth works perfectly with my Nextcloud. Error is created because both are in Docker swarm.
  • In Nextcloud, I change config file to trusted_domain // trusted_proxies double checked and everything. Use also overwrite method has explain in documentation. Still not working.

Information on my n8n / nextcloud setup

  • Both services are in docker swarm mode activated
  • Both services are behind Traefik reverse proxy
  • Configuration for Nextcloud has been follow just like this doc : doc
  • Traefik, n8n, NC are in same network but not same host / node
  • n8n version: 0.191.0
  • Database you’re using default SQLite

Need help here, if anybody can share their tought it would be very much appreciated. I’m new to this community but really look foward to use n8n. Very promising ! Thanks

Hi @goino , did you check nextcloud’s log? new version of nextcloud need set 'allow_local_remote_servers' => true, in nextcloud config file, if you want access from LAN.

1 Like

Thanks for your time @tight-crow-1218

So I added variable ‘allow_local_remote_servers’ to config.php in Nextcloud. But still not working. With this variable to true, here’s my logs from Nextcloud :

- OAuth Logs :

24.203.218.42 - - [19/Aug/2022:11:40:35 +0000] "GET /login/flow/grant?user=&direct=0&oauthState=nFMRi1PZ2dUc3diQ2RHUUNhOVJGbyIsImNpZCI6IjUifQ%3D%3D&clientIdentifier=a3AIEx4eJg3HPhM2NUX4r6LZRDCyymhAqkvqXA5dq8cZ&stateToken=uUQcoD17YSuyjiirrDggm9fwE5SrFVbXDiuETp2KQQRtrBtGYMTJ7G0OIpymwaLI HTTP/1.1" 200 7319 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36"
24.203.218.42 - - [19/Aug/2022:11:40:34 +0000] "GET /cron.php HTTP/1.1" 200 848 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36"
24.203.218.42 - - [19/Aug/2022:11:40:33 +0000] "GET /login/flow?clientIdentifier=a3AIEx4eJg3HPhM2NUX4r6LZRDCyymhAqkvqXA5dq8cZ HTTP/1.1" 200 7634 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36"
24.203.218.42 - - [19/Aug/2022:11:40:33 +0000] "GET /apps/oauth2/authorize?client_id=a3AIEx4eJg3HPhM2NUX4r6LZRDCyymhAqkvqXA5dq8cZ&redirect_uri=https%3A%2F%2Fflow.domain.co%2Frest%2Foauth2-credential%2Fcallback&response_type=code&state=nFMRi1PZ2dUc3diQ2RHUUNhOVJGbyIsImNpZCI6IjUifQ%3D%3D&scope= HTTP/1.1" 303 863 "https://flow.domain.co/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36"
24.203.218.42 - - [19/Aug/2022:11:40:33 +0000] "GET /apps/photos/service-worker.js HTTP/1.1" 200 6302 "https://cloud.domain.co/apps/photos/service-worker.js" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36"
24.203.218.42 - - [19/Aug/2022:11:40:35 +0000] "GET /cron.php HTTP/1.1" 200 848 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36"
24.203.218.42 - - [19/Aug/2022:11:40:35 +0000] "GET /apps/photos/service-worker.js HTTP/1.1" 200 6302 "https://cloud.domain.co/apps/photos/service-worker.js" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36"

- Access token :
Looks like there is no logs created after trying to connect from n8n. I’m getting crazy over here :smile:

Hi @goino, seeing the error is ECONNREFUSED, it seems to me that networking between n8n and Nextcloud containers doesn’t work as expected (the OAuth2 dance would take place in the browser, so wouldn’t be affected by this).

Is your Nextcloud instance perhaps listening on a different port internally than it is externally?

Hi @MutedJam, thanks for your time

So my Nextcloud (NC) is on the same n8n network. Here’s my docker-compose file for NC :smile:

services:
  nextcloud:
    image: nextcloud:latest
    restart: always
    hostname: cloud.domain.co
    expose:
      - 443
      - 80
    networks:
      proxy-net:
        aliases:
          - cloud.domain.co

So I can not use ports: 443:443 or 80:80 directly for NC because those 2 ports are for my proxy Traefik. So instead I exposed them with expose. The hostname and aliases are use also… just to make sure everything is routing ok.

After that I use labels for securing my headers. And that’s it.

