App passwords removed after use?

Could someone explain me if the following issue about “app passwords” is intented behaviour? If so could you explain me why? If not could someone explain me how I should fix this?

Expected behaviour

I want to log in with my account on my destop client. The only way to do this in our system is using the “app password” function. When you press “klik hier” you go to the correct page to generate a password.

Then I can create a app password here and it’s all fine.

When I use the password I can log in. I would expect that I can always use this password now for this app.

Actual behaviour

Once I am logged in, the newly “app password/token” created will disappear in the above overview. And the next time I have to generate a password again.

Different configuration

We use the default OwnCloud system. But we have created our own user_backend. The user backend only implements public function checkPassword($uid);.

Server configuration

Operating system:
Ubuntu 18.04.4 LTS

Web server:


PHP version:
php 7.2

ownCloud version:

Storage backend (external storage):
windows server

Client configuration

Client version:
version 2.5.4

Operating system:
windows 10

Installation path of client:
D:\Program Files (x86)\Owncloud\

@gapiedaan is this a restriction on your system?

@gapiedaan Password should be listed there, but it should never be shown in plain text again. You need to remember it or store somewhere else…


Thanks for your reply!

Yes, for the web login you will be redirected to a website which gets the user. For the desktop client this is not possible. So therefore you need the app password.

I can only use the password once. If I try to log in with the same app password at a later stage it does not work anymore. It is then also not listed in “app passwords/tokens” list.

I’d recommend to enable OAuth 2.0 on the ownCloud server. This way desktop and mobile clients work with all kind of login methods.


Sounds like a bug you need to investigate. Check logs etc…

Do you know the steps someone else could use to reliably reproduce the issue?