diff --git a/integrations/nextcloud/snappymail/README.md b/integrations/nextcloud/snappymail/README.md
index e4a82ffa0..6047b3fc9 100644
--- a/integrations/nextcloud/snappymail/README.md
+++ b/integrations/nextcloud/snappymail/README.md
@@ -79,6 +79,8 @@ If your IMAP server only accepts usernames without a domain (for example the lda
If the user sets his credentials for the mailbox in his personal account under "Settings -> Additional settings", these credentials are used by SnappyMail to login.
If no personal credentials are defined the mail address of the Nextcloud user and his password are used by SnappyMail to login. SnappyMail will lookup the "Domain" settings for a configuration that meets the domain part of the mail address passed as username.
+#### Option 4: Attempt to automatically login with OIDC when active
+
### Auto-connection for all Nextcloud users
If your Nextcloud users base is synchronized with an email system, then it is possible that Nextcloud credentials could be used right away to access the centralized email system. In the SnappyMail admin settings, the Nextcloud administrator can then tick the "Automatically login with Nextcloud/Nextcloud user credentials" checkbox.
diff --git a/integrations/nextcloud/snappymail/lib/Controller/FetchController.php b/integrations/nextcloud/snappymail/lib/Controller/FetchController.php
index 134c2462b..4e69e1e21 100644
--- a/integrations/nextcloud/snappymail/lib/Controller/FetchController.php
+++ b/integrations/nextcloud/snappymail/lib/Controller/FetchController.php
@@ -52,6 +52,7 @@ class FetchController extends Controller {
isset($_POST['snappymail-autologin']) ? '1' === $_POST['snappymail-autologin'] : false);
$this->config->setAppValue('snappymail', 'snappymail-autologin-with-email',
isset($_POST['snappymail-autologin']) ? '2' === $_POST['snappymail-autologin'] : false);
+ $this->config->setAppValue('snappymail', 'snappymail-autologin-oidc', isset($_POST['snappymail-autologin-oidc']));
$this->config->setAppValue('snappymail', 'snappymail-no-embed', isset($_POST['snappymail-no-embed']));
} else {
return new JSONResponse([
diff --git a/integrations/nextcloud/snappymail/lib/Settings/AdminSettings.php b/integrations/nextcloud/snappymail/lib/Settings/AdminSettings.php
index 81c1deafc..59745fbc0 100644
--- a/integrations/nextcloud/snappymail/lib/Settings/AdminSettings.php
+++ b/integrations/nextcloud/snappymail/lib/Settings/AdminSettings.php
@@ -22,6 +22,7 @@ class AdminSettings implements ISettings
$keys = [
'snappymail-autologin',
'snappymail-autologin-with-email',
+ 'snappymail-autologin-oidc',
'snappymail-no-embed'
];
$parameters = [];
diff --git a/integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php b/integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php
index 77f03ee15..3aad6b236 100644
--- a/integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php
+++ b/integrations/nextcloud/snappymail/lib/Util/SnappyMailHelper.php
@@ -152,6 +152,12 @@ class SnappyMailHelper
if ($sPassword) {
$sPassword = static::decodePassword($sPassword, $sUID);
}
+ if ($config->getAppValue('snappymail', 'snappymail-autologin-oidc', false) && $ocSession->get('is_oidc')) {
+ $sAccessToken = $ocSession->get('oidc_access_token');
+ if ($sAccessToken) {
+ $sPassword = $sAccessToken;
+ }
+ }
}
// If the user has set credentials for SnappyMail in their personal
diff --git a/integrations/nextcloud/snappymail/templates/admin-local.php b/integrations/nextcloud/snappymail/templates/admin-local.php
index 446e8a4bd..ea7ec0eaa 100644
--- a/integrations/nextcloud/snappymail/templates/admin-local.php
+++ b/integrations/nextcloud/snappymail/templates/admin-local.php
@@ -38,6 +38,13 @@
+