⚠️ This issue respects the following points: ⚠️
Bug description
I can not create or delete any App password for any user.
When I try to add a password, a dialog for password confirmation opens.
No matter if I enter the right password or anything else, the dialog is closed and nothing happens. No error message, no new App password.
In log there is a NotConfirmedException.
Issue is maybe related to #58619
Steps to reproduce
- Go to settings, security
- srcoll down and enter an app name
- press create new password
- in overlay enter password and press confirm
Expected behavior
app password is added
Nextcloud Server version
33
Operating system
Other
PHP engine version
PHP 8.3
Web server
Apache (supported)
Database engine version
MySQL
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
Configuration report
occ config:list system
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "33.0.3.2",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"forcessl": true,
"logtimezone": "Europe\/Berlin",
"log_rotate_size": 10485760,
"preview_libreoffice_path": "\/usr\/bin\/libreoffice",
"preview_office_cl_parameters": "",
"preview_max_x": 2048,
"preview_max_y": 2048,
"enable_previews": true,
"enabledPreviewProviders": [
"OC\\Preview\\SGI",
"OC\\Preview\\HEIC",
"OC\\Preview\\BMP",
"OC\\Preview\\GIF",
"OC\\Preview\\JPEG",
"OC\\Preview\\MarkDown",
"OC\\Preview\\PNG",
"OC\\Preview\\TXT",
"OC\\Preview\\XBitmap",
"OC\\Preview\\Movie",
"OC\\Preview\\Image"
],
"theme": "",
"maintenance": false,
"trusted_domains": [
"nextcloud.fabianfischer.org",
"homeserver.fabianfischer.org",
"192.168.5.12"
],
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"loglevel": "0",
"overwrite.cli.url": "https:\/\/homeserver.fabianfischer.org\/owncloud",
"htaccess.RewriteBase": "\/owncloud",
"secret": "***REMOVED SENSITIVE VALUE***",
"trashbin_retention_obligation": "auto",
"updater.release.channel": "stable",
"mysql.utf8mb4": true,
"app_install_overwrite": [
"calendar",
"keeweb",
"carnet"
],
"has_rebuilt_cache": true,
"jpeg_quality": 90,
"enable_movie_transcode": false,
"memcache.local": "\\OC\\Memcache\\APCu",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"dbindex": 0,
"password": "***REMOVED SENSITIVE VALUE***",
"timeout": 1.5
},
"default_phone_region": "DE",
"mail_sendmailmode": "pipe",
"maintenance_window_start": 1,
"memories.db.triggers.fcu": true,
"memories.exiftool_no_local": true,
"memories.vod.path": "\/mnt\/data\/web\/root\/owncloud\/apps\/memories\/ bin-ext\/go-vod-amd64",
"memories.gis_type": 1,
"memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
"memories.vod.ffprobe": "\/usr\/bin\/ffprobe",
"memories.ffmpeg_path": "\/usr\/bin\/ffmpeg",
"memories.ffprobe_path": "\/usr\/bin\/ffprobe"
}
}List of activated Apps
Enabled:
- activity: 6.0.0
- app_api: 33.0.0
- calendar: 6.4.0
- circles: 33.0.0
- cloud_federation_api: 1.17.0
- comments: 1.23.0
- contacts: 8.4.6
- contactsinteraction: 1.14.1
- dashboard: 7.13.0
- dav: 1.36.0
- deck: 1.17.1
- federatedfilesharing: 1.23.0
- federation: 1.23.0
- files: 2.5.0
- files_automatedtagging: 4.0.0
- files_downloadlimit: 5.1.0
- files_external: 1.25.1
- files_pdfviewer: 6.0.0
- files_reminders: 1.6.0
- files_sharing: 1.25.2
- files_trashbin: 1.23.0
- files_versions: 1.26.0
- firstrunwizard: 6.0.0
- keeweb: 0.6.23
- logreader: 6.0.0
- lookup_server_connector: 1.21.0
- memories: 8.0.1
- nextcloud_announcements: 5.0.0
- notifications: 6.0.0
- oauth2: 1.21.0
- password_policy: 5.0.0
- photos: 6.0.0
- previewgenerator: 5.13.0
- privacy: 5.0.0
- profile: 1.2.0
- provisioning_api: 1.23.0
- recommendations: 6.0.0
- related_resources: 4.0.0
- richdocuments: 10.1.3
- richdocumentscode: 25.4.904
- serverinfo: 5.0.0
- settings: 1.16.0
- sharebymail: 1.23.0
- spreed: 23.0.4
- support: 5.0.0
- survey_client: 5.0.0
- systemtags: 1.23.0
- tasks: 0.17.1
- text: 7.0.1
- theming: 2.8.0
- twofactor_backupcodes: 1.22.0
- twofactor_nextcloud_notification: 7.0.0
- twofactor_totp: 15.0.0
- updatenotification: 1.23.0
- user_status: 1.13.0
- viewer: 6.0.0
- weather_status: 1.13.0
- webhook_listeners: 1.5.0
- workflowengine: 2.15.0
Disabled:
- admin_audit: 1.23.0
- bruteforcesettings: 6.0.0 (installed 2.4.0)
- carnet: 0.25.13 (installed 0.25.13)
- encryption: 2.21.0
- files_fulltextsearch_tesseract: 32.0.0 (installed 32.0.0)
- suspicious_login: 11.0.0
- testing: 1.23.0
- user_ldap: 1.24.0
Nextcloud Signing status
No errors have been found.
