nextcloud / android-singlesignon Goto Github PK

Hi,

I get a com.nextcloud.android.sso.exceptions.NextcloudUnsupportedMethodException when using propfind to list a directory in nextcloud

I don't think there is another way to implement it so... because the lib to me to contact devs of this lib and not of the android app, here I am :)

Would it be possible to add some methods such as the propfind one ?

Thanks :)

Given you have configured Account A in files app.

Now open Notes or another 3rd-Party-app and trigger pickAccount-dialog. Instead of choosing Account A, click "Add account" and add completely new Account B.

Current behavior: Account B gets imported, but user gets redirected to files app

Expected behavior: Account B gets added and redirected back to the requesting 3rd-Party-app

This seems to be an interesting project. However, the Readme file is very narrow. I can't get which functionality this library provides. It would be nice to add a short paragraph to the README.mdwhich gives some information about the goals and features of the library as well as its limitations.

Thanks!

Hi,

it would be very convenient to be able to see the original response of a call to the nextcloud server.

I don't mean to pass the HttpServletResponse, more likely the response-string of the body and the headers.

The reason is, if i have a failing call, to me it is a black box, i only see the exception message and the status code, but not the actual response.

Thanks in advance!

Given i have the raw String [email protected] in a 3rd-party-app (and configured this account in the files app) and i am in an Activity: How can i trigger the authentication for exactly this account?

I have tried AccountImporter.authenticateSingleSignAccount(this); and AccountImporter.getAccountForName(this, "[email protected]"); so far, but none of the methods opens the expected android permission dialog. Instead i am always ending up with a NextcloudFilesAppAccountNotFoundException. And yes, i made sure, that the files app knows this account.

If i choose AccountImporter.pickNewAccount(this), everything works expected and fine (and also the wanted account is in the list, of course) - except that i do not want to pick an account from a list but only grant access to this special account.

Am i using the lib wrong or is it even possible to use the lib this ways? Background: The Notes android app knows the usernames and hosts. I want to use this information to migrate smoothly to SingleSign-On (keeping all data and just authenticate the 3rd-party app as a now-client for the files-app).

Hey @David-Development, we have a nice thread at https://help.nextcloud.com/t/android-cloud-account-should-be-central/12836 on making the Nextcloud account more central so it can be used by other apps too.

Would be cool if you could chime in there. :) cc @AndyScherzinger @tobiasKaminsky @mario

As this library is all about nextcloud, I would like to get rid of owncloud naming.
Is it for you okay, @David-Development, that we use "com.nextcloud.android.sso.*" for all packages?

Hi @David-Development ,

it seems like the documentation in the README.md file is outdated. Can you please update it to match the version 0.1.2?

I basically have this method in an interface

    @GET("items")
    fun getItems(@Query("batchSize") batchSize: Int = -1,
                 @Query("offset") offset: Int? = null,
                 @Query("type") type: Int = 3,
                 @Query("getRead") getRead: Boolean = true,
                 @Query("oldestFirst") oldestFirst: Boolean = false): Call<Items>

and call it with

    newsService.getItems(params.requestedLoadSize).enqueue(object : Callback<Items> {
            override fun onResponse(call: Call<Items>?, response: Response<Items>?) {

But when calling that one, in the onResponse (when printing response.raw()) I get: I/System.out: Response{protocol=http/1.1, code=520, message=Response.error(), url=http://localhost/}
and also the message

I/System.out: java.lang.NullPointerException: Attempt to invoke virtual method 'java.io.FileDescriptor android.os.ParcelFileDescriptor.getFileDescriptor()' on a null object reference

which seems like it could be a problem.

And my code worked with a previous version of the Annotations PR.

I'm using v0.3.0 in that app.

We should at some basic tests and see if it compiles upon each PR.

Currently this is limited to have support only one account.
When changing this to multi-account, the SharedPreferences stuff also needs to be changed.

