**As** an administrator setting up the OpenProject-Nextcloud integration setting up the OpenProject side
**I want to** have a second option to use OIDC based access tokens instead of OAuth2 access tokens when I also use and IDP like Keycloak for single sign on (SSO)
**so that** not each user needs to got through the OAuth grant flow.

**Acceptance criteria**

* In the files storages settings for Nextcloud, Begin of the insertionthe first fomEnd of the insertion Begin of the deletion thereEnd of the deletion is Begin of the insertionextended withEnd of the insertion a Begin of the insertionselect box "Authentication method" withEnd of the insertion Begin of the deletion new step 2 in whichEnd of the deletion the Begin of the insertionoptionsEnd of the insertion Begin of the deletion admin is asked what type of authentication method she wants to setupEnd of the deletion

* Begin of the insertion"Two-wayEnd of the insertion Begin of the deletion Two-wayEnd of the deletion OAuth2 authorization code Begin of the insertionflow"End of the insertion Begin of the deletion flowEnd of the deletion (default)

* Begin of the insertion"CommonEnd of the insertion Begin of the deletion CommonEnd of the deletion OpenID Connect Identity Begin of the insertionProvider"End of the insertion Begin of the deletion ProviderEnd of the deletion

* If the admin chooses "OAuth2" then Begin of the deletion theEnd of the deletion step Begin of the insertion2End of the insertion Begin of the deletion 3End of the deletion will be "OAuth applications" with the sub-steps "OpenProject OAuth" and "Nextcloud OAuth" as we currently have Begin of the insertionthemEnd of the insertion Begin of the deletion them.End of the deletion

* If the admin chooses "OIDC" then Begin of the insertionstep 2End of the insertion Begin of the deletion itEnd of the deletion will Begin of the insertionbeEnd of the insertion Begin of the deletion show information text withEnd of the deletion a Begin of the insertionnew form "OpenID Connect"End of the insertion Begin of the deletion link for further documentation.End of the deletion

* It Begin of the deletion shows a warning if there is no OIDC configured (on OpenProject's side).

* ItEnd of the deletion tells that the setup was only successfully tested with Keycloak and not with other OIDC providers.

* It tells to follow the setup instructions in the docs on how to configure OIDC in OpenProject and how to configure the OIDC provider and offers a link to the correct OpenProject docs.

* (?) The admin is required to select an OIDC provider. (dropdown).

* The admin Begin of the insertionmustEnd of the insertion Begin of the deletion needs toEnd of the deletion enter the OIDC client ID of Nextcloud (text input)

* The save button should be labeled as Begin of the insertion"Save & continue" (leading to the existing step 3 "Project folders")

End of the insertion Begin of the deletion "save" (to be confirmed)

End of the deletion * The admin needs to be able to switch between OAuth2 and OIDC on existing file storages, to provide a migration Begin of the insertionpath


End of the insertion Begin of the deletion path.


End of the deletion **Figma**

workPackageValue:"Figma wireframes"