Usage of App Passwords / Tokens

Dear ownCloud Community,

we are using and maintaining several instances of oC for our customers. To enhance the security we would like to provide a how to for registering and using MFA with TOTP.

Now we realized that there is a difference in some instances and are confused about it.

One instance requires a user to log in with an App Password (users regular password is not accepted) in to the Windows Client, for another instance that is not the case.

Is there an option or a config parameter to control if an App Password is required?
Or will it be required anyways if 2FA is activated?


Figured out that it is related to the OAuth 2.0 App.

1 Like

The requirement for an App Password in ownCloud instances when using Two-Factor Authentication (2FA) with Time-based One-Time Password (TOTP) can vary based on the configuration of each instance. Without the OAuth 2.0 App, users need to log in to their ownCloud account in a web browser first, then create an app password or tokens, which can be used in the ownCloud Desktop and Mobile apps. When using the OAuth 2.0 App, the ownCloud Desktop client will open the login page in the system web browser, and after entering the regular credentials, users will see a second page where they need to enter the second factor.