If you install the nextcloud news app first and then install the nextcloud files app, you'll get an error message telling you something like "Cannot connect service - no permission". This is because the news app tries to verify the <permission> when the app gets installed. When the files app is installed after the news app, the news app won't recognize the permission anymore.

The following question on stackoverflow is relating to this very problem:
https://stackoverflow.com/questions/26525997/android-uses-permission-issue-when-installing-apps-in-wrong-order

If you read the link that is referred to in the answer that was given, you'll notice, that this is a known problem and there are two options:

• Let the user reinstall the news app (after installing the files app -> UX disaster)
• Define the in every app. (Attackers can use this method as well - read the "The Mea Culpa" part here)

I think neither of the solutions is perfect. Even the permission check right now doesn't give us any security since the user doesn't get any popup or whatsoever that he needs to confirm. Any app declaring the <uses permission> attribute will get the permission automatically granted upon installation. If we follow the instructions given in the stackoverflow article and place the permission tag into every single app, then attackers can do the same thing, right? Therefore we won't get any more security by using permissions at all.

We're protecting our API against intruders/attacks by using a token that needs to be send every single time to authenticate. Therefore I think we can drop the permission attribute completely.

@tobiasKaminsky @LukasReschke What are your thoughts on this?

Hi,
I am currently trying out the new "If-Modified-Since" Header for Nextcloud-Deck (see nextcloud/deck#659) (thanks @juliushaertl for this feature!)

this is setting the Header (am i doing it right so far?):

 private NextcloudRequest.Builder buildRequest(String method, String path, Date lastSync) {
        NextcloudRequest.Builder builder = new NextcloudRequest.Builder()
                .setMethod(method)
                .setUrl(API_ENDPOINT + path)
                .setFollowRedirects(true);
        if (lastSync!=null) {
            String lastSyncHeader = API_FORMAT.format(lastSync);
            Log.d("deck lastSync", lastSyncHeader); 
            //##### output is: Fri, 7 Dec 2018 01:14:37 GMT+01:00

            Map<String, List<String>> header = new HashMap<>();
            List<String> hdr = new ArrayList<>();
            hdr.add(lastSyncHeader);
            header.put("If-Modified-Since", hdr);
            builder.setHeader(header);
        }
        return builder;
    }

The header should be as defined here: https://deck.readthedocs.io/en/latest/API/#headers
If-Modified-Since: Mon, 5 Nov 2018 09:28:00 GMT

I set up a little man-in-the-middle, this is what i see:

So according to this, the header isn't written.
Am i missing something?

STR:

1. Install Nextcloud Dev
2. Install Nextcloud News
   3 Try to use the SSO option in News

You'll get a message asking you to install the files app, even though the development version is already installed. I'm assuming this is the right place for this issue but I'm happy to refile in the downstream News issue tracker if that's the right place.

Can you relicence this to GPL3+? AGPL is not useful for non-server software, and I'm unsure what implications it has if you mix GPL3+ and AGPL (though it should work, but no an expert!).

@tobiasKaminsky Just throwing in some thoughts here. As we had a bunch of issues already when trying to figure out which accounts exist, I was thinking about if we can drop the need to use the Android "AccountManager" at all. As of Android 9 getting accounts from another app is even more difficult. Therefore dropping it makes things easier for all involved parties.

Advantages:

• reauthentication works without the need to request the account permission again (way easier for client apps as we don't need to restart the login flow)
• Custom dialog for choosing the account (nextcloud design / theme)
• reduce complexity of account handling (in the sso library)

Disadvantages:

• None?

So basically what I'm proposing is:

• Instead of calling the account manager to show us available accounts, we create a new custom activity in the files app for that. (Reference)
• The files app lists all accounts available (as the files app has the required permission for that)
• The users selects an account here

This also might be interesting for @desperateCoder @stefan-niedermann

@tobiasKaminsky @David-Development I added Android SSO (and Android News) to the codacy checked repositories see e.g. https://app.codacy.com/project/Nextcloud/Android-SingleSignOn/dashboard

Should I also add the codacy checks to the PRs like we do for the files app and the android library repositories?

