Can't stay logged in to Desktop or Mobile app (Authentik OIDC with ocis_full 7.1.0)

[prohtex]

I have a fresh deployment of ocis_full running in Ubuntu. I'm adding Authentik OIDC auth with an auth server running on another machine.

Steps:

1. Deploy ocis_full 7.1.0-rc4 and verify everything is working
2. Consult documentation for Authentik:
   Per https://doc.owncloud.com/ocis/next/additional-information/knowledge-base.html, the Helge Klein docs seem to be the supported method.

4. Configure Authentik per https://helgeklein.com/blog/owncloud-infinite-scale-with-openid-connect-authentication-for-home-networks

6. add to .env:

OCIS_OIDC_ISSUER=https://auth.server.com/application/o/owncloud/
WEB_OIDC_CLIENT_ID=<key>
GRAPH_LDAP_SERVER_WRITE_ENABLED=true
PROXY_OIDC_REWRITE_WELLKNOWN=true
PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
PROXY_AUTOPROVISION_ACCOUNTS=true
PROXY_ROLE_ASSIGNMENT_DRIVER=oidc
PROXY_USER_OIDC_CLAIM=preferred_username

5. web redirects to auth flow, which hangs with CORS error:

6. Per https://www.reddit.com/r/owncloud/comments/1cr7t90/ocis_content_security_policy/, adding the auth domain to csp.yaml fixes this, but then I'm confronted with this:

7. Removing PROXY_USER_OIDC_CLAIM allows logging in with Web, but Desktop and Mobile apps can't complete auth flow:

[prohtex]

I am also wondering if there's a way to have the traditional login persist alongside the Authentik flow, so users can authenticate manually if need be. Can't figure that one out either!

[prohtex]

I'm having a hell of a time trying to get the mobile and desktop apps to authenticate. They are currently showing "Not Found," even after removing the providers from Authentik. To be honest, I don't want them to. I want to use Authentik for the web app, and let the mobile and desktops use regular auth.

Does anyone know how to accomplish this? All I have now in my ocis.yaml is:

      OCIS_OIDC_ISSUER: https://auth.<domain>/application/o/ocis/
      WEB_OIDC_CLIENT_ID: <id>
      PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD: none

Besides those lines and the auth domain in config/ocis/csp.yaml, nothing else is changed from the standard ocis_full deployment

[prohtex]

Ok, here's some more weird behavior. I realized that I was trying to log into the desktop app with an existing local account. I removed that account and attempted to add it again. This is what happened:

Oddly, when I deleted the account on the iOS app and added it again, it DID let me log in successfully with the entire auth flow. However, it immediately started to complain about access token expiration and logged me out.

Trying to log back again yielded the familiar error:

It seems that when there is an existing local user account, mapping cannot be done successfully to the server user. I am really unclear on the mapping tags (such as PROXY_AUTOPROVISION_ACCOUNTS=true which I had tried previously). @micbar can you provide some pointers here?

Originally posted by @micbar in #10623

[prohtex]

Creating a new user allowed me to log into the Desktop app at long last. However, all file transfers fail after about 15 seconds. It seems the same token error as the iOS app is to blame.

When the invalid token error occurs, the user is then logged out, and cannot log back in, because Authentik returns to the "Not Found" screen.

I do have offline_access set up in my Authentik provider, with defaults as here: #5653 (comment)

Here are logs:

{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"ca12536c1f9e710e443ca3aeba5f5128","request-id":"c45256c5-d9ce-4f88-bd83-ed61795ff6c7","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"88534c93f4c7df6789369f5ed7d3d9a0","request-id":"55a520f6-7dd1-42e6-b842-fd36f2a92772","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"477dc6e804a4abf3467582465eea68bd","request-id":"7ef5a4bc-7359-4078-9bda-373acaad92fe","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"373ba57d7cd0a558c788db41b0ca7601","request-id":"68aaf3a7-60d4-4705-ab18-6f10acb95bd8","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"9cbd3d3a7fe6d759eb9b97a4136f53dc","request-id":"7fc26e79-7f54-4476-aacf-b97c465ed7fe","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"6f5b085a55093c968863006d245b92ea","request-id":"11bc4f5a-1bbd-40f4-ad9a-98fe7d985341","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"7005e9b4b3b7ca1bb9ac65cd6062b277","request-id":"38e1a0bc-0f2f-49b0-bfe2-5b2bc281f0b5","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"b294048a601c59ed1a2aa90574d55a6b","request-id":"79408ffa-d0c4-44c6-be93-2ef9f771a862","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"249088c8af59ef67d0c3e60b4eaebe74","request-id":"622c0444-d049-4c07-b01f-e7c39f5e4ebb","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"5bcb37f1308769a4de3da8a69ee03471","request-id":"bdd14912-78eb-4c7f-83a2-c972d1de1b84","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"514c449f1374b61782d6e02dc222dbcb","request-id":"718394a4-0d31-4545-95b1-ba4f67bc7fad","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"b69b34de58000dd4ec0f6d086f5356a4","request-id":"f1988e4d-031a-4c08-b167-4e45328f1215","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"d9bf7cf3ae152886156059ae14d7166a","request-id":"7852d331-3a29-473b-9329-683acda8ad2d","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"5b75027920c92d5adab9996531fb8eec","request-id":"7597f1c5-ec61-446d-bb34-4a470e493de0","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:40:21Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"0f79f5cd2f0c648dddbc36d4d20e0ad7","request-id":"08b34241-84ca-49c3-b977-c82f3e1eabe5","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"write tcp 127.0.0.1:9350->127.0.0.1:55338: write: connection reset by peer","time":"2025-02-11T07:40:23Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"0f79f5cd2f0c648dddbc36d4d20e0ad7","request-id":"08b34241-84ca-49c3-b977-c82f3e1eabe5","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","content-length":56567999,"transferred-bytes":49226931,"time":"2025-02-11T07:40:23Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:165","message":"content length vs transferred bytes mismatch"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"8aee38e260508198c5d85aec57b347db","request-id":"0d8f1423-ebaa-478b-bdf6-a4e054f62c11","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"write tcp 127.0.0.1:9350->127.0.0.1:55322: write: connection reset by peer","time":"2025-02-11T07:40:23Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"8aee38e260508198c5d85aec57b347db","request-id":"0d8f1423-ebaa-478b-bdf6-a4e054f62c11","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","content-length":46638166,"transferred-bytes":37916318,"time":"2025-02-11T07:40:23Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:165","message":"content length vs transferred bytes mismatch"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"a8c7bdd33a1cb0b5f699e93610c01f4d","request-id":"7ffcf8e3-74a2-4c3d-8a4c-a715e6483e99","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:41:58Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"7424dd5049fe5c4cd4baed4495d51d4b","request-id":"1ca059e6-b147-41bf-8d80-2a9c0bdbb67d","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:41:58Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"e1fefcc0e4528ceead0a4ad6597ba2ce","request-id":"6a66f138-6326-477c-ba0d-67b931d59d16","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:41:59Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"24fb87ee5ade2e4e62cf1115e30296bf","request-id":"822cdc39-4612-4f31-b920-50a825f954dd","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:41:59Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"098788b61871db18a4c14f5fda86ea80","request-id":"b5fbe62e-39d5-4d30-a23b-0048bb13a8ce","path":"<removed>","spaceid":"8b195668-7cb4-4fcd-b181-936a6dee32a4$feac8487-a0bc-4f83-adb4-4bf0319dad3b","handler":"get","error":"context canceled","time":"2025-02-11T07:42:03Z","line":"github.com/cs3org/reva/[email protected]/internal/http/services/owncloud/ocdav/get.go:157","message":"error finishing copying data to response"}
{"level":"error","service":"proxy","error":"token is expired","authenticator":"oidc","path":"<removed>","user_agent":"Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64)","client.address":"<removed>","network.peer.address":"","network.peer.port":"","time":"2025-02-11T07:42:04Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/oidc_auth.go:198","message":"failed to authenticate the request"}
{"level":"error","service":"proxy","error":"token is expired","authenticator":"oidc","path":"<removed>","user_agent":"Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64)","client.address":"<removed>","network.peer.address":"","network.peer.port":"","time":"2025-02-11T07:42:04Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/oidc_auth.go:198","message":"failed to authenticate the request"}
{"level":"error","service":"proxy","error":"token is expired","authenticator":"oidc","path":"<removed>","user_agent":"Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64)","client.address":"<removed>","network.peer.address":"","network.peer.port":"","time":"2025-02-11T07:42:04Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/oidc_auth.go:198","message":"failed to authenticate the request"}
{"level":"error","service":"proxy","error":"failed to get userinfo: 401 Unauthorized: ","authenticator":"oidc","path":"<removed>","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15","client.address":"<removed>","network.peer.address":"","network.peer.port":"","time":"2025-02-11T07:43:48Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/oidc_auth.go:198","message":"failed to authenticate the request"}
{"level":"error","service":"proxy","error":"failed to get userinfo: 401 Unauthorized: ","authenticator":"oidc","path":"<removed>","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15","client.address":"<removed>","network.peer.address":"","network.peer.port":"","time":"2025-02-11T07:43:48Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/oidc_auth.go:198","message":"failed to authenticate the request"}
{"level":"error","service":"proxy","error":"failed to get userinfo: 401 Unauthorized: ","authenticator":"oidc","path":"<removed>","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15","client.address":"<removed>","network.peer.address":"","network.peer.port":"","time":"2025-02-11T07:43:48Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/oidc_auth.go:198","message":"failed to authenticate the request"}

[micbar]

@prohtex I am no longer part of this project.

[prohtex]

@prohtex I am no longer part of this project.

No longer part of OCIS? Or just Desktop? =/

@rhafer any advice for me?

[rhafer]

@rhafer any advice for me?

Sorry, I am no longer part of this project either.

[prohtex]

@rhafer any advice for me?

Sorry, I am no longer part of this project either.

Sounds like a story. @wkloucek can you kindly provide me with some advice?

[kobergj]

@prohtex seems the access token acquired from the client is expiring too fast. Does everything work when using web only? Maybe Authentik somehow uses another access token expiration for the clients?

[prohtex]

@prohtex seems the access token acquired from the client is expiring too fast. Does everything work when using web only? Maybe Authentik somehow uses another access token expiration for the clients?

Hi @kobergj, thanks for getting back to me. Authentik is set with the generous defaults, as noted in #5653 (comment)

The token expiry is just one issue however; when the user is logged out, trying to log back in gives the “Not found” error. The only way to successfully log in again is to delete the local user and add again. Only the initial auto flow works on mobile and desktop.

[prohtex]

@prohtex seems the access token acquired from the client is expiring too fast. Does everything work when using web only? Maybe Authentik somehow uses another access token expiration for the clients?

@kobergj I just wanted to say that I really appreciate you taking the time to help me with this. I don't know what the circumstances are with devs shifting priorities or projects, but as a 10+ year user of OwnCloud legacy and SeaFile, it has been really something quite impressive to watch this project emerge and become so mature and robust so quickly. I first deployed OCIS 4 and have been testing, upgrading and migrating since then. What you guys have created is a world-class system, and I don't pretend to know where funding comes from or how it all works. For me, I'm small business owner and end user and I just really happy to have OCIS to work with and for all the wonderful tips and support of volunteers all over. So, again, thank you.

What I did today:
• Destroy all my VMWare Ubuntu VMs
• Fresh install of Ubuntu
• Fresh deployment of OCIS using ocis_full and minimal configuration
• Fresh deployment of Authentik in its own fresh container
• Minimal Authentik config
• Follow this guide to the letter: https://helgeklein.com/blog/owncloud-infinite-scale-with-openid-connect-authentication-for-home-networks/
• Experience the same errors.

When I set out to integrate Authentik with my primary OCIS deployment a few days ago, I assumed the trouble I was encountering was due to a mix of outdated guides or breaking changes. Now I'm really stumped-I cannot for the life of me get this auth flow to work correctly for mobile or desktop.

I know that some of the issues users have here on GitHub are on the level of support questions, and I'm grateful for any input. I also know that issues like this sometime turn up real bugs and I've been happy to contribute time to seeking them out (as with a few issues in OCIS Web so far).

