Without contact access authorization app is unusable

[kzar79]

Just updated the app, it asked to access my contacts, which I denied (I really think this app must be able to work without accessing contacts).

After that, the app continously complains about the need to use Single-Sign-On and does not sync notes. It also says that there is no network connection (which is not true, any other app works).

With this change, the app is just unusable without granting access to the contacts. Which is obviously not needed.

[stefan-niedermann]

Yes it is needed in order to access the nextcloud account on the device. If you know a way how this works without requesting contacts permission you can make a proposal at the SSO-repository: https://github.com/nextcloud/Android-SingleSignOn/issues

We guarante, that not a single contact from your phone gets read by the Notes app and we can prove it since the source is open.

Also have a look at #615 which requests a local account. This is something, we will implement.

But SSO requires at the current state that the contacts permission is given.

[stefan-niedermann]

cc @David-Development & @tobiasKaminsky

[David-Development]

@stefan-niedermann Once we drop the need for the Android account manager, we don't need the contact permission anymore.

Take a look here: nextcloud/Android-SingleSignOn#49

[kzar79]

Even if the contact permission won't be asked anymore (in some future), I think that the dependency on another app (Nextcloud File Manager) is an anti-feature.

Users should be allowed to use the Notes app alone, and (even if they use also the Nextcloud File Manager app) to choose how and where to store their credentials.

I appreciate your effort to integrate the SSO, so I do not propose to revert to the old version after all this good work.

What I propose is to add an option so the user can choose to use the new SSO or the old integrated authentication.

[stefan-niedermann]

Dear @kzar79,

while i understand your request, this is no option for us.

We have discussed this long time and came to the conclusion that this is our way to go. Most people who are using notes have a Nextcloud account and will probably us the Nextcloud app anyway. Besides that: The Nextcloud app is open source and free, even on Play Store. Noone is forced to actually use it.

The effort of maintaining a complete network stack and support self-signed-certificates, second-factor-authentication and all possible special configurations is too high and caused most of connection and sync related issues in the past. Using SSO, we can ensure, that we have covered all those kind of special environments that the Nextcloud app also covers, without the need of testing edge cases or anything else.

Use SSO as an option would require to still manage this network stack on our own, and i do not have the time to maintain this nor do i want it, because i would love to focus on more important topics like replacing the buggy markdown editor (#549).