Hey buddies!

Here my promised issue:
While this works fine:

$ curl https://bestUser:[email protected]/ocs/v2.php/cloud/capabilities?format=json -H 'OCS-APIRequest: true' 

Using the Retrofit API builder with the following Endpoint definiton doesn't:

@Headers({
        "OCS-APIRequest: true"
})
@GET("cloud/capabilities?format=json")
Observable<Capabilities> getCapabilities();

The result is always the following:

Caused by: java.lang.Throwable: {"message":"CSRF check failed"}

Same for calling the API without Retrofit:

Map<String, String> params = new HashMap<>();
params.put("format", "json");

Map<String, List<String>> header = new HashMap<>();
header.put("OCS-APIRequest", Collections.singletonList( "true"));

NextcloudRequest nextcloudRequest = new NextcloudRequest.Builder()
            .setMethod("GET")
            .setUrl("/ocs/v2.php/cloud/capabilities")
            .setParameter(params)
            .setHeader(header)
            .build();

Have a look in the ApiProvider in the dev/nc_api branch of the Deck app:

https://github.com/stefan-niedermann/nextcloud-deck/blob/dev/nc_api/app/src/main/java/it/niedermann/nextcloud/deck/api/ApiProvider.java

The API is initialized there. I can't find any errors here... Feel free to check out the branch and test it yourself.

When the user keeps the client app open in the background (e.g. news) the news app won't work after updating the Files App. Most likely due to the service connection that was killed.

1. The numbering jumps directly from 4 to 4.1.1
2. The Typical use of API using Retrofit text should be reworded (maybe In typical applications, one would use the API like this, but with this library you have to use the NextcloudAPI or something)

When the list of importable accounts is displayed, it would be great to be able to filter the ones out that are actually imported already.

workflow in 3rd party app like deck or news basically would be:

display dialog with filter = []

-> displays user A and user B

import user A

display dialog with filter = [A]

-> displays only user B

import user B;

cc @nextcloud/designers

Currently one is able to set a current user and get a current user. Internally this is done by setting and reading a SharedPreferences.

We are initializing our API-class in Deck by getting the current user. For changes we would have to implement some way to reinitialize our API. Alternatively the API-class can handle this itself by using a SharedPreferencesListener - But since we already have those nice methods with setting and getting it would be great if a SharedPreferencesListener would be also provided by the SSO (because SSO is the only one who knows the Keys)

What do you think @desperateCoder @tobiasKaminsky @David-Development ?

Hi I am trying to make a App that doesnt need a Server Side app and simply uses a json file to save the data (Simply because I dont want to and dont have the time to code an App and I dont want my users to add a App that only handles one json file).

I want to save this json inside a folder to keep the users root clean. But to be able to create a folder I need to do a MKCOL request but trying that I get a EXCEPTION_UNSUPPORTED_METHOD error. Is there a workaround to do that request anyway?

I have Proguard enabled for release buildTypes in my build.gradle file:

buildTypes
     {
          release 
          {
               minifyEnabled true
               proguardFiles getDefaultProguardFile('proguard-android.txt'), 
                                       'proguard-rules.pro'
          }
     }

And I could not sign in when I built a signed .apk.

I know very little about Proguard and really have no idea how it works. What I did do is google it and I found a similar issue in the Nextcloud App project.

So I added these lines to my proguard-rules.pro file and while it does now work using these rules, and I can sign in with a release build, it would be great if someone who understands Proguard could document exactly what the requirements are for SingleSignOn in the README.md file:

-keep class com.nextcloud.android.sso.** { *; }
-keep,allowshrinking class com.owncloud.android.** { *; }
-keep,allowshrinking class org.apache.jackrabbit.webdav.** { *; }
-keep,allowshrinking class org.apache.commons.codec.** { *; }
-keep,allowshrinking class org.apache.commons.logging.** { *; }
-keep,allowshrinking class org.parceler.** { *; }
-keep,allowshrinking class org.slf4j.** { *; }

Is it recommended to keep the instance of NextcloudAPI alive as long as possible or should one create the instance at each request from scratch (and call .stop() it after the response has arrived)?