I am of course eager to get my Auth working. But I'm also available to help devs better the product, and if I can provide access to a test server, or additional logs, or anything else, please let me know. I'd really like to solve it.

If you look at the Helge Klein article, there are some users in the comments section with similar as yet unsolved issues.

Thanks!

[kobergj]

@prohtex Thank you very much for you warm words ❤

I've looked through the Helge Klein article, and found some interesting comment:

I found a solution to the owncloud client forcing reauthentication each time the access_token expires. It is failing to use it’s refresh tokens as authelia is saying the audience was not whitelisted.
Also – technically an installed native client with a hardcoded client ID (such as owncloud) is a “public” client as per RC8252.4 when it is not using DCR – which is still unsupported in authelia.
In the clients: section for the ownCloud desktop client, do the following in authelia’s configuration.yaml, client config section for the owncloud desktop client:
– set public: true
– comment out the secret (as it is not used for public clients) – this has the added benefit of forcing PKCE with authelia’s defaults.
– add an audience claim with the ownCloud as follows:
audience: [‘xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69’]

Is there any chance we have a similar situation here? Refresh Tokens not working correctly?

Since this happening only with desktop and mobile apps, not with the web: @DeepDiver1975 do you have any idea why authentication would fail with desktop but succeed with the webclient?

[DeepDiver1975]

Since this happening only with desktop and mobile apps, not with the web: @DeepDiver1975 do you have any idea why authentication would fail with desktop but succeed with the webclient?

Nothing right out of my head. I suggest to use the latest desktop client 5.3.2, enable all logging https://doc.owncloud.com/desktop/next/appendices/troubleshooting.html#log-files and share these logs with us.

[prohtex]

Is there any chance we have a similar situation here? Refresh Tokens not working correctly?

I have seen refresh token errors, yes, but from what I understand, it is not necessary to set audience claim in Authentik (goauthentik/authentik#4021 (comment)).

I do have my providers for Desktop and Moblie set to "confidential" per Helge:

OIDC Provider for the ownCloud iOS App
Create a new OAuth2/OpenID Provider with the following settings:

Name: ownCloud-iOS-OIDC
Authorization flow: default-provider-authorization-explicit-consent
Client type: Confidential
Client ID: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
Client secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx
Redirect URIs:
oc://ios.owncloud.com
oc.ios://ios.owncloud.com

When I set them to "Public" I do not see much difference. The mobile app logs in successfully then after a while:

While I'm troubleshooting this, I was also hoping you could shed some light on some of the other parameters that might be useful for external auth. I've taken a look at this but it is more like a technical whitepaper and quite over my head: https://doc.owncloud.com/ocis/next/deployment/services/s-list/proxy.html & https://doc.owncloud.com/ocis/next/deployment/services/s-list/auth-service.html

PROXY_OIDC_REWRITE_WELLKNOWN=true
PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
PROXY_AUTOPROVISION_ACCOUNTS=true
PROXY_ROLE_ASSIGNMENT_DRIVER=oidc
PROXY_USER_OIDC_CLAIM=preferred_username

I've tried fiddling with lots of parameters with no success.

Lastly, is it in fact possible to enble local auth and external auth at the same time? Many web apps that work nicely with Authentik allow local auth and then add a button below that says "Authentik" that then begins the auth flow. From what I can tell, enabling external OIDC auth in OCIS creates an "OIDC" only flow from the web-is that correct?

Thank you!

[prohtex]

Since this happening only with desktop and mobile apps, not with the web: @DeepDiver1975 do you have any idea why authentication would fail with desktop but succeed with the webclient?

Nothing right out of my head. I suggest to use the latest desktop client 5.3.2, enable all logging https://doc.owncloud.com/desktop/next/appendices/troubleshooting.html#log-files and share these logs with us.

