Microsoft Entra Consent Flow infinite loop on 7.3.0

[MaximilianReuter]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

---

This issue happened after an update to Nextcloud 30.0.13 which also updated user_oidc to 7.3.0

It was resolved by manually downgrading user_oidc to 7.2.0

I tried regranting consent, I tried recreating the Provider registration. Nothing seems to work.

Steps to reproduce

1. use user_oidc version 7.3.0 on 30.0.13
2. configure Microsoft Entra OIDC
3. try to login
4. Asks for consent
5. Give admin consent in entra admin centre
6. try to login again
7. asks again for admin consent
8. rinse repeat

Expected behaviour

After consent is given should let user login

Actual behaviour

Instead of login it keeps asking for consent.

Server configuration

Web server: Apache

Database: Maria

PHP version: 8.2

Nextcloud version: 30.0.13

List of activated apps

Enabled:
  - activity: 3.0.0
  - app_api: 4.0.6
  - bruteforcesettings: 3.0.0
  - circles: 30.0.0
  - cloud_federation_api: 1.13.0
  - comments: 1.20.1
  - contactsinteraction: 1.11.0
  - dashboard: 7.10.0
  - dav: 1.31.1
  - deck: 1.14.5
  - federatedfilesharing: 1.20.0
  - federation: 1.20.0
  - files: 2.2.0
  - files_downloadlimit: 3.0.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - firstrunwizard: 3.0.0
  - forms: 5.1.2
  - guests: 4.3.0
  - logreader: 3.0.0
  - lookup_server_connector: 1.18.0
  - nextcloud_announcements: 2.0.0
  - notifications: 3.0.0
  - oauth2: 1.18.1
  - password_policy: 2.0.0
  - photos: 3.0.2
  - privacy: 2.0.0
  - provisioning_api: 1.20.0
  - recommendations: 3.0.0
  - related_resources: 1.5.0
  - serverinfo: 2.0.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - side_menu: 4.1.1
  - support: 2.0.0
  - survey_client: 2.0.0
  - systemtags: 1.20.0
  - text: 4.1.0
  - theming: 2.6.0
  - twofactor_backupcodes: 1.19.0
  - updatenotification: 1.20.0
  - user_oidc: 7.2.0
  - user_status: 1.10.0
  - viewer: 3.0.0
  - weather_status: 1.10.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - admin_audit: 1.20.0
  - encryption: 2.18.0
  - files_external: 1.22.0
  - suspicious_login: 8.0.0
  - twofactor_nextcloud_notification: 4.0.0
  - twofactor_totp: 12.0.0-dev
  - user_ldap: 1.21.0 (installed 1.21.0)

Nextcloud configuration

"system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.zarm-technik.de"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "30.0.13.1",
        "overwrite.cli.url": "https:\/\/cloud.zarm-technik.de",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "default_phone_region": "ISO 3166-2:DE",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "filelocking.enabled": true,
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0
        },
        "maintenance": false,
        "loglevel": 2,
        "maintenance_window_start": 1,
        "auth.webauthn.enabled": false,
        "theme": ""
    }

Browser

Browser name: Firefox

Browser version: 128.13

Operating system: Windows

Browser log

did not collect at the time

[julien-nc]

Hi. Could you set the loglevel to 0 in config.php, reproduce the issue and give us the logs (extract of nextcloud.log that contains the time frame)?
We need to see what happens to figure out why the login flow does not complete.

[MaximilianReuter]

Given that doing so prevents users from using the nextcloud I will have to try to schedule that for the weekend.

[MaximilianReuter]

Okay managed to get the debug log nextcloud.user_oidc-issue.log

What I did in this log as follows:

1. update user_oidc from 0.7.2 to 0.7.3
2. tried to login using my microsoft credentials
3. had the microsoft consent window show
4. requested consent
5. clicked return to app
6. saw access denied page of nextcloud
7. clicked return to login
8. repeated process
9. went into entra and approved the consent request
10. tried again to login via microsoft and got the consent window again
11. stopped logging and returned to version 0.7.2 so login is functional again

[MaximilianReuter]

just confirmed by installing the patch from #1176 the issue is resolved

[julien-nc]

@MaximilianReuter Thanks a lot for the feedback. Let's wait for a confirmation in #1173 and merge #1176.

[MaximilianReuter]

Small issue:

{
  "reqId": "eNrgzM1MJGOBacUWAQxV",
  "level": 2,
  "time": "2025-08-18T12:04:58+00:00",
  "remoteAddr": "XXX.XXX.XXX.XXX",
  "user": "--",
  "app": "PHP",
  "method": "GET",
  "url": "/index.php/apps/user_oidc/login/1?redirectUrl=https://cloud.zarm-technik.de/index.php/apps/dashboard/",
  "message": "Undefined array key \"prompt\" at /var/www/cloud.zarm-technik.de/apps/user_oidc/lib/Controller/LoginController.php#275",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0",
  "version": "30.0.14.1",
  "data": {
    "app": "PHP"
  },
  "id": "68a31a583620e"
}

This warning now shows up when people login

[julien-nc]

@MaximilianReuter My bad, I fixed that in the PR branch. Could you give it another try?

[MaximilianReuter]

@MaximilianReuter My bad, I fixed that in the PR branch. Could you give it another try?

Just tried the patch and it seems to resolve the warning!