I think it would be great to have some kind of versioning available (here and in the files app as well).

Let's say there's a bug in the nextcloud files apps implementation (for a specific version). As a developer I want to be able to tell the user to upgrade the files app if there's a known issue with the version he's using right now.

This means, that this would have to be implemented in the nextcloud files app as well.

What do you guys think?

Something is wrong with the usernames on Nextcloud 12.. Not sure what it is, but the account looks like this: "@192.168.X.X"

Another question is, if we should add the following class, which provides some helpful retrofit/rxjava methods to this library. I think we should, but in case we add it, we have to add the retrofit/rxjava dependencies to this library as well. But I think most apps use retrofit anyways.. right? Especially with this library it's really easy to use..

https://github.com/nextcloud/news-android/blob/master/News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/reader/nextcloud/API_SSO_Helper.java

Soon we will have Files 3.3.0 available on gplay beta.
Once this is settled a bit and working, we should release a stable 1.0.0 version of this library

@David-Development

As discussed with @rullzer, we had the idea to never expose the password at all:

• appX requests access to Nextcloud data from the NextcloudApp
• NC app exchanges some secret with appX to bind it
• NC app requests a new accesstoken for that app (via new endpoint on server side)
• NC app internally binds this access token to the secret it communicated with appX

@David-Development nice! Is this the »import ownCloud account« function you use in the News app?

This seems it could be very useful for other ownCloud Android apps as well. cc @aykit @maltefiala
And maybe there’s a similar mechanism which allows to do the same thing on iOS? @phedlund

You should all join the #owncloud-android and #owncloud-ios channels on IRC. :)

I can think we need to catch/handle the following "error" cases within this library.

• User requests account (nextcloud app is not installed)
• Account has been deleted from Android
• Account has been modified (do we need to know that?) (do we care?)
• Incompatible app versions

This library will work only with Nextcloud, as it depends on some code in Files app, so I suggest "Android SingleSignOn".

Hello friends!

As I already pitched, here is an issue for implementing a convenient way of seeing how the HTTP-Request looks like in the end at dev-time.

The implementation should be not much effort, see this.

Please also update the README describing how to use this feature.

I'd love to have this for the future, since i am struggeling on this again right now.

Greetings! See you at NC Conference!

this is more a question than an issue ...

I'm trying to become acquainted with this library and I have noticed that in the examples Observable is used as a return type. I was wondering why Observable was chosen instead of LiveData? LiveData is lifecycle aware, integrates nicely with ViewModel, Room, etc. and appears to be the recommended data type for data holders (https://developer.android.com/jetpack/docs/guide)

When creating a NextcloudRequest (without Retrofit, but putting the request together manually) i do not get the Server response headers.

I urgently need them for proper caching (Etags and Modified header e.g.)

cc @David-Development

If the user clicks outside the permission request dialog, the sso library doesn't return a proper error message.

Extracted from #11:
David:

Another problem, which also affects case 1 is, that the FindAccounts will only return accounts that the user have granted access to (due to the new security restrictions on Android 8+)

Tobi:

This is done when installing & using NC files app, or? As we require to first have NC files setup correctly, this should be no real problem, or?

David:

As far as I understand, each account will be "private" or lets say not visible for any other app. The app has to use the android AccountManager.newChooseAccountIntent() method for each account before being able to access all accounts (and I think it's on a per account basis). I'll run some tests now.

Would be cool, if you have some idea on this :-)

Seeing the screencast I noticed you give the user the PlayStore URL.

IMHO this is not good, because users may want to use F-Droid.

However, AFAIK you can just use the app ID and pass that to some intend and then users can actually select the appstore they want to get the app from. (I've seen this in other apps.)