25-02-12 03:53:10:171 [ debug gui.setupwizard.controller ]	[ OCC::Wizard::SetupWizardController::SetupWizardController(OCC::SettingsDialog *)::(anonymous class)::operator() ]:	next button clicked, current state OCC::Wizard::ServerUrlSetupWizardState(0x600003211440)
25-02-12 03:53:10:171 [ info gui.setupwizard.states.serverurl ]:	no URL scheme provided, prepending default URL scheme "https://"
25-02-12 03:53:10:323 [ info sync.httplogger ]:	"2834edce-394f-44d9-93c0-41e95f2dfff8: Request: GET https://ocis.server.com/.well-known/webfinger?resource=https://ocis.server.com Header: { User-Agent: Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64), Accept: */*, Accept-Language: en_US, X-Request-ID: 2834edce-394f-44d9-93c0-41e95f2dfff8, Original-Request-ID: 2834edce-394f-44d9-93c0-41e95f2dfff8, } Data: []"
25-02-12 03:53:10:327 [ info sync.httplogger ]:	"2834edce-394f-44d9-93c0-41e95f2dfff8: Response: GET 200 (3ms) https://ocis.server.com/.well-known/webfinger?resource=https://ocis.server.com Header: { Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value, Content-Length: 173, Content-Security-Policy: child-src 'self'; connect-src 'self' blob: https://companion.server.com/ wss://companion.server.com/ https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://auth.server.com; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/ https://onlyoffice.server.com/ https://collabora.server.com/ https://owncloud.dev; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://onlyoffice.server.com/ https://collabora.server.com/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline', Content-Type: application/json, Date: Wed, 12 Feb 2025 08:53:10 GMT, Expires: Thu, 01 Jan 1970 00:00:00 GMT, Last-Modified: Wed, 12 Feb 2025 08:53:10 GMT, Referrer-Policy: strict-origin-when-cross-origin, Vary: Origin, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Permitted-Cross-Domain-Policies: none, X-Request-Id: 2834edce-394f-44d9-93c0-41e95f2dfff8, X-Robots-Tag: none, X-Xss-Protection: 1; mode=block, } Data: [{\"subject\":\"https://ocis.server.com\",\"links\":[{\"rel\":\"http://openid.net/specs/connect/1.0/issuer\",\"href\":\"https://auth.server.com/application/o/owncloud-web-client/\"}]}\n]"
25-02-12 03:53:10:328 [ debug sync.credentials.oauth ]	[ OCC::OAuth::startAuthentication ]:	starting authentication
25-02-12 03:53:10:328 [ debug sync.credentials.oauth ]	[ OCC::OAuth::fetchWellKnown ]:	fetching "/.well-known/openid-configuration"
25-02-12 03:53:10:328 [ debug gui.setupwizard.controller ]	[ OCC::Wizard::SetupWizardController::changeStateTo ]:	Current wizard state: OCC::Wizard::SetupWizardState::CredentialsState
25-02-12 03:53:10:352 [ info sync.httplogger ]:	"f640412f-c153-4be3-bf9b-d25fc4a7d62c: Request: GET https://auth.server.com/application/o/owncloud-web-client/.well-known/openid-configuration Header: { User-Agent: Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64), Accept: */*, Accept-Language: en_US, X-Request-ID: f640412f-c153-4be3-bf9b-d25fc4a7d62c, Original-Request-ID: f640412f-c153-4be3-bf9b-d25fc4a7d62c, } Data: []"
25-02-12 03:53:10:623 [ info sync.httplogger ]:	"f640412f-c153-4be3-bf9b-d25fc4a7d62c: Response: GET 200 (271ms) https://auth.server.com/application/o/owncloud-web-client/.well-known/openid-configuration Header: { Content-Encoding: gzip, Content-Type: application/json, Date: Wed, 12 Feb 2025 08:53:09 GMT, Referrer-Policy: same-origin, Vary: Accept-Encoding, Cookie, X-Authentik-Id: b23d01f85f104e82b56e760669cced2e, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-Powered-By: authentik, } Data: [{\n  \"issuer\": \"https://auth.server.com/application/o/owncloud-web-client/\",\n  \"authorization_endpoint\": \"https://auth.server.com/application/o/authorize/\",\n  \"token_endpoint\": \"https://auth.server.com/application/o/token/\",\n  \"userinfo_endpoint\": \"https://auth.server.com/application/o/userinfo/\",\n  \"end_session_endpoint\": \"https://auth.server.com/application/o/owncloud-web-client/end-session/\",\n  \"introspection_endpoint\": \"https://auth.server.com/application/o/introspect/\",\n  \"revocation_endpoint\": \"https://auth.server.com/application/o/revoke/\",\n  \"device_authorization_endpoint\": \"https://auth.server.com/application/o/device/\",\n  \"response_types_supported\": [\n    \"code\",\n    \"id_token\",\n    \"id_token token\",\n    \"code token\",\n    \"code id_token\",\n    \"code id_token token\"\n  ],\n  \"response_modes_supported\": [\n    \"query\",\n    \"fragment\",\n    \"form_post\"\n  ],\n  \"jwks_uri\": \"https://auth.server.com/application/o/owncloud-web-client/jwks/\",\n  \"grant_types_supported\": [\n    \"authorization_code\",\n    \"refresh_token\",\n    \"implicit\",\n    \"client_credentials\",\n    \"password\",\n    \"urn:ietf:params:oauth:grant-type:device_code\"\n  ],\n  \"id_token_signing_alg_values_supported\": [\n    \"RS256\"\n  ],\n  \"subject_types_supported\": [\n    \"public\"\n  ],\n  \"token_endpoint_auth_methods_supported\": [\n    \"client_secret_post\",\n    \"client_secret_basic\"\n  ],\n  \"acr_values_supported\": [\n    \"goauthentik.io/providers/oauth2/default\"\n  ],\n  \"scopes_supported\": [\n    \"openid\",\n    \"email\",\n    \"profile\"\n  ],\n  \"request_parameter_supported\": false,\n  \"claims_supported\": [\n    \"sub\",\n    \"iss\",\n    \"aud\",\n    \"exp\",\n    \"iat\",\n    \"auth_time\",\n    \"acr\",\n    \"amr\",\n    \"nonce\",\n    \"email\",\n    \"email_verified\",\n    \"name\",\n    \"given_name\",\n    \"preferred_username\",\n    \"nickname\",\n    \"groups\"\n  ],\n  \"claims_parameter_supported\": false,\n  \"code_challenge_methods_supported\": [\n    \"plain\",\n    \"S256\"\n  ]\n}]"
25-02-12 03:53:10:623 [ debug sync.credentials.oauth ]	[ OCC::OAuth::fetchWellKnown()::(anonymous class)::operator() ]:	parsing .well-known reply successful, auth endpoint QUrl("https://auth.server.com/application/o/authorize/") and token endpoint QUrl("https://auth.server.com/application/o/token/") and registration endpoint QUrl("")
25-02-12 03:53:10:623 [ debug sync.credentials.oauth ]	[ OCC::OAuth::startAuthentication()::(anonymous class)::operator() ]:	registration endpoint not provided or empty: QUrl("")
25-02-12 03:53:11:656 [ debug sync.credentials.oauth ]	[ OCC::OAuth::openBrowser ]:	opening browser
25-02-12 03:53:11:656 [ debug sync.credentials.oauth ]	[ isUrlValid ]:	Checking URL for validity: QUrl("https://auth.server.com/application/o/authorize/?response_type=code&client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&redirect_uri=http://127.0.0.1:53179&code_challenge=ieZyR88MD0tTwWVlWh4lE4kvfzhsOFS38Vaf-GzOFwE&code_challenge_method=S256&scope=openid offline_access email profile&prompt=select_account consent&state=ivC9NAWAI-3pKT_u7eXfqbvWefSB_v8KlKT3BXxp7VY%3D")