Nextcloud Logs
{"reqId":"kr6QZJA1mPmC7altAN4w","level":0,"time":"2026-05-20T17:03:56+02:00","remoteAddr":"192.168.5.60","user":"fifa","app":"settings","method":"POST","url":"/owncloud/settings/personal/authtokens","scriptName":"/owncloud/index.php","message":"Required authorization header missing","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:150.0) Gecko/20100101 Firefox/150.0","version":"33.0.3.2","exception":{"Exception":"OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotConfirmedException","Message":"Required authorization header missing","Code":403,"Trace":[{"file":"/mnt/data/web/root/owncloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php","line":73,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\Security\\PasswordConfirmationMiddleware","type":"->"},{"file":"/mnt/data/web/root/owncloud/lib/private/AppFramework/Http/Dispatcher.php","line":110,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->"},{"file":"/mnt/data/web/root/owncloud/lib/private/AppFramework/App.php","line":153,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/mnt/data/web/root/owncloud/lib/private/Route/Router.php","line":321,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/mnt/data/web/root/owncloud/lib/base.php","line":1155,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/mnt/data/web/root/owncloud/index.php","line":25,"function":"handleRequest","class":"OC","type":"::"}],"File":"/mnt/data/web/root/owncloud/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php","Line":84,"message":"Required authorization header missing","exception":"{\"class\":\"OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotConfirmedException\",\"message\":\"Required authorization header missing\",\"code\":403,\"file\":\"/mnt/data/web/root/owncloud/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php:84\",\"trace\":\"#0 /m ...Additional info
Browser shows 403 @
POST | https://homeserver.fabianfischer.org/owncloud/settings/personal/authtokens
Bug description
I can not create or delete any App password for any user.
When I try to add a password, a dialog for password confirmation opens.
No matter if I enter the right password or anything else, the dialog is closed and nothing happens. No error message, no new App password.
In log there is a NotConfirmedException.
Issue is maybe related to #58619
Steps to reproduce
Expected behavior
app password is added
Nextcloud Server version
33
Operating system
Other
PHP engine version
PHP 8.3
Web server
Apache (supported)
Database engine version
MySQL
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
{"reqId":"kr6QZJA1mPmC7altAN4w","level":0,"time":"2026-05-20T17:03:56+02:00","remoteAddr":"192.168.5.60","user":"fifa","app":"settings","method":"POST","url":"/owncloud/settings/personal/authtokens","scriptName":"/owncloud/index.php","message":"Required authorization header missing","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:150.0) Gecko/20100101 Firefox/150.0","version":"33.0.3.2","exception":{"Exception":"OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotConfirmedException","Message":"Required authorization header missing","Code":403,"Trace":[{"file":"/mnt/data/web/root/owncloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php","line":73,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\Security\\PasswordConfirmationMiddleware","type":"->"},{"file":"/mnt/data/web/root/owncloud/lib/private/AppFramework/Http/Dispatcher.php","line":110,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->"},{"file":"/mnt/data/web/root/owncloud/lib/private/AppFramework/App.php","line":153,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/mnt/data/web/root/owncloud/lib/private/Route/Router.php","line":321,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/mnt/data/web/root/owncloud/lib/base.php","line":1155,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/mnt/data/web/root/owncloud/index.php","line":25,"function":"handleRequest","class":"OC","type":"::"}],"File":"/mnt/data/web/root/owncloud/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php","Line":84,"message":"Required authorization header missing","exception":"{\"class\":\"OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotConfirmedException\",\"message\":\"Required authorization header missing\",\"code\":403,\"file\":\"/mnt/data/web/root/owncloud/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php:84\",\"trace\":\"#0 /m ...Additional info
Browser shows 403 @
POST | https://homeserver.fabianfischer.org/owncloud/settings/personal/authtokens