If in the build.gradle this part is not present

compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }

I got this error message.
Maybe add this to the README.md

    java.lang.NoSuchMethodError: No static method metafactory(Ljava/lang/invoke/MethodHandles$Lookup;Ljava/lang/String;Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodHandle;Ljava/lang/invoke/MethodType;)Ljava/lang/invoke/CallSite; in class Ljava/lang/invoke/LambdaMetafactory; or its super classes (declaration of 'java.lang.invoke.LambdaMetafactory' appears in /apex/com.android.runtime/javalib/core-oj.jar)
        at com.nextcloud.android.sso.api.NetworkRequest.connectApiWithBackoff(NetworkRequest.java:40)
        at com.nextcloud.android.sso.api.NextcloudAPI$1.run(NextcloudAPI.java:73)

Please let us know, if remote wipe is supported with this library.

• install 3rd party app
• allow access
• re-install 3rd party app
• token is already stored in files app (as it is based on package name), but 3rd party app has no longer the token
  --> we need some way to re-authenticate.

Is the account importer available on any respository?
Do i have to copy the files manually into my project?

There are some issues when the apps have a different signing. As described here the dialog won't appear (it's just stuck forever). I can't seem to find a way to solve this issue. Any ideas are welcome! Otherwise we might have to implement our own authentication manager..

In the logcat I can see the following error message (from the nextcloud files app). I even tried adding permissions handling again - still doesn't work..

java.lang.SecurityException: KEY_INTENT resolved to an Activity (android.accounts.GrantCredentialsPermissionActivity) in a package (android) that does not share a signature with the supplying authenticator (nextcloud).
        at com.android.server.accounts.AccountManagerService$Session.checkKeyIntent(AccountManagerService.java:4230)
        at com.android.server.accounts.AccountManagerService$Session.onResult(AccountManagerService.java:4394)
        at com.android.server.accounts.AccountManagerService$8.onResult(AccountManagerService.java:2556)
        at com.android.server.accounts.AccountManagerService$8.onResult(AccountManagerService.java:2505)
        at android.accounts.IAccountAuthenticatorResponse$Stub.onTransact(IAccountAuthenticatorResponse.java:59)
        at android.os.Binder.execTransact(Binder.java:565)

I am using the webdav GET method to download files.
If my url has spaces in it, like this:
remote.php/webdav/folder/AAA HOWTO.txt

When I try to performNetworkRequest(), it throws an exception

com.nextcloud.android.sso.exceptions.UnknownErrorException: Invalid uri ... : escaped absolute path not valid

I tried to encode the URL using URLEncoder but then I get a error for every URL regardless of spaces.

Any ideas on what kind of URL should be assigned to the URL field of the network request and how it should be properly escaped to not throw an exception based on spaces or other special characters?

Hi, first of all, thanks a lot for this library, it's used in PhoneTrack-Android. Luv'it.

So far, everything works fine with Android 4.1, 5.0, 8.0, 8.1 and 9.0.

I'm testing with freshly installed Nexus 4 virtual phones without google services but have confirmation it works fine on my Nexus 5x (LineageOS 15, Android 8.1).

I'm having problems with Android 6, 7.0 and 7.1 just after choosing an account (AccountImporter.pickNewAccount())

With v0.3.0 It was apparently making Nextcloud Files app crash. Here are the corresponding logs:

03-30 01:46:33.888  2104  2104 E AndroidRuntime: FATAL EXCEPTION: main
03-30 01:46:33.888  2104  2104 E AndroidRuntime: Process: com.nextcloud.client, PID: 2104
03-30 01:46:33.888  2104  2104 E AndroidRuntime: java.lang.RuntimeException: Unable to start activity ComponentInfo{com.nextcloud.client/com.owncloud.android.ui.activity.SsoGrantPermissionActivity}: java.lang.NullPointerException: Attempt to read from field 'java.lang.String android.accounts.Account.name' on a null object reference
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2665)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2726)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at android.app.ActivityThread.-wrap12(ActivityThread.java)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1477)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at android.os.Handler.dispatchMessage(Handler.java:102)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at android.os.Looper.loop(Looper.java:154)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at android.app.ActivityThread.main(ActivityThread.java:6119)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at java.lang.reflect.Method.invoke(Native Method)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:886)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:776)
03-30 01:46:33.888  2104  2104 E AndroidRuntime: Caused by: java.lang.NullPointerException: Attempt to read from field 'java.lang.String android.accounts.Account.name' on a null object reference
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at com.owncloud.android.ui.activity.SsoGrantPermissionActivity.onCreate(SsoGrantPermissionActivity.java:106)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at android.app.Activity.performCreate(Activity.java:6679)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1118)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2618)
03-30 01:46:33.888  2104  2104 E AndroidRuntime:    ... 9 more
03-30 01:46:33.891  1673  1803 W ActivityManager:   Force finishing activity com.nextcloud.client/com.owncloud.android.ui.activity.SsoGrantPermissionActivity
03-30 01:46:33.914  1673  1803 W ActivityManager:   Force finishing activity net.eneiluj.nextcloud.phonetrack.dev/net.eneiluj.nextcloud.phonetrack.android.activity.SettingsActivity

Hanging around in the issues, I discovered I could include -SNAPSHOT version instead of v0.3.0. Problem is still there in a less radical form 😉 : I get an alert dialog telling me You have to accept the requested permissions to use the single sign-on feature. Nothing in the logs. Is it possible I did something wrong? It seems to be related to SsoGrantPermissionActivity. Any idea?

Ow BTW, same thing is happening with News app, there's a crash. I guess it's using SSO lib v0.3.0. Same symptoms as PhoneTrack.

Account listing does not work on LineagsOS (Android 7) sometimes.. Probably it's missing the following permission: android.permission.USE_CREDENTIALS (https://android.stackexchange.com/questions/38369/what-can-an-app-do-with-the-use-accounts-on-the-device-permission)

Reference: stefan-niedermann/nextcloud-deck#81 (comment)

TODO: also remove import of gson from README after adding gson as a dependency to sso.

Checkout branch of Notes android app to reproduce: https://github.com/stefan-niedermann/nextcloud-notes/tree/multi-account

Steps to reproduce:

1. Choose Account A
2. Go to settings, add Account B
3. Go back to main activity
4. Until here everything works as expected
5. Go to settings, choose Account A
6. Go back to main activity
7. Receive

com.nextcloud.android.sso.exceptions.TokenMismatchException: Provided authentication token does not match or package name is not permitted to perform this action
    at com.nextcloud.android.sso.api.AidlNetworkRequest.performNetworkRequest(AidlNetworkRequest.java:156)
    at com.nextcloud.android.sso.api.NextcloudAPI.performNetworkRequest(NextcloudAPI.java:119)
    at it.niedermann.owncloud.notes.util.NotesClient.requestServer(NotesClient.java:200)
    at it.niedermann.owncloud.notes.util.NotesClient.getNotes(NotesClient.java:128)
    at it.niedermann.owncloud.notes.persistence.NoteServerSyncHelper$SyncTask.pullRemoteChanges(NoteServerSyncHelper.java:348)
    at it.niedermann.owncloud.notes.persistence.NoteServerSyncHelper$SyncTask.doInBackground(NoteServerSyncHelper.java:278)
    at it.niedermann.owncloud.notes.persistence.NoteServerSyncHelper$SyncTask.doInBackground(NoteServerSyncHelper.java:249)
    at android.os.AsyncTask$2.call(AsyncTask.java:288)
    at java.util.concurrent.FutureTask.run(FutureTask.java:237)
    at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
    at java.lang.Thread.run(Thread.java:841)

The token is stored in the sqlite database and explicitly set before creating NextcloudAPI in NotesClient-class on the lines 81 and 105.

I debugged and compared them and they seem to be identical to when the accounts were added the first time and in the database.

cc @David-Development @tobiasKaminsky

Once this is at some decent point this should be published via jitpack, for either access.
Release should be done from official NC team members (I hope this is ok).