25-02-12 03:53:17:940 [ debug sync.credentials.oauth ]	[ OCC::OAuth::startAuthentication()::(anonymous class)::operator() ]:	accepted client connection from QHostAddress("127.0.0.1")
25-02-12 03:53:17:940 [ debug sync.credentials.oauth ]	[ ()::(anonymous class)::operator()():: ]:	Server provided: "GET /?code=40233b7a1dcc490884cc6dc7e693545b&state=ivC9NAWAI-3pKT_u7eXfqbvWefSB_v8KlKT3BXxp7VY%3D HTTP/1.1\r\nHost: 127.0.0.1:53179\r\nSec-Fetch-Dest: document\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15\r\nUpgrade-Insecure-Requests: 1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nSec-Fetch-Site: cross-site\r\nSec-Fetch-Mode: navigate\r\nAccept-Language: en-US,en;q=0.9\r\nPriority: u=0, i\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\n\r\n"
25-02-12 03:53:17:940 [ debug sync.credentials.oauth ]	[ ()::(anonymous class)::operator()():: ]:	Received the first valid response, closing server socket
25-02-12 03:53:17:941 [ info sync.httplogger ]:	"bcdffcad-c644-4e54-90f7-da6fb333a7c4: Request: POST https://auth.server.com/application/o/token/ Header: { Authorization: Basic [redacted], Content-Type: application/x-www-form-urlencoded; charset=UTF-8, User-Agent: Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64), Accept: */*, Accept-Language: en_US, X-Request-ID: bcdffcad-c644-4e54-90f7-da6fb333a7c4, Original-Request-ID: bcdffcad-c644-4e54-90f7-da6fb333a7c4, Content-Length: 294, } Data: [grant_type=authorization_code&code=40233b7a1dcc490884cc6dc7e693545b&redirect_uri=http://127.0.0.1:53179&code_verifier=pAtoAvc4YlTLK6LdJWcce6eONN3xq74NUJ1oyXOFwoAtXG8RubqbSJB2ZBKyeS1-ITsLusu56p99vdvBH70AwCVxIKzQhR6QRlOZvB7jV1cIdlK7uyt4avdj_9XQukX0&scope=openid%20offline_access%20email%20profile]"
25-02-12 03:53:18:208 [ info sync.httplogger ]:	"bcdffcad-c644-4e54-90f7-da6fb333a7c4: Response: POST 200 (266ms) https://auth.server.com/application/o/token/ Header: { Cache-Control: no-store, Content-Encoding: gzip, Content-Type: application/json, Date: Wed, 12 Feb 2025 08:53:17 GMT, Pragma: no-cache, Referrer-Policy: same-origin, Vary: Accept-Encoding, Cookie, X-Authentik-Id: 7d4629192c724903a72d565eebaa8704, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-Powered-By: authentik, } Data: [{\"access_token\": \"eyJhbGciOiJSUzI1NiIsImtpZCI6ImMxNzk5YzYyNWQ5OGI4MTE4MTdiOGNmNmZhNjAzMWFjIiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgudGFuZ2VudGEub3JnL2FwcGxpY2F0aW9uL28vb3duY2xvdWQtZGVza3RvcC1jbGllbnQvIiwic3ViIjoiNWFkNDcxNDZjMGU1ZGNlNjMwMGVlYzc5MjE1MDMyNzJhOTJkMmQ2NmFjNzQzYWVkYmE4MDExMjA2MDA3NmUyNyIsImF1ZCI6InhkWE90MTNKS3h5bTFCMVFjRW5jZjJYRGtMQWV4TUJGd2lUOWo2RWZoaEhGSmhzMktNOWpialRtZjhKQlhFNjkiLCJleHAiOjE3MzkzNTA2OTcsImlhdCI6MTczOTM1MDM5NywiYXV0aF90aW1lIjoxNzM5MzUwMzk3LCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJhbXIiOlsicHdkIl0sInNpZCI6ImRjYTMzZDdlNTAxZTZiMDExMWVlODA2OTY5ZDVkOGUzMzVmOGY4YWQxNzQ0MGE5ODYxNTczYWI3N2ZiYTRjYTYiLCJlbWFpbCI6InBldGVyQGhhcmthd2lrLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiUGV0ZXIgSGFya2F3aWsiLCJnaXZlbl9uYW1lIjoiUGV0ZXIgSGFya2F3aWsiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJwZXRlciIsIm5pY2tuYW1lIjoicGV0ZXIiLCJncm91cHMiOltdLCJhenAiOiJ4ZFhPdDEzSkt4eW0xQjFRY0VuY2YyWERrTEFleE1CRndpVDlqNkVmaGhIRkpoczJLTTlqYmpUbWY4SkJYRTY5IiwidWlkIjoieVJoaEtKRkhTUEdiVHFQVFBHN2tncVRqVW5FUzRtd09ZQlNiWlNjRyJ9.F9zPZaVgoAtSl3yR6SOBnsZwAPmQe9dHvxpRarXNAH_NEl6D4N0MkRAiF1qaC76iAFm1y26Yhr0EKanjrsyYldcUeMhGFckQobPErX2wEQiyCqvOnwYY90lov9UWYMzRvrBLvVgc8RhDA3nSzrX5NLO8KkXA0zhQeXfpirouZiofPqRXgRorpawoB6xAQjSCAU-gtin7ldjEA3OQaw3mjm3JFjH7JVwWsxbKIFtinXhftd2h0rnZBR9slzWlygS0jWWEBXmc5wh7lDLEb3gd75obiYmhhpbBiURY5rK67nQKyqWOeHh0NaLqcnUymgd2v_dBSCrDoOwTLCONLWWXJ6NyVUBpIlTd2ythM0e-RvLRuVdF8jEXqjYBnKHqgWuJ4u7kwfKsKT3xg06WgNTcyU_y61UZiJpqZ-KqjYDlqz0c05hSLAQznUS-FainuZxav7Nk8xTlRuBsE-XWy2wYEn1ZrtnXhEE-zhH-HYtM8otHlyZ-hpty1jsV5GU9HE0mU-I_5su67Wk_USYnNPylzudTNb3QwvB0PBb8NoZMAzEjNE7WTXmIt1miuZlsbLPqa7yOWC-fmWmlJr2eLQRpROQzQhft1PfHE9jXGoiCNZDezMBXz4ypTzUOBJgTh8iLMfH3acjkC_ow1p9OVM4Bx0MtV4659Ku4sRWwlte3hio\", \"token_type\": \"Bearer\", \"expires_in\": 300, \"id_token\": \"eyJhbGciOiJSUzI1NiIsImtpZCI6ImMxNzk5YzYyNWQ5OGI4MTE4MTdiOGNmNmZhNjAzMWFjIiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgudGFuZ2VudGEub3JnL2FwcGxpY2F0aW9uL28vb3duY2xvdWQtZGVza3RvcC1jbGllbnQvIiwic3ViIjoiNWFkNDcxNDZjMGU1ZGNlNjMwMGVlYzc5MjE1MDMyNzJhOTJkMmQ2NmFjNzQzYWVkYmE4MDExMjA2MDA3NmUyNyIsImF1ZCI6InhkWE90MTNKS3h5bTFCMVFjRW5jZjJYRGtMQWV4TUJGd2lUOWo2RWZoaEhGSmhzMktNOWpialRtZjhKQlhFNjkiLCJleHAiOjE3MzkzNTA2OTcsImlhdCI6MTczOTM1MDM5NywiYXV0aF90aW1lIjoxNzM5MzUwMzk3LCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJhbXIiOlsicHdkIl0sInNpZCI6ImRjYTMzZDdlNTAxZTZiMDExMWVlODA2OTY5ZDVkOGUzMzVmOGY4YWQxNzQ0MGE5ODYxNTczYWI3N2ZiYTRjYTYiLCJlbWFpbCI6InBldGVyQGhhcmthd2lrLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiUGV0ZXIgSGFya2F3aWsiLCJnaXZlbl9uYW1lIjoiUGV0ZXIgSGFya2F3aWsiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJwZXRlciIsIm5pY2tuYW1lIjoicGV0ZXIiLCJncm91cHMiOltdfQ.Ln2M3hLcMJ3FldQ2nSUsq3pgeXjRK1PSrt43MmPWp6kGTMtyAX2etGvXrYIJmrjJyAHItfBVkpMAFauEGfEcojuHQ-3Cr6aBSJL0-ZYdZApVKlYBk0CoYglHKMdrZnAYJQQ5-XErTUfCjkpTrgtomsomj_-_kqIht8svCUQEACA4LRqed708toNNAuM8KIzyV7Ted9V4MHmhPG7DF4gfyROXG-j-_rRoPXC_B8qa1PZOhP0bgQfMRtdik5TshjYdDr_-zlHz5PkvTZwef9j_NWASGOrJm4RqSEzqPg0pg1NhdyUlI8pvMsmCgLGaM9ugSv1BnAuZ9PlGYUQusoTySHAJ_OgyOOQ6cpk_9mETbm5iys3TTApYA1f8zfJu7XaupGexLllS-ofnti6U_v0BPXbd9ZqvicDU-CbjDP02FoJfCAO_cD87lwiJTFnQyENTf2dhf4pJ_EphEP7Zk7_zASHbmlkc44lkMkjKxbou3y14d503UqIaG4nWJ9iSYv2YNugN2tH9HCe81M6TzGY7MxQoOk4QkMYDA10LC6N-7DEjCjbwxeHsHDBCNx_giVJhI1NLksXQDNrTlrYZH13FxCZzyRMXe0xdsaJn8AqwIXcg1pVEj6lJPU-AqHUHsv-6lio7iXONCKy-StczfaYOVQX9Rrfps4M9-zJp9yp71KI\"}]"
25-02-12 03:53:18:208 [ warning sync.credentials.oauth ]:	Error when getting the accessToken "The reply from the server did not contain all expected fields\n:\tError: Missing field refresh_token\n"