@MutedJam : I did verify just to make sure and both containers are list in same network. When I do docker exec ping -c2 I got this :

PING nextcloud (10.0.x.xx): 56 data bytes
64 bytes from 10.0.x.xx: seq=0 ttl=64 time=0.155 ms
64 bytes from 10.0.x.xx: seq=1 ttl=64 time=0.104 ms

--- nextcloud ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.104/0.129/0.155 ms

So network is working I think but I’m not senior in docker / swarm setup. Also, ICC is enable in my network.

So network is working I think but I’m not senior in docker / swarm setup.

Neither am I unfortunately, though I do think a ping request wouldn’t use the same protocol as the REST API requests made by the Nextcloud node. Out of curiosity, are you able to send any requests to your Nextcloud container using n8n’s HTTP Request node?

What I did is :

I have this error in n8n. In Nextcloud does not seems to logs this request

{
"status":"rejected",
"reason":{
"message":"connect ECONNREFUSED 10.0.x.xx:443",
"name":"Error",
"stack":"Error: connect ECONNREFUSED 10.0.x.xx:443\n    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1247:16)",
"code":"ECONNREFUSED"
}
}

@MutedJam is there any specific endpoint to test on Nextcloud API ?

So it seems this request isn’t reaching Nextcloud at all. What happens if you use the internal hostname of your Nextcloud container (and possibly the HTTP port instead of HTTPS) rather than the public hostname?

Oh oh oh ! Christmas is coming :smile:

Ok so http://nextcloud/remote.php/dav/user/folder… gives a new error (unseen since I’m trying to make this thing work).

Request is 400 Nextcloud receive it. But config.php do not permit from trusted domain.

Let me change my config.php

1 Like

Ok ! Now we are cooking.

My http:///remote.php/dav/file/admin gives a 200 with this is :

data
This is the WebDAV interface. It can only be accessed by WebDAV clients such as the Nextcloud desktop sync client.

HTTP Request with OAuth gives me same result.

WebDav is not possible with Http Request Node… Still my issue is not resolve yet :frowning:

1 Like

Feels like we might be close :smiley:

Any chance you can use try “Access Token” authentication offered by the Nextcloud node with the internal hostname as the URL?

1 Like

hmmm… so nextcloud node in n8n with access token gives me an error on nextcloud like this one

10.0.x.xx - [email protected] [19/Aug/2022:14:40:15 +0000] "GET /remote.php/dav/files/admin/ocs/v1.php/cloud/capabilities HTTP/1.1" 401 1510 "-" "n8n"

Now… I do have 2-factor authentification enable on Nextcloud. Does that come into play ?

OK WE HAVE IT ! HOURRAY !

So I had to use app token from my user. Settings → Securty (user section). Then create specific password for n8n access. This password is necessary because of 2-factor auth install.

After that ! the issue I had is my URL. I used http://< container-name >/remote.php/dav/files/user… but n8n node need http://< container name >/remote.php/webdav to access Nextcloud. So changing that solve everything ! Anyways, I changed the URL with container name AND with http (not https) and everything goes according to plan. For prosperity here’s my final config :

Nextcloud config.php file :

  • allow_local_remote_servers => true
  • trusted_domains : need to add container name so Nextcloud accept internal request from Docker dns

Nextcloud admin

  • if you have 2-factor auth, need to create a specific app password in Settings–>Security (user panel)

n8n Nextcloud node

  • Use Access token not Oauth2 (won’t work internally but feel free and crazy if your n8n is outside your nextcloud setup)
  • Web Dav Url need to be formated this way : http://< container-name >/remote.php/webdav (no https, and do not use remote.php/dav/files/< username >)
  • Use app username and password generated from nextcloud admin panel.

So gratefull @MutedJam and @tight-crow-1218 thanks again.

3 Likes

Thanks so much for sharing your solution, I am really glad this is sorted!

Btw seeing you are using Nextcloud, there’s unfortunately one more bug in the current version of n8n which @No_Name described and solved over here: Nextcloud share file node cannot find file - #8 by No_Name. This will be fixed in one of the next releases with fix(next-cloud-node): Fix issue with credential verification and sharing file by michael-radency · Pull Request #3894 · n8n-io/n8n · GitHub. Just wanted to make sure you’re aware of this.

1 Like