Content
View differences
Updated by Wieland Lindenthal almost 2 years ago
**As** a user
**I want to** use SSO once and have Nextcloud integration working right away
**so that** there is no need for me taking the having extra steps step of completing OAuth2 grant flows again and again,
**Acceptance criteria**
* Nextcloud queries and commands that act on user's behalf are able to use OIDC access token instead of OAuth2 bearer token.
* OIDC tokens are saved to the database.
* OIDC access\_token is refreshed when expired.
* OIDC refresh\_token expiration is handled automatically. If possible automatically in backgroun otherwise user have to relogin.
* OIDC access\_token is exchanged using Token Exchange if it does not include required audience.
**I want to** use SSO once and have Nextcloud integration working right away
**so that** there is no need for me taking the
**Acceptance criteria**
* Nextcloud queries and commands that act on user's behalf are able to use OIDC access token instead of OAuth2 bearer token.
* OIDC tokens are saved to the database.
* OIDC access\_token is refreshed when expired.
* OIDC refresh\_token expiration is handled automatically. If possible automatically in backgroun otherwise user have to relogin.
* OIDC access\_token is exchanged using Token Exchange if it does not include required audience.