25-02-12 03:53:18:239 [ debug sync.credentials.oauth ]	[ (anonymous namespace)::httpReplyAndClose ]:	replying with HTTP response and closing socket: "HTTP/1.1 500 Internal Server Error\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nContent-Length: 30784\r\n\r\n<!DOCTYPE html>\n\n<html lang=\"en\">\n\n<head>\n<title>Login Error</title>\n<style>\nhtml, body {\n    height: 100%;\n    width: 100%;\n    margin: 0;\n}\n\nbody {\n    background-color: #041e42;\n    color: #ffffff;\n    font-family: \"Noto Sans\", OpenSans, Verdana, Helvetica, Arial, sans-serif;\n    display: flex;\n    flex-direction: column;\n    align-items: center;\n}\n\n.row {\n    display: flex;\n    flex-direction: row;\n    align-items: center;\n    height: 100%;\n}\n\n.content {\n    text-align: center;\n}\n</style>\n</head>\n\n<body>\n<div class=\"row\">\n    <div class=\"content\">\n        <img src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAgAElEQVR4nOzdd1hT1xsH8O8NYYOIDFEBEQfi3hP33rvuVUdbV6171m1/Wq0dauseVetede+9995bBAEFEVAIub8/qBHMZYUkN5Dv53n6NDm5OeeNEO57zz1DQJYxQYH8p12tPsZ7qAXRQxSEXAJED0BwESE6KgAHEYIjIDoAcATgIAD2ImAJwAKA8r//vnwsyPWJiIgoQ0QA8QBU//2X5LEAxIlAFID3ACIB4b0AMVINvBcgRAJimAghSBDFVwpRCIq1tgjCw8qhwCS1bJ9IjzLfyS1XTVelUlFEEMTCIgR/QPAXIBYWAU8knLCJiIgMJV4AXogQ7gDibQHibVEU7qhU6lt4dSRU7uDSw9QTAMHKp6afKCoC1CKqCkBVAAXlDoqIiEjCfVHACQWEkwqF+sTHx4fvIaEXwiSZYAJQU6n0UQaIanVrAWiFhCt7IiKiTEUQ8UwUhK1QCFtUT1QngCMquWNKzGQSACvvOkXiRfE7QUAHAK5yx0NERKRHoaKItRYKxfzYpwduyx0MIHsC0M7CIm9oC0EUBgCoJW8sRERERnFYFMS58U9dtwEb4uUKQqYEoJ2FhdebdoIg/gjAX54YiIiIZHVbFIXJ8c9zbJAjETB2AiBY5K3VWhCFKeCJn4iICABui4I4Pv7p4c0w4qBBoyUAVp51SqgV4q9gVz8REZGUwwq1MDj2xcFrxmjM8AmAW00HCxvFT4KAfgAUBm+PiIgo81KLIubHf1CPRsiR94ZsyKAJgNK7VlURwkoB8DVkO0RERFmJCDwUBHRTPT10ylBtGGjlvJpKpXf+qQCWCEAOw7RBRESUNf137uypcPK1UUfkPQo80fvyw/rvAfCo5qa0slwH3usnIiLSh0Oq2LgOCDoeos9K9ZoAWHrXKgtgiwjBS5/1EhERmTNBxDMIYuu4Z4cv6qtOvQ3Ks8hbq7EI4ThP/kRERPolCvAWIRy3yFu7kb7q1MsYAAuv2h0FCOsBWOujPiIiItJiKQDthWz5HojvHt/IaGUZTgAsvWv1hSAs00ddRERElCKFIKC1hZPPK3XEkwzdDsjQSdvCq3bH/07+JrOpEBERURYnAEJTIVu+exnpCdD5xG2Rt1ZjQRS2AVDqWgcRERHpTCUKaB7/9NBuXd6sUwJg6V2rrAjhOABbXd5PREREehEjQKymy+yA9M8C8KjmBmALePInIiKSmy2ALchf3z29b0xnAlBTqbRUrudUPyIiItMgQvBSqlTrUbasZXrel64EQOltMRmCUDNdkREREZFhiaihDMk2NT1vSfMYAKV3raqAcAzc0Y+IiMgUiYCiuurZgRNpOThtCYBbTQcLW8UVAcifodCIiIjIYETgUXyMumRathJO09W8hY3iJ578iYiITJsA+FrYKH5K47Eps/KsU0KtEC+DXf9ERESZgVqhVpSKfXHgekoHpXZSF9SC+rc0HEdERESmQaFWqH9DKhf5KZ7YLfLWas1R/0RERJlOLYu8tVqldEAKCUA7C0EUpug7IiIiIjI8QRSmAu2S3fMn2QTAwutNOwD+BomKiIiIDM3/v3O5pGQSgHYWgiD+aKiIiIiIyPASzuXSvQCSCYBF3tAW4NU/ERFRZuf/3zldi2QCIIjCAMPGQ0RERMYgiEJ/yfIvC6y86xRRQ7xp+JCIiIjIGBSCokjs0wO3k5R9eVC8KH5nvJCIiIjI0OLV6n5fln3RA1BTqfRWvALgaqSYiIiIyPBCVc9cPIAN8Z8KkvQAKH2UAeDJn4iIKKtxVXqGBiQuSJIAiGp1a+PGQ0REREahUCQ5xydOAAQBSHHZQCIiIsqcBKhbIdGtf00CYOVT0w+ApxxBERERkWGJELys89Uq9Om5JgEQRYuq8oRERERExqBWQ3Ou1yQAalEMkD6ciIiIsgI1BM25XpMACAB7AIiIiLKwxOf6hMEAuWq6Ki0VIbJFREREREahihdc8fJgmAIAlEpFEbkDIiIiIsNTKlAE+O8WgCCIheUNh4iIiIzh0zlfAQAiBG79S0REZAZEAf6AZhAgEwAiIiLzIH5OAATwFgAREZE5EEXh0y2ACQqRKwASERGZBQHwBCYoBOSv766MUwXLHRAREREZhyo2zl1h9THeQ+5AiIiIyHislNYeCrUgMgEgIiIyI2qF6KEQBSGX3IEQERGR8YhQ51IIYA8AERGRORGg8FAAgovcgRAREZFRuSpEiI5yR0FERETGIwqig0IBOMgdCBERERmPQoSDQoTAHgAiIiIzIgpwVAAiewCIiIjMiSg6KACwB4CIiMicCIKjAhwDQEREZF5EOCgEwF7uOIiIiMh4BMBBIQKWcgdCRERExiMCSgUAC7kDISIiIqOyUABQyh0FERERGZWSCQAREZH54S0AIiIiM8RbAERERGaItwCIiIjMEG8BEBERmSELBQBB7iiIiIjIqBQKuSMgIiIi42MCQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmiAkAERGRGWICQEREZIaYABAREZkhJgBERERmSCl3AESUteTI7ogKpfxRobQ/Cvl6wcU5G1ycsyFHdkeo1SKCQ9/idehbhISFIzA4DGcu3cKJc9cQHfNR7tCJzAoTACLKsAL58qBrm/po26QGCvl6pXhsPu9cWmWxcSqcvXQLh09dxvp/j+Duw2eGCpWI/iMovWuLcgdBRJmPQiGgQ/Pa6N+jFSqU9tdbvaIoYvfhs/hlwXocPXNVb/USUVJMAIgo3ZrWrYwpw3uhWOF8Bm3n4rW7GP/zUuw/dsGg7RCZIyYARJRmnrncsPSXkahVpbRR212xfg+GTp6PiMgoo7ZLlJVxFgARpUmrhtVwcc8io5/8AaD7Vw1x9cBSNK5dyehtE2VVFgqnfBPlDoKITJdCIeCXCf3x8/jvYGtjLVsc2Rzs0LFlHaji43Hi3HXZ4iDKKpgAEFGyLJVKrPh1DL7u0FjuUDRqVSkNJ0d77D9+Ue5QiDI1JgBEJMnWxhobF01GywYBcoeipVKZIsjr6YFdh85AreYwJiJdMAEgIkl//z4WzetXlTuMZJUskh9uOZyw69BZuUMhypQ4CJCItIwd1BVtm9SQO4xUfdO1Obp/1VDuMIgyJSYARJREs3pVMGFId7nDSLO5U79H2RJ+codBlOlwHQAi0nB2csSNw8vh7pJd7lDS5XlgCErX78V1AojSgXsBEGUR2RzsUK96OeT3yYPcOV3g7uqM2DgVXgWH4frthzh65ipeBoWmWMeMsd9kupM/AHjldsOoAZ0x+qeFcodClGmwB4AoExMEAY1qVcQ3XZuhbrVysLJMOac/deEG5i3fgo07j2qNnq9WsQQOrvsFgiAYMmSD+Rgbh6K1euDpiyC5QyHKFJgAEGVSJfzzY9aP3+m0Mt/5K3fwzajZuH77kabs7I4/UaZ4IX2GaHTrth9Gl4FT5Q6DKFPgIECiTKhb2/o4s2O+zsvyli9VGLncXTTPG9WqmOlP/gDQvnktlC5WUO4wiDIFJgBEmYggCJg0rCeWzB4JS6XuQ3gCg8Nw8MTnlfQGft1aH+GZhN4dm8gdAlGmwASAKBPp26UZxgzskuF61mw5gPh4NYCEHf7qViub4TpNRbtmNVMdC0FETACIMo2ACsXx68QBeqnr3/2nNI/bNq2RaQf+SXF2ckTTulXkDoPI5DEBIMoElEoLLJgxFEqlRYbrioyKxvkrdzTP2zQ2/RX/0qtLm3pyh0Bk8pgAEGUCXVrXRyFfL73UdfT0VcSpVAAAB3tblC9ZWC/1mpJ61cvB2spS7jCITBoTACITJwgCxn2f8fv+nyS++q9SrhgsLLLenwEbaysuD0yUCo6UITJxpYsVRF5PD73Vd+fBM83jsiUy/9S/5JQuVhCnLtwAkLBSYL3q5SEIAmJiPuB99Ae8eh2G+49eIPzde5kjJZIHEwAiE9e8vn4HtN15+DkBKJjPU691mxKfRElTwXxeWDBjqORxr8PCcerCDRw9fRV7jpzFg8cvjRUikayYABCZuIAKJfRa35PnrzSPs3IC4OripHkc+iYi2ePcXbKjZYMAtGwQgDnoj0vX72HV5v1Y8s9ORMd8NEaoRLLIejf/iLKYPDld9VZXfLwaMR9iNc/dcjilcHTm5pros70Jf5fm95UpXgi/TOiPu8dXoX+PVlxTgLIsJgBEJs7DPYfe6oqMioYoft7+w97eVm91m5rEyU1KPQDJ8XDLgV8nDcCtoyvR/auGWXKwJJk3/kYTmTCFQoCDHk/S76Nikjy3tbHWW92mxsX5cwLw4WOszt35efPkxOKfh+PA2l/g4aa/ZIxIbkwAiEyYWi1qnbT1KTY2zmB1yy02Lulny+i6AAEViuPcrr9QpVyxDNVDZCqYABCZuGcvg/VWl6ODXZLnhkwudBWnUmn2KciId5HRmscO9rZ66cLP5e6CA+tmY0DPrLN5Epkvjm4hMnFXbj1EkUI+aTr2dVg4Lly9g0vX7+PJiyCER0TiTXgk3kZEIuZDLJQWSZcSfvc+ygARp+xlUChOnr+Byzfu4emLYDx9GYyg4DBERsUgMioaKlU8AMBSqUQ2Rzu4uzrD1zsX8nnnRv68uVCssC/KlywMezubFNuJiPz82Zwc7fUWv6VSiTkT+8M7jztGTP1Lb/USGRsTACITt2P/KXRqWUfytY+xcdh9+Cw27TyKE+eu42VQaJJBfql5GRSKkkUK6CtUSXcfPsOxM9dw8vx1nDh/A09fBKXpfXEqFcLevkPY23e4ff9pktcsLBQo4Z8fVcsXR7N6lVG9YkmtfRISt+Oc3THjH+QLP/Rph+eBr/HH0s16r5vIGJgAEJm4bXtP4HVYONxdsmvKjpy+gpUb9mL7vpNJrnTT697DF2hcWx9RJvXufTTWbTuEJWt34eK1u3qvPz5ejcs37uPyjfuYu2wzcmR3RJM6ldGtXQPUrFwKAHArUdLgXyCv3mMAgFnj++Hlq1Bs3n3MIPUTGRITACITFxunwvJ1uzGiX0ccPHEJU35dgZPnbyR7vJWlEsUK+6KYnw9cnJ2Q3ckBzk6OsLOxxsfYOGzYcQRHTl8BAFy99UCvsZ44dx3L1u3Cxp1HUxx1nz2bAwrky4OCPp7I75Mb+bxzw83FCfa2NrC2toRKpcbbiEiEvYlA6NsIvA4Nx71Hz3H11gM8DwzRqu9NeCT+3rQPf2/ah8IFvPFdtxa4dP2e5vUS/vn1+jk/USgErPhtNIJC3miWHSbKLASld+209xcSkSy8crvBK3dOyZOMQiGgWoUSaN24OqqUK4aifj6wVCaf2/+z7SC6DZoOAMjj4YonZ9dlOL6L1+5i+NS/cPzsNcnXc2R3RO2qZVAnoAxqVy0D37y5dW7rTXgkrt56gIMnLuHf/adw696TVN+zdek0NKlTSec2U/MyKBTFavcwyUGVRMlhAkCUSRUp5IPvujZHq8bVkdPVOc3ve/oyGAWqdNI8v7RnEYr7++oUw/PAEIybsQj/bDukNfbA1sYa7ZrVRK8OjVGpTFEoFIJObaTm8bNX2L7vJJas3aU1VuCTWeO/w/e92xqk/U/mLNrAQYGUqTABIMpkyhQvhNEDO6NF/aoQBN1Oqr6VO2i60qeN7I0R/Tqm6/3RMR/x09xV+HXRRnz4GJvkNf+CefFt1+bo1Kousmdz0Ck+XR05fQXzl2/F9v0ntaYSNqhZHn/9byg8c7kZpG2VKh7lGn+Dm3cfG6R+In1jAkCUSeT19MDsH/uhRYOqGa5ryKR5mtHrVcoVw9FNv6X5vWcv30L3wf/DwydJd83L6+mBScN6omOLOga72k+rpy+CMPW3Vfh7094kiYCToz1m/fgdenzVyCDtHj97DbW/+sEgdRPpGxMAIhMnCAL6dW+J6aP6wM5WP0v3nr18CwEtB2rqv3N0ZZruy8+c/w8mzF6mmasPJGy6M3ZQF/Tt0tzkNs65efcx+o35VWvsRIOa5bF41giDLO3b4btJ2LSLswLI9FkonPJNlDsIIpJmZ2uNlb+NwZC+X8FSjydXz1xuWLlxHyLevQcAWFhYoH6N8skeH6dSoc+wnzFn0Qao1Z+vGbq0rodty6ajRuVSJrlZjrurM7q3awgHexscP3tN0xvw8EkgNu86joa1KiTZM0AfnLNnw6rN+/VaJ5EhmN43logAJIzQP7LxN7RtUsMg9ffq0FjzeMk/OxH2VnrL3PB379G4y0j8vWmfpszZyREbFk7CsjmjkMMAi+zok0IhYOg37XHm3z+TTAd8+iII1VsPwplLt/TaXq0qpeGd212vdRIZAnsAiExQ2RJ+2L92Ngrm8zRYG0UK+eDPldsQF6dCbJwKb8Ij0axelSTHvHgVgrodhuLC1c+L+RT09cSBtb9kuk1x3F2d8XWHRoiNU2luCcR8+Ii12w6hqJ8P/PJ766UdQRAQ/u49jiUzJZLIVDABIDIxRQr54MDa2XBLtPKfIdjZWuN99AecPH8dAHDl5gPUCSgDr/+uXl+HhaNO+yG4+/C55j21qpTG7lUzkcfD1aCxGYqFQoE6AWWRy90Fuw+fhSgmjN7ftOsocrm7oEzxQnppx8fTA3OXbdFLXUSGwlsARCbEK7cbdq78H5ydjNOtPmZgF/h4eQAARFFEvzG/Ik6lQvi792jUeQTuP3qhObZXxybY9fcMo8VmSH06N8WaeT9qBi3Gx6vRb8wcbN93Ui/1+3h5oGJpf73URWQo7AEgMhE5sjviwNpfMrRKXnpZWipRzC8fVm1KGLQWEhYOUQSm/74KFxMtpftdtxaYN30wFIqsc81QpGBeVC5bFFv3nEBsnAqiCOw8eBqN61RCTj3MDrj/+AVOXbiph0iJDCPrfJuJMrm/fx+LwgX0cx86PWpXLYOe7T/Pi5/+x6okA+M6tayD3yYPNHpcxlC7ahnsWT0TtjYJ0yujoj+g5ddjERTyJsN1Vy5bNMN1EBkSEwAiE9CzfaMUp+EZ2sxx3yKXu4tWedO6lbFk9kidVxzMDCqWLoJFPw/XPH8eGILWvcdrrXCYXsUL67a8MpGx8BYAkczyeLhi85KpsLG2ki0GG2srWFgosO/oeU1Z5bJFsW3ZNFhZWcoWl7EU88sHtVrUbGYUGBSKwOAwNK+v+6qLDva2+Gnuaohcao1MFHsAiGT25/+GwMnRXtYYYuNUWLh6h+a5h1sOrPtrgqxJibFNGNIdbRpX1zxfsX4PDp64lO564lQqPH72Cqcu3ISTo3H3QiBKD9Nat5PIzNQJKINGtSrKHQbmLFyPuw+fAUiYx77y9zGStwSyMkEQsPSXUbj94Jlmi+F+Y+bgyr7FmjECUq7ffoST56/j5IUbOH3xFp4HBidZLZHIVHEvACIZ7ftnFmpVKS1rDE9fBKF4na8R8+EjgIQpcvOnm++GNqcv3kSNNt9rtjce2b8Tpo7oleSYG3ceY+32Q1i3/RCePA+SI0yiDGMCQCST8qUK49S2eXKHgZZfj8XOg2cAJExFvHVkJVycs8kclbz6jZmDRf/dErFUKnF+118o6pcPOw+ewf/mrk7T8sEKhQC3HNlhZ2cDS6USHz58ROjbCETHfDR0+ERpwlsARDIZ0a+j3CHg3/2nNCd/AJgyvJfZn/wBYPqoPti+9ySCQ98iTqVCl0HTIAgCrt9+JHm8m0t2BJQvjoAKxVGiSH7kzZMTnrndYKnU/hMbHfMRzwODcf3OY1y//Qgnzl/HmYs3ERunMvTHIkqCPQBEMvDO7Y4Hp9bIOr0uPl4N/5rd8PjZKwBAqaIFcHbHX1Aosu6Uv/RYt/0wugycmuzruXO6oF2zWujQvDbKlfTLUFtR0R9w8MRFrN58ADsOnGIyQEbBHgAiGXzVvJbsc+s37DiiOfkLgoDfpwziyT+R9s1rYcGq7ZqpgZ+UKV4IowZ0Qov6AXr797K3s0Hz+lXRvH5VhL19hzmLNuCPpZt4u4AMitMAiQxIoRCQzcEO2RzskpR/ueueHH7+c63mcdO6lblynYTxg7sleT5z3Lc4u+NPtGpYzWDJkotzNkwd0Qt3j69Cv+4tNfsVEOkbf7OI9MDO1hoBFUogoHxx+BfKC/8C3vDM5Q57OxsAwO7DZ9G8xxjNsRVLF5EzXBw+dRnXbj/UPP+mS3MZozFdtaqURtkSfrh4LWE75Jv/TQ80Bg+3HPht8kD80KcdRk1fgE27jhmtbTIPTACIdGRrY41WDQPQtW0DVK9UMsUrtas3P59sSxUtCAsLeTvfVqzfo3mc19MD9aqXkzEa09ave0v0GjoDALBxxxHMmdgfjvZ2qbxLf3y8PLD2zwn4c+U2DJ00H3Eqjg8g/eAtAKJ0cs3hhGkje+P5hQ1Y8dsY1K1WNtVu2sRX22VL6GfPeV1FRkVjy57jmud9OjXhvf8UtGlcHQ72tgASButt+PeILHF8160FDm+cA89cbrK0T1kPEwCiNLKxtsLEoT3w4OQajOjXMV3L91699TkBKFNc3gRg654TmsFllkoleiTaCZC02dvZoHWiJYLXbDkgWywVSxfBuZ1/oWblUrLFQFkHEwCiNKhdtQyu7l+CsYO6au7rp8en0fYA4C/Dlr+J7Uo07795/SrI6eosYzSZQ7e2DTSPT124icioaNlicXPJjn9X/ISACsVli4GyBiYARKkY0vcr7F41E755c+v0/uiYj0nu2+bILt9CO/Hxahw4flHzvFWj6ikcTZ8ElC+O7NkSNvaJU6l02iRIn2ysrbB16TSU8M8vaxyUuTEBIEqGpVKJhTOHYcbYbzJ0jzz83fskz52yybdD3JlLtzTxKBQC6lYrK1ssmYmFhQLVK5XUPN9z+JyM0SRwcrTHrlUzdE5MiZgAEEnIkd0Ru1fPRE893B9/FxmleSwIgqxb/56+eFPzuEzxQlz2Nx1qV/28adOR01dkjOSznK7O2Lv6Z7jmcJI7FMqEmAAQfcHZyRHHt/yBGomu+DIiKjpG89jaylLWKYCXrt/TPObCP+mTeNfGR08D8T4qJoWjjcfHywNzJg6QOwzKhJgAECViYaHA6rnjUMjXS291OiZaBfDDx1ioVPF6qzu9Lvy3oA0g/2yEzKZwgbywsbYCAIiiiOt3pDcGkkOHFrXRuHYlucOgTIYJAFEi00b21vuiONm+6PKPSHRLwJiiYz4mmY1QlglAuigUQpLE8FqiqZ2mYN70wUZdoIgyPyYARP9p37wWhn7TXu/1fnnP/51MCcCzl8Gax4IgIL9PHlniyMwKF/icANy6/1TGSLR55nLDT6P7yB0GZSJMAIgA+BfMi4Uzhxukblsba03XMQAEBocZpJ3UPH3xOQHI6erMTWZ0ULhAXs3jkLBwGSOR1rdLMxTIx8SO0oYJABGAuVO/h52ttcHq98v/efGfm3cfG6ydlDwP/JwAeObmcrK6yJ3TRfP4dehbGSORJggC+nVrKXcYlEkwASCz1755rSRzvA2hhL+v5vF1mRKAd+8/r17H6X+6cUh0j/21CfYAAED3rxpq9i4gSgkTADJrCoWASUN7Gryd4okTgNvyDB77tP4/ANjb8gShC0eHz/9uoW8iZIwkedkc7NC1TX25w6BMgAkAmbU2jWsYZTBcySKfl2w9f+WOLGvJR8d80Dw25O2OrCybw+cBnYnXdzA1/Xu0hCBwh0dKGRMAMmuDe7c1SjtVyhXTbCIUG6fCvqMXjNJuYmq1qHmskHExoszM2spS7hDSxC+/N0oVLSB3GGTi+FeAzFYhXy9UKO1vlLZsrK1Qr9rn9QV27D9llHYTc3b6vAdBTKLbAZR2H2PjNI+tLE07GWhQs7zcIZCJYwJAZqtL63pGba9Z/aqax//uP4Wo6A8pHK1/iXchTHw7gNIu8c/M1G+j1K/OBIBSxgSAzFbz+lWM2l7j2hU1c+8jIqOwZssBo7afPVEPQKSJrGOf2byNiNQ8dnd1ljGS1JUuVjBDu1hS1scEgMySm0t2FCnkY9Q2XXM44atmtTTP563YatT2E/cAvHgVYtS2s4rEc//zeLjKGEnqHOxtudojpYgJAJmlahVKyDJK+vtEgw5v3n2MvUfOG7S9qOgPiIiMQmycCjmyO2rKn798nWRQIKXNs8DXmse5TTwBAIDifr6pH0Rmi2uBkllKPC/fmEoVLYAalUri6JmrAICR0xegbrWyetki+MPHWOw+fBZbdx/Hxev38eT5qySD1hIvDhOnUuFFUAi8c7tnuF1zcuveE81jU+8BAABvT/58KXlMAMgsFcznKVvbYwZ10SQAN+8+xpJ/dqJvl2Y613fk9BUsX7cb2/edSnF9gS/3r7//6AUTgHRKnAD4F8yb/IEmwsMth+axi3M2NK1XBe4u2aFSxSPo9RsEBofi7sPnCAp5I+F/y1EAACAASURBVGOUJBcmAGSW8ufNLVvbtauWQcsGAdi69wQAYMLsZWjVqBrcXLKnq57A4DAMnTQPG3ce1SmOKzfvo05AGZ3ea47eRkTiZVCo5nmZYqa/nXLi7YH98ntj8c/aG16JoojzV+5g694TWLVpP169lmezKjI+JgBklhLfD5fDrB+/w54j5/DhYyxC30Sg19CZ2LZsWprHJcxfsRXjZy5Jsr4/AFhYKFC3WlnUqlIafvm9kdPVGRYWCgSFvEFgUCjWbjuk6X04c/GW3j9XVnbi3HXN4xzZHeHj5SFjNGmTeBfKxLeDEhMEARVK+6NCaX+MHdQVsxesw+wF65IsHU1ZExMAMkv2Mm+WktfTAyP6dcTkOSsAALsPn8UfSzdjUK82Kb5PFEUMHP87Fvy9PUl5QV9P9OnUFB1b1knS7fslV5fsmgTg2NmrUKtFThVLoyOnr2gely5WUMZI0i7xSd/GOvWFi+ztbPDjD93Rs31jtOkzHpdv3DdkeCQzzgIgs2RrI/8iLqMHdEaVcsU+P/9pIY6fvZbs8Wq1iG9Gzk5y8reyVGLCkB64un8JfujTLsWTPwDUqFRSc8J/Ex6JE+eSb4+SOnLqcwJQJ6CsjJGkXeKFi9KzQ6BXbjcc2fgbWjYIMERYZCKYAJBZivkgf/emUmmB1XPHwTWHE4CEPQJa9RqHq7ceSB7fd+QsLFu3W/O8qF8+nN+1AOO+7wpLZdo685ydHFGq6Oer1/U7juj+AczI42evcC3RLo6Na1eUMZq0i4r5PPDTwS59vV52ttZYv2Aik4AsjAkAmaUoE1kJzzOXG5bPGa25Ko+IjEKTrqPw8MnLJMet3XYIK9bv0TwvUsgHB9bO1mkxo8R/0DfvOob4eLVuwZuRxAMtvXO7o6hfPhmjSbvEgxadEy0ElVaCIGDpnJGZYsYDpR8TADJLb8IjUz/ISBrULI/503/QPA8OfYsabb7HxWt3AQAhYeH4YeJczeuFfL2w759Zmp6D9GrbpIbmcUhYOA6fuqxj5OZj/b+HNY+b1jPuEtIZ8fBJoOZxAR/dZr442tth08LJmmWsKetgAkBm6eHTwNQPMqJeHZtg1vjvNM+DQ9+iTvsh2HnwDIZMmofQNxEAEraj3bpkKnJmYB36gr6eKFnk81axiU9upO3C1bu4cvPzbZme7RvJGE36PHj8QvO4gI/ua18U9PVEn866r1VBpokJAJml+4n+MJqK73u3xeRhX2ueR0V/QOve47B22yFN2cj+nVDQN+OLGPXr3kLzeMOOIwh7+y7DdWZV85Zv0TwuU7wQShUtkMLRpiM49G2SpYv98ntlqL4xg7qkayAhmT4mAGSWrt9+JHcIkkYP7Ixlc0bB2iphylbi9foL+npiRL+OemmnS5v6yJ3TBUDCCoG/LFyvl3qzmqCQN0l6SHp3bCJjNOlz8vzndQtcnLNlOAFwd8meZDMryvyYAJBZOn7uGkTRNDfD6dK6Hg6s+wXuX6wM+OPg7prEIKOsLJUY3Ked5vm85VsQEhaul7qzkgmzliE2TgUgYTfHji3ryBxR2h0783mKp742v2qWicY/UOqYAJBZCgkLT7Kuu6mpVKYIJgzpoXnu7OSI1o2r67WNPp2awtkpYUXEqOgPmL2AvQCJXb5xH8vXf552+UOfdpmmC1wURWz7b6lpAKhRuaRe6q0TUMYk1tAg/WACQGZr+75TcoeQogv/zQIAEuad63sUtoO9Lfp1b6l5/ufKrQhOtN+9uRs8Ya7mFoyLc7Yk/1am7vTFm3jxKgRAwlS+Fg2q6aVeWxtrnaaekmliAkBma9Xm/XKHkKLTF29qHteoXMogbQzo2Qp2tglXdNExHzFuxhKDtJPZrNt+GKcu3NA8H/5dh0xz9Q8AKzfu0zyuUq4ovHK76a3uXO4przaZHtNH9cHqueOT/FepTBG91U8pYwJAZuveo+c4d/m23GEkK/Ec7hL+vgZpwzWHE4Z/93lg4fL1u5OseW+OomM+YvRPCzTP/QvmTXWPBlMS9vYd1mw5oHnevnltvdaf67/Bo/rQoGZ5fNWsZpL/8nrm1Fv9lDImAGTWfl28Ue4QJL2PikGcSqV57p3HcH8Uh33bHgXy5dE87z10JsLfvTdYe6Zu5PQFeB4Yonk+d+r3aV5q2RQsXrNDs9S1k6M9urSpp9f6ra2sUj+IMgUmAGTWNu06qrXsril4E5F0pcJsjvYGa8vG2goL/jdUM0r86ctg9Bj8k8nOkjCkZet246+V2zTPu7Wtj+qV9DOAzhjC371PMqWzV8cmcLS302sbQa/D9FofyYcJAJk1tVrEhNnL5A5Dy5cD/tRqw67XX71SSYzs//lWwM6DZzDt91UGbdPUnL18CwPG/qp57uPlgTmTBsoYUfrNmLdGs8y1laUSA3q21nsbr5gAZBlMAMjsrdt+GEfPXJU7jCQ+Tc/7xBgr9U0c0hNVy3/ennjynBXYefCMwds1Ba9eh6Fd34maOf+WSiXWzB2PbA76vXo2pJt3H2Puss+rFg7q1Uavg/+AhOmFDx6bXo8Z6YYJABGAgeN+Q3SM/FsEf2JtZZmk69YYexdYWCiw6o/P2xOLoojOA6bg/JU7Bm9bTh9j49Cu78QkV7ZTR/ZC+VKFZYwqfaJjPqJj/yn48DEWQMKqfaMHdtF7O5eu3+NU0SyECQARgNv3n6LviJ/lDiOJUsU+rzl/MdGaAIbkmcsNW5ZM1Sz2EhX9Ac17jjHpRZMyQqWKR9eB03D28i1N2dcdGmNI369kjCr9fpg4F7fvP9U8/2l0X4P0Xuw4cFrvdZJ8mAAQ/Wfd9sOYvWCd3GFoVCztr3m8/9gFo7VbqUwR/P37WCgUCYMCQ99EoG6Hobh8477RYjCGj7Fx6NBvErbsOa4pa1y7EuZNGyxjVOm3bvthLF27S/O8ef2q6Naugd7bUani8U+ijako82MCQJTImP8twr6j5+UOAwBQu2oZzeMjp68gKOSN0dpu0aAqerZvrHkeEhaOWu0GZ5krwNA3EWjcdSS27T2pKXNytMfK38dAqbSQMbL0efD4JfqN/kXzPKerM/763xCDtLViwx6TnDFDumMCQJSIWi2iy8BpuPfoudyhoE5AWc2OfSpVfJIBXoYWG6fCnsNnk5RFRX9Amz7jk2yPmxndvPsYlZv3w7EvBn5GREZh4NjfkuzAaMpevApBo64j8O59NICEUf//zP8Rbl9sIqUPMR8+YsqvK/VeL8mLCQDRF95GRKJaq4GyzwxQKAR0aVNf83zuss14baQd+/7euBcvg0K1ytVqEYMnzEXXQdM0J57MZMOOI6jWahCePA+SfP2fbQfxzcjZJp8EPH0ZjDrthyT5HH/+NATVKpYwSHsDxv0m+ftAmRsTACIJb8Ij0ajzCCxbtzv1gw1ocO+2mtkAUdEfMPZ/iw3eZlDIG4z+aVGKx6zddghlG/ZJMnjOlL2NiETXQdPQqf8UREalnLgsX78bbfv+iPdRMUaKLn2OnL6Cqs3741GimSEFfT3xVfNaBmnvj6WbsXLDXoPUTfJiAkCUjDiVCn1HzMLIaQtkuyJ0c8mOod9+HpG+fP1ubNp1zGDtqdUi+g6fhbdfrEQo5cnzINRo8z2+//GPNB0vl027jqFUvV5Ym44BbP/uP4XqbQbh6QvpngI5iKKIn/5YjYadh2tNxbv/6AVa9ByLqOgPem1z5cZ9GDHtL73WSaaDCQBRKn5ZuB4NOw+XZQDUpev3tBbj6TV0RpKdAvVp8IQ/sPuLe/9fypH98yJF8fFqzF+xFf41umHB39uhUsUbJC5dnLt8GzXafI8O301CYHD6V6+7fvsRyjbsixXr9xgguvQJe/sOzXuMwY+zliI+XnpVyEMnL6Fx15F6GSwqiiLGzVyCXkNnmNTPlPSLCQBRGhw+dRml6vfGtN//1vtVlpQ34ZHoN2YOKjfvp7UQT1T0BzToNBzb951M5t3pp1aLGDblT/yZaB385HRoUQd7Vv+Mgr6emrKwt+8wYNxvKFy9K+Yt3yLrokrHzlxF697jEdBqYJItfXURERmF3sN/Rsuvx8rSG6BWi/hn20GUb9wXe46cS/X4UxduoFitHvhr5Tade62u3HyA+h2HYca8NTq9nzIPC4VTvolyB0GUGaji43Hk9BUs/mcn4uPjUdzfFzbW+t0Z7cnzIMyYvwa9h83EyfM3kNx+PCpVPDbuPAJHeztUKO2v2chHF6FvItCx32Ss2rw/TceXL1UY/bq3RO9OTWFtbYkzF29BFZ9wlRgRGYU9R85h8ZodeBsRCQ83Z7i7OuscW1pFREZh/fbD6DtyNmbMW6P3WRz3H7/AX39vR9jbdyhTvBDs7Wz0Wv+XRFHExp1H0bHfZCxavQPvItM+4PJjbBx2Hz6LXYfOwEKhgI+Xh2Zhp5TaO3v5NsbPXIJB439PdpCkvn3TpRlyuuVIUrZ59zHcvPvEKO2bO0HpXdu0h7sSmShbG2u0bBCArm3ro0blUlob+KRVZFQ0Dp+8jMVrdmLv0XPpvnIrWaQA5kzsn+4R4PHxaixbtwtjZyzWbCCTFv26t8Rvkz9vkvP42Sv0GzMHB45flDy+uL8vOraog3rVy6GEf37NAkMZFRz6FodOXsLGHUex98g5fIyN00u9qXGwt0XHlnXwTZdmKFmkQOpvSAeVKh7b9p3ElF9X4ubdx3qp08pSifo1yqN0sYLwzuMOr9w5YW9ng5dBoQgMCsWt+0+x88BpWTb5ubhnIUr4509S1mXgVKzbftjosZgjJgBEemBna42q5YsjoEJxFC7gDT9fL3jmdoejvZ3mhBcV/QGhbyMQGhaOpy+DcfL8DZw4dx1Xbz1I9r6uFFsba1hYKLRGqdesXAptm9RAi4YB8Pjiqiqxe4+eY8OOI1i8ZidevApJ9rjkfJkAAMC+o+fRpNuoVN+bPZsDqlUsgQql/FEovycK5fNCfp/cKV6hiqKI569CcP/RCzx4/AIXr9/D8XPXTGJTmnIl/dCifgAa1CyPUkUL6NQTExX9ASfPX8fm3cexdc9xo2z8ZCqYAMiLCQCRAQmCAAc7W8SpVJqNWjJCqbTAxoWTUaRgXvQaNhPHz17TOkahEFDI1wueudyQJ5cbXJ2dEB3zAS9eheDspVsZXksgIwmAFEEQkM3BDg72tnCwT/h/bFwc3kfFICoqBuHv3mt26TNlOV2dUbpYQRQp5IMiBfPCM7c7sjnYIZujHWxsrBEVFYP3UTEIeROBR08D8eDJS1y+cR8Xrt5FnMr0P58hMAGQl259lkSUJqIopjrvPK0EQcDCmcPQpE4lAMCBtb9gxYY9+Gnuajx+9kpznFot4s6DZ7jz4Jle2jU0URQRERmFiMgouUPJkODQt9hz5FyaBusRmQLOAiDKJIZ92x5dE60MqFAI6Nm+EW4dXoEOLWrLGBkRZUZMAIgygarli2HysK8lX1uz5QDW/8suUyJKH94CIDJx2RzssOqPcZK71K3ecgC9h/8MMbn5gkREyWAPAJGJmzi0JzxzuWmVn7l0C9+MmMWTPxHphAkAkQkr7u+Lft1bapUHh75F2z4/Gm3uOxFlPUwAiEzY9FF9YGGh/TUdMOZXrQ1hiIjSgwkAkYkqU7wQGtasoFW+/t8j2Lr3hAwREVFWwgSAyESNHthZq+xjbBxGT18gQzRElNUwASAyQbncXdCsbhWt8oWr/sWzwNcyREREWQ0TACIT1KlVXa17/ypVPH7+c61MERFRVsN1AIwod04X1KxcCn4FvJHL3QWODnYAgPdR0XgV/AZ3Hz7D0TNXddqghfQjv08eNK5dESX98yOvlwdyZHeElaUlPsbG4nVoOJ48D8KFa3ex6+AZBIW8MVgcXVrX0yrbefCMLDu2mSrv3O6oVrEE/PJ7I1fOHHCwT/g+RUXFIDA4DHcfPsPxs9fYY6JHrjmcUKtKaRQu4A3vPO7I5mgPpYVFkk2QvtwQSfv558c+XrkMGi+ljAmAgRXIlwetGlZDywYBKF+qcKq7hYmiiIvX7mHr3hPYsvu4Xvc1z+XuAu88OZOUvY2IzHAbFhYKlCtRWKv80vV7Gd7kpEC+PHDJ7pSk7HlgMAKD9Xci9MvvjU6t6qBlgwAUKeST6vF9OjeFWi3i7OVb2LrnBP7ZelCvJ+Y8Hq4oVjifVvmSf3bqrY3MqqCvJ9o0ro5WDauhTPFCaXrPpev3sGXPcWzadQz3H73QSxz5ffLA1Tnp7+XLoBBZkvcihXzg+F/y88mjZ4EIyeCmT5945XZDy//+hlUtX1xyVgplTkwADMTHywPTRvZBu6Y10rVFqCAIKFfSD+VK+mHqiF7YtOsYRv+0MMlmL7rq2LIOZoz9JknZrkNn0KLn2AzV62hvhxNb/9Aq9yrXLsNXydNG9kbrRtWTlI2dsRgz5/+ToXqBhIRo0rCe6N6uYbr3qFcoBFQuWxSVyxbFhCE9MGfResz6a53WFr26qFm5lFZZVPQHHDxxMcN1Z1b5vHNh+qg+aNukRrrfW6Z4IZQpXghThvfCxp1HMeZ/izL8fZo87Gt81axmkrIpv67E5DkrMlSvLhbNHIYKpf2TlPUaNhMrN+zNUL3uLtkxYUgP9OrYhCf9LIo/VT3L5mCHmeO+xY1Dy/FVs5o67Q+eWJvG1XHj0HLMGv8dnBzt9RSlebOwUGDMwC64fXQlerZvlO6T/5fsbK0xdlBX3D66Et3a1k/9DamoIZEAHDl9JVNsiatvib9Pupz8v9S2SQ1+n1JhZanEqAGdcOf43+jbpRlP/lkYewD0yMfLA9uXTYd/wbx6rdfKUonve7dFo9oV0bznWDx88lKv9ZsTR3s7rJ43Do1qVdR73R5uObBk9kiULeGHIZPmIT5erVM9Jfx9tcoOn7qc0fAynXzeubB92XQULuCt13o/fZ8a1qqA5j3H4tHTQL3Wn5m5OGfDhgWTUK1iCblDISNgAqAnVcoVw6ZFk+GawynF49RqEY+fBeJlUCheBodCFBPu+ebJ6Yp83rlSzLYL+Xrh1LZ5aPfNBBw7c1XfHyHLy5snJ7YunSZ5fz2x2DgVTl24gWcvX+NVcCjC372Hm0t2eLi7oEDe3ChXsnCKvQb9ureEb97c6Nx/Ct69j053nIXye2mV3bz7ON31ZGYBFYpjw4JJqX6f4uPVePzsFV4GhyIwOBQAkDtn2r5Pfvm9cWrbPLTt+yNOnLuu1/gzI7/83ti+bBp88+ZO8ThRFPHo6ee/YW/DI5O89uWxSZ8nrat9i9pwd8mescBJZ0wA9KBe9XLYsmQqrK0sJV8XRRH7jl7A5t3H8O/+U8kOznHN4YSmdaugdeNqaFizguTtgxzZHbFn9Uy07TMBuw6d0evnyMpyubvg6ObfkcfDNdlj9h45j1Wb92HXwTMpnrhzujqjeYOq6N2xSbID0RrWrIA9q39G7a9+wIePsemK88sBXQBw696TNNeR2TWsWQGbFk+BlaX0nydRFLH36Hls3pXwfQp9EyF5nGsOJzSrVwWtG1dHgxrlJb9PLs7ZsHfNLLTpPR57jpzT6+fITIr7++LQ+jnIns0h2WNOnr+B9f8exra9J/AyKFQv7QZUKM4EQEa8uZNB+X3yYM288cme/E+ev4EqLfqjafdRWLp2V4ojc0PfRGD5+t1o3mMMKjb9DkeTucq3VCrx9x9j4Zdfv12jWZWVpRIbFk5M9uR/5eYD1O84DE27j8LabYdSvWoPDn2LRat3oFKzfug2aDqevgyWPK58qcKYN/2HdMXq7uqsVfYxNk6vsx5MWSFfL6yaOy7Zk/+R01dQsel3aNZ9NJat253syR9I+D4tW7cbzbqPRqVm/XDk9BXJ46wslVg1dxwK+nrq5TNkNjmyO2LzoinJnvyv336Exl1Hombb7zF/xVa9nfxJfkwAMsDR3g5bFkt/ceJUKnw76hfUbPs9Lly9m+66L9+4j7rth6DX0BmSO75lc7DD5sWTkc1B+2qRkpo7bTAqli4i+dovC9ejYtNvdbrHLooi/tl2ECXq9Ex2bf5ubetj4Net01yng72NVtm7yKh0x5YZffqdlhqc9zE2Dl8PmYF6HYbi8o376a770vV7qNdhaLLfJydHe2xZPMXsvk8WFgqsmfcjfLw8tF4TRRGTflmOco37Yv+xCzJER4bGBCADfp86SHLA35vwSDTqPEIv87ZXbtyH+h2HSfYcFPL1SvcVprlp3ag6erZvpFWuUsWj74hZGDltAdRqUeKdaRcd8xFffTMRs/5aJ/n6zLHfpml9AQCS3f+ROowjyIzmTf9BslcrJCwc9ToMxd+b9mW4jZS+T375vc3u+zSqf2fUCSijVR7z4SM6D5iKqb/9neHvB5kuJgA6KlmkADq3qqtVHvPhIxp2Hp5s970uTl24gfqdhiEq+oPWa+2b10LZEn56aysrUSotMHVEL8nXfpg0D8vW7dZbW6IoYvRPC7Fw1b+ScUwZ/nWa6lEotL+SUlesWU3ZEn5o37yWVnlU9AfU7zQMpy/e1Ftbpy7cQIPOw5P9PqV1gaHMzs0lO4Z9216rXK0W0bHfZGzYccT4QZFRMQHQ0dSRvSQHFX07crZOXZSpuXHnMXoNnaFVLggCpo/qrff2soLu7RpK3tddunYX/lq5zSBtDp4wV3JEefP6VZO9DZHY+2jthYRsbaz1EpspmzpC+vvUa+gM3Lij/xkQ128/Qu9hM7XKBUFINmnMakYP6AwHe1ut8km/LMfOg8YZYJzRdVIoY5gA6CCgQnHJfdqXr9+NNVsPGqzdTbuOYcHf27XKa1ctI9mNZ84slUqMH9xNq/zpiyAMGv+7wdqNU6nQddA0yZH/U0ak3gsg1d2fwzmbXmIzVTUrl0LdamW1yheu+hebdh0zWLsbdx6V7LGpV70calQqabB2TYF3bnf07dJMq/zI6Sv4ae5qGSIiOTAB0EHP9o21ymI+fMSEWcsM3vbkOSskl5vt8ZX2fW5zVqNySclR/5N+WWHwLvUXr0Iwf8VWrfKalUshl7tLiu998/adVlk2Bzu4ZOEkoIfEGI2o6A9GWVZ3yq8rJW8F9Oyg/R3PSjq2qqs1c0kURYyavlBr7j5lXUwA0kmhENC4tvYqcvOWbzXKVK3XYeH4dfFGrfKGtSpAqbQwePuZRbN6VbTKbt9/itVb9hul/Rnz1iAyKunVvCAIaFK3corve/7qtWSCUsAna05Rs7BQSK7K+PuSTQgOfWvw9oNC3uCPpZu1yhvVqpill8BtVk/793Dz7uO4eC39M5Yo88q6v+EGUrlsUcnVyRat2WG0GJat3aVVlj2bA6qWK2a0GEyd1In2n20HjTai+U14JHYf0l5YRuoPb2IJK0Vqb1RT1M9HX6GZlCrliiFHdketcmPufLhYoq0c2R1RtXxxo8VgTDldnVG+pL9W+VKJvyuUtTEBSKfGtStpld2698So64k/C3yNa7cfapWndnVpLooU8kHeL7Y9BoAdB04bNY6dB05pldWuWgY21lYpvu+mxKp/1bPoPekmdbS/T9duP0x2cSVDePoiCNdvP9Iqb5pFv08Na1fUWsr6fVQMjiazUBJlXUwA0klqyp2xRswmafOAdpvlSxY2ehymqHTRAlplgcFhkn/kDUlqaVkba6tUV3A8fvaaVllWHZRWTuJ3Vup329CkksOsOh2wnMTnOnjikizTTTkJQF5MANLJ1zuXVtmdh8+MHsddiTZT28TDXOT11F7V7MnzjO3/ros34ZGSywr7eGn3TiR29Iz2lZhnLjetPd+zgnwS3yep321Du/fouVaZVGxZgdTfCanPT1kfE4B0cpPYuCLo9RujxyE14NDNJeWd08yF1Ij5VzL8jAAg6LX2zylH9pRH9N+8+0Ty59uldT29xWUqpDaCkeNn9Uri55RTYl+GrEDqb5jU56esjwlAOtnbaa/VHhxi+NHKX5I6QVgqlVl65HJaSd1jf22EEeVSpH43UhsDIIoi1m0/pFXeoUXtFHdry2wEQZD8tzDG6P8vBUn8nKytLJPd9tnkp8qlEJ+drfbCUnJ9P0hePFukkyo+XqvM1iblP+iGIJWIAJngD5MRSK0uplJp/9yMIU6l0ipLy+pnqzcf0CpzdnKUXLo1sxJFUfL3VY7vk9RJMSE+6eOlfq7OTvIkZ1I9SnFxyf++x8ertcpszGC1SdLGBCCd3kVq39P1cMth9Dhy59ReUOZ9VAw37sgirt56IDkne+DXbWT5fTOUCImdDuX4fFJtRkbFJJtQS63YmFOmn0tOd+1bFVL/rim9lstdnti5FLC8mACkU6DEXti5JE7GhibVZmAw9+nOSmbOX6tVZmdrjbGDusgQjWG8kriVJcf3yUPiBPjyVUiyx7+U+DuQO6f2ypOGZm9nI7mDZEp/C6RuH6a2QiVlTUwA0umuxGjZKjIswFO5bFGtsrsPOZI3K9m697jk6OxenZqkOpUwszCV75PUoj9SsX1yT+K7VrpYwVTHd+ibVNxqtYj7j18k+x6pWRZy/JuT/JgApNMxiW1+jb0Mr0IhSC6feujkZaPFQIanVosY+7/FWuWWSiU2LZqEbA7aV36ZzaETl7TKjL0Mb3LLER89nfyW3ifOX9e63WZna230TbmaSSxWdO7Kbcn9DT45ckp7mmmpogUk986grI0JQDrtkFjdLXs2B6Mu1FKlXDHJ5YilYqPMbeveE9h39LxWuV9+byz/dXSmv4e6U2IBHhfnbAgw4jK81SqUkFyO+N/9yX+fQsLCcfbyLa3yFg0C9BpbShQKAU3qau95kdqKl8fPXUP4u/da5c3qV9VbbJQ5MAFIp+eBIbh664FW+agBnY0Ww6j+2m3duvcET54Hpfi+mA8ftcosFBnvuUjuak0fJyep+KQ+R1Y2eOJcyc/crF4VTBjS3ejxSP4eWej2e/Qs8LXkCo1G/T5JtHXjzmM8fZHy90kqQejUqi68crvpLbaUdGldUteTTQAAF4xJREFUT7Kt1BIAlSoeew5rr1I5tO9XsLJU6i2+tPhyR0IAKfZekH4xAdDBtr0ntcpqVi6FetXLGbzt6pVKokHN8lrlKV2tfCI1J93dVXtRkPSSWlgEAHK6ZXwhFQ+JEc5yLLwkp/uPXmDo5PmSr40Z2AXdv2po1Hikfo88MvCz3r5f+/tUt1pZ1KpSWuc606p21TKS3fbb9p1I9b1SfwesrSwx4Yce+ggtRdZWlvhxiHY7T54H4ebdx6m+f/s+7dh9vDzQp3MzfYSXJpZKpeSqnQ+NuK+KuWMCoIO//t6O91ExWuWzf+yX7Px8fbC1scacif21yqNjPmLecu39578kNTK4SCEfyTnQ6ZHcHgRS+yakh5WlEsX8fLXKzXG2w6LVO7Bx51GtckEQsPjn4Zg6opfRbgdI/fsXyu8FB3tbner7a+V2yau+Xyb0z/DvZkrsbK0x+8d+WuVR0R/w54ptqb7/3qPnkol3lzb1DT6obtSAzpIbXv38l/bMESlb9hzHg8cvtcrHfd8VnrmM04NRJ0B7YyxRlN4NkwyDCYAOQsLCMWfRBq1y/4J5sWT2SIO1+9eMoSjhn1+r/Pclm9K0lOfNu08QG5d0ARNrK8sM73rWpkkNyfK2yZSnVePalbQSqjiVCjfupH6FkxX1Gf4zLl2/J/nayP6dsO6vCQY9YX5y58EzRMckvQ1gqVSihY73kINC3uD3JZu0yosVzoeFM4frVGdaLJw5HMUK59Mq/23JxjSvRjhu5hKtwYAWFgqsXzDRYIPqmtWrIjkV9MHjl2ne0leliseE2Uu1yl1zOGHjwklGmc0wuE87rbILV+/iw8dYg7dNCZgA6GjOwg0ICQvXKm/TuDomD/ta7+2NGdgFnVrW0Sp/Ex6JWWnM+iOjonFYYqbAiH4dk13yNDUl/PNLjqAGErpxde0FEAQBI/p11Co/fvZaioucZGXvo2LQvMeYZMd6tGpYDUc2/mbwKYIfPsbi4ImLWuXDv+ug8+j92QvWIeztO63y9s1r4ccf9D/O4ccfuqN981pa5WFv32H2X+vSXM+te0+wavN+rfKcrs7YtGiy3pduLl2sYLKDPyfMXpquFS837DiKKze1xzOVLeGHxbNGGHRmU5vG1SVvvazctM9gbZI2JgA6ioyKxrBk7suOHtgZi38eDktlxgfUKJUWmD/9B0wa1lPy9eFT5qfrhLhlz3GtspJFCmBI36/SHZuVpRILZw5NMXlYMGOITlcT/Xu0QvlS2rcWpO67mpPg0Leo32lYsklA6WIFcWXfYsybNlhyox192bpX+x55Ub98GP5dB53qi4iMwoipf0q+Nn5wNyyYMVQv3ydLpRILZw7D+MHdJF8fPuVPyR0cUzJ+5mLJHoOyJfxwcttc5PfJo1OsX2rRoCoOb/hVcvrn/mMXsGGH9i2ilIiiiIHjfpNc1rh981rYufJ/Btl7wr9gXiyYOUyrPObDR6yX2AODDIcJQAas2XoQvy3eKPla968aYv/a2ShSyEfn+v3ye2PP6p/Rp3NTydfnr9iKlRvTlzGv2rQPzwO1VzibOqI3vmpWM831WCqVWPHbmFSv8EsWKYDVc8ela3RxywYB+Hnct1rlr16HYfn63WmuJ6t6/OwVarQZhNv3n0q+rlRaoG+XZrh97G+MGtAJtgZY533t1oOSo+QnDf1asqcqLVZu3Id5y7dIvvZ1h8bYu+ZnFC6ge++Gf8G82LvmZ/Rs30jy9bnLNuNvHa5AA4PD0P7biZIn0kK+Xji1bR46tKit8xgNezsbTB3RCxsWTJIcY/ToaSA6D5iq0z4gZy7dwuAJcyVfq121DE5tm6fXKc4l/PNj3z+z4ORor/XatN9X4U14pN7aotRZKJzyTZQ7iMzs4MlLqFy2GHwl9g73zuOOvp2bIY+HK67dfii5j4CUPB6umD6yNxbOHCZZL5CwIFHX76ene+3/+Hg1IiKj0Lx+0vnDCoWA1o2qw1KpxOmLNyU3Pfokv08ebFw4GQ1rVkhTm375vVG3WlmcOHdDspv3EytLJcZ+3xW/T/lesit59E+LcOai9tzrLzWpUxllSxRKUnbu8m3slZhPb2hd29TX2ld+z+FzOH/1TobqjYyKwbrth1Dc3xcFkrnCtLayRO2qZfBN1+bwzuOOkDfhettqN16txtuI91rz3gVBQMuGAbC1scapCzfTvQnTgRMXEVChOHy8tEeH5/XMib6dmyF3TpeE71Mar9Q9c7nhp9F9sWDGMMl6AeDwqcvo8cP/dN5L43nga7wOC0eTOtrjaWxtrNG6UXU0rFkBD568xLOXr9NUp421Fbq1a4BNixK+a1IJxPuoGNTvNBzPA9NWp5SL1+4hd04XlCleSOs1F+ds6NauAcqW8MOte0913qlRoRDQp3MzrJk3XnLNhdv3n6LnD/+DWq29UREZjqD0rs3dYzLI2ckRW5dOTXHkryiKuHT9HrbtO4mzl24jMDgUgUGhEEUgt4cr8ni4olxJP7RsEIByJf1SvFo4d/k2Wnw9FqFvInSKV6EQsH3ZT5LTCYGEdc4Xr9mBPUfO4c6DZ4iK/gB3l+woV9IPbZrUQIcWtZPtjl295QA6tawjGX+cSoX1/x7Bxh1HcOHqXbwOews7WxsU8vVCw5oV0LtT02TnUB8+dRmNu45M0wll/vQftHpN/li6GUMmzUv1vfq2d83PqF016b3O73/8A/NXpD5rIy0EQcDoAZ0xYUiPNI3jCAkLx+FTV3Duym3ce/gcdx89R0hoON5HJ7/xTXIUCgFblkxF49qVJF8PDA7Dkn92Yvfhs7hz/xkio9J2wnZxzoatS6ehUpkiyR4jiiLOX7mDLXuO49yVO3j1OgxBwQnJjUfOHMjl7oLyJQujVaMAVCjln+L36cylW2jRc4xerj7Hfd8VEySm5yX2MigU/+47if3HL+J54GsEBoUi/N17eLjlQK6cLijk64mm9aqgfvXyKc4qioiMQvtvJ+KgxGqK6WVlqcTK38eiTePqKR5379FzbN1zAsfOXkVgcBiCXr/B24jk/908c7mhfo3y6NetBYr6aQ+4BBI+R82235vt4F45MQHQE2srSyyaNRwdW+jW/ZlWG3YcwddDZmR4pKyzkyNOb5+nt/uTADB5zgpM+XUlRvTriGkje+ut3qcvglCpWb80JzzmlAB8UraEH+ZPHyx5FZce+Sp1wIsUNsH5kpOjPU5vn4+Cvp5pOr7Dd5OwadexVI+zsbbC4lkjJAfq6dO67YfRe9hMvY4879iiDhbNGi65yI2+PH72Cs17jsGdB9rr+utKEARMGtoTowcabxGmj7FxaNJ1JI5KLLFOhscxAHryMTYO3QZNx+Q5KyT3286o+Hg1pv3+NzoPmKqXP1ZvIyLRqOtIyY1BdLFo9Q5M+XUlAGDm/H8wd9lmvdT78MlLNOo6UufeDnNx8dpdVG7eDwPH/46gEOMtlBQRGYVGXUcmOx5BVx8+xqLroGkG/z51HTRN79PO/tl2EPU6DJXcdU8fjp65iiot+uv15A8k9Kr8OGspegz+ySir8b2NiESrXuN48pcREwA9m/LrSpRu0Bs7D57RW517jpxDmYZ9MHH2cp0G+iTn8bNXCGj5//buPebuurDj+Of7e9qCWKjQAkUpiDEGzDacMpFLgUKdMGBSlLkok7jMLNMh0WXLWJBNNNuMS3RT1D82bwtRx5aCi8MptNw3nGTxRlG59Iat0OqgLZf2POe7P0pLS59CL885p/h9vZKmT0/P5fskPf2+n+/ve36/S3PjbTt+pGtXrd/wRN79p3+X9/zFx7e7/f1/dXV+/wMf3eVl34nc8t/fzSkX/HF+8sDOr2zGM/r9ms9+6fq86tSL8ydXfXrCS9YOwrKVqzN3waX5z5snd49FrXXr++k/Fk3e++mGxXcN5P20rf+6+4d59RnvzIc/8aVJm0yXrlidt7/3w5n/tg8MNIivWXhjjjv9nfn8V2/Y4z0Rz+d7S+7Pief9Ub5163cG8vzsGocABuj0Nxyfyy+9OGec9Jrd/nz0+Hg/t337e/nbT10zKcf4nkspJb9z/hn5yJ/9wU43ST1brTXfuvU7ed+Vn8z9S3c8o9gWxxx1RP7hw+/Lm07/jV3eBb38pw/ngx/9x3z5+kV79B/0u952TubP3f60zN9YfNce7fDeW5df+o4dzmb4hX+5YSj/8Y2NdZk/93V551vPznnzT9qlkwTt7iGAZ3vruafnr//83TtsfNxiVw8BTGTeyb+eyy99R0478fg9ej/detd38zefvCaL7xzuVTOPOGxmrrjs93LR+Wfk4Bk7boB7Pg8s+2k++89fy6e/eF2e2rhpACPcuV859phc+f5Lcs68Eyfl5EAPr/2/XPXxL+afvvz13d4gyuQTAEMw8+CDcv4bT8mCc07NaScev9NTpm54/Mnc9u3vZeENt+Xfv3XnhCcaGqRpU6fkvPkn54JzTs25Z5004eeNl61cnWsW3pjPf/WG57340LaOPnJ23vW2s/P2C+ZPODms2/B4blj07Vz3jc3fu7OBTa5pU6fkxNe+Omed+tqc8GvH5thXzsmclx6+w8bBvQ2ALa917lkn5YJz5ubcs96w3Ue+9iYAtph1yIyc/8aTs+CcuTntxON3ulFuw+NP5ta7vrv1/TTqw0hTpozljJNekwVnz83ZZ56Yo1562IT3Gx/v5wc/eiBf++adWfiN2ya8WNKwvfiA/fOm01+f337TKfnN007Y6fU/JjI+3s/iO/83X/naovzb12+Z8DTqjIYAGLJSSl42e1aOOHzm1gl23YYnsupna7Jy1ZqBLUnurlJKZh58UI44fGZmHTwjG554MkuXr8rDkxAlh818SY6eMzvTD3hR1v7isax6eG3W/PzRfeZ7b8WL9t8vhx96cA6cfkAOfPEB2X+/abnjf74/6T9lzjpkxtZ/Rz/80YOT8m9oi1JKjjxiVmYf9sz76bH1j2f1w2v3qffTRF5y0PTMedlhOWTGgZkyZSxPPrUxj6x9NMsf+tk+H8CzDpmRI484NDMOfPFOzxjY79f84tF1uW/pQyb9fZQAAIAG2QQIAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQIAEAAA0SAADQoC5JHfUgAICh6ndJxkc9CgBgqMa7JL1RjwIAGKqeAACA9vQcAgCA9jgEAAANcggAABrkEAAANGi8K8mmUY8CABiekvS6mmwY9UAAgOGpyfouyfpRDwQAGKKyOQDWjXocAMAQ1bquS4oVAABoSSnru5JqBQAAGlJq1nV9ewAAoCn9kvVdSbECAAANKbWs75K6dtQDAQCGak1XU1aPehQAwPDU9Fd3pdZVox4IADA8Jd2qrqtWAACgJV2/rO427jcmAACgIRt7T63ucv9Ja+KKgADQil5Wn7m2Sz7UL8nKUY8GABi8mqxMPtTvNv+h3DvqAQEAg1dKvTdJus1/rEtGORgAYFjKkuTpACgCAACaUGqeCYBaHQIAgBZsmfO7