App passwords failing

I need help once more, heheh.

I have set application passwords for some NC Android apps like the NC client and such. But aren’t working. There’s no info about this in the howtos, but I think I’ve followed the steps correctly:
First I have created a password for each app in the Nextcloud “personal” area, in the “Security” section, and then copied it and pasted in each app’s login configuration. Have I missed anything?
I also have enabled the two factor authentication, but the Android apps don’t ask for OTP codes in any moment. Only the web interface has asked for it, and worked correctly, so I’m rather lost. :neutral_face:


Yeah, we are missing a howto on that indeed.

I just checked with test user and everything seems to be working as expected.

  1. Enable two factor auth
  2. Use OTP android app to connect to it (scan QRcode)
  3. Generate app password
  4. Type it into android app, for example notes.
  5. Click “Done” on app password (personal settings)
  6. Click done on the android app (notes)

The difference is with official nextcloud mobile app. It uses the same authentication method as web. That means you need to swap between windows of the apps and type TOTP Authentication code, from android OTP app and paste it to android mobile app. Seems quite annoying as codes generated by OTP app are temporary and if you switch between too slow you’ll be too late.

Does this sound english? :stuck_out_tongue: Not sure I make sense.

You mean [quote=“muppeth, post:2, topic:2162”]
Enable two factor auth

Yes, that’s what I did, and have now repeated with extreme care to not deviate a milimeter from your indications (many thanks, BTW), but it’s the same: the notes app tries to connect («connecting» message shown in the blue button below the password field) for like 30 seconds, and then it stops and waits again for me todo something :neutral_face:
I’ve tried by copying and pasting the NC generated password as is, like: 4cmki-PQok7-opS8G-yBKpn-4aYzM, and since it didn’t work I deleted the hypens every 5 characters, but no changes: another 30 secs. connecting and then stopping like nothing has happened.
I’m using the latest NC apps and FreeOTP, everything from F-Droid.

You mean that I need to paste the OTP code generated by FreeOTP and paste in the password place? Sounds extrange

I know that feeling, mate xD

Ok, as I expected, pasting the OTP code as the password doesn’t work either.
It’s late now, but Ill keep trying and providing some screenshots if the problem persists, because I don’t know if we are seeing the same things on our mobiles’ screens (f. e., my NC mobile client offers me the possibility to use application specific passwords and aldo an “old method”, which isn’t working either, BTW). But that will be tomorrow.

Thans for your help, and good night.

with pasting the code I meant when using nextcloud(beta) android app.


The generated app password is the entire thing (including hypens). Could be though that because of too many failed tries, you are delayed by nextcloud (preventing brute force) and this can be the reason to it fails. One thing to test it by yourself, so no need for us to check (something to include in some howto), would be to disable two factor, and try to access android notes app with disroot credentials. If that fails, it is the case of bruteforce delay, and we need to remove the failed entries from your IP.

Two factor auth in nextcloud is pretty straight forward thing so it’s weird you are having issues. I suspect the bruteforce delay.

You were right, it surely was due to that bruteforce delay. This morning I have been able to try it again creating new application passwords and everything has gone fine. But no OTP codes were needed at all, only the app passwords genereated by the Nextcloud web application: just creating them in the “Personal” area of my NC cloud space, and copy-paste. OTP code is necessary to log in the web interface; then the web browser does ask for an OTP in a second step after introducineg our credentials, but the mobile apps are done just with the aforesaid passwords.

Thanks again.