Summary
Logging this in user_oidc for discoverability. The user_oidc app correctly constructs and attempts to fetch the Microsoft Entra OIDC discovery URL, but the underlying HTTP client (Guzzle → libcurl) receives HTTP 404 from Microsoft's endpoint when running on the official nextcloud:32 Docker image. The same fetch succeeds via PHP's file_get_contents() from inside the same container, which rules out network configuration and confirms the failure is specific to the libcurl path.
Root cause (as far as we know)
The official nextcloud:31 and nextcloud:32 Docker images are built on php:8.3-apache-trixie (Debian 13 "Trixie" — currently pre-release). libcurl 8.14.1 on Trixie appears to produce a TLS ClientHello that Microsoft's CDN infastructure responds to with HTTP 404, while stable Debian 12 (Bookworm) libcurl builds return HTTP 200 for the same URL.
Related prior issue for context: nextcloud/user_oidc#397 reports a similar top-level error message but was resolved via local access rule changes (allow_local_remote_servers). Current findings indicate a different failure mode.
Full evidence and root cause analysis: nextcloud/docker#2560.
Workaround
Build a custom Nextcloud image using FROM php:8.3-apache-bookworm instead of the Trixie base. Nextcloud version and volumes are unchanged.
Environment
| Component |
Version |
| Nextcloud |
31.0.14.1 / 32.x |
| Docker image base |
php:8.3-apache-trixie |
| libcurl |
8.14.1 |
| Identity provider |
Microsoft Entra ID (Azure AD) |
| user_oidc |
v8.7.0 |
Summary
Logging this in
user_oidcfor discoverability. Theuser_oidcapp correctly constructs and attempts to fetch the Microsoft Entra OIDC discovery URL, but the underlying HTTP client (Guzzle → libcurl) receives HTTP 404 from Microsoft's endpoint when running on the officialnextcloud:32Docker image. The same fetch succeeds via PHP'sfile_get_contents()from inside the same container, which rules out network configuration and confirms the failure is specific to the libcurl path.Root cause (as far as we know)
The official
nextcloud:31andnextcloud:32Docker images are built onphp:8.3-apache-trixie(Debian 13 "Trixie" — currently pre-release). libcurl 8.14.1 on Trixie appears to produce a TLS ClientHello that Microsoft's CDN infastructure responds to with HTTP 404, while stable Debian 12 (Bookworm) libcurl builds return HTTP 200 for the same URL.Related prior issue for context:
nextcloud/user_oidc#397reports a similar top-level error message but was resolved via local access rule changes (allow_local_remote_servers). Current findings indicate a different failure mode.Full evidence and root cause analysis: nextcloud/docker#2560.
Workaround
Build a custom Nextcloud image using
FROM php:8.3-apache-bookworminstead of the Trixie base. Nextcloud version and volumes are unchanged.Environment
php:8.3-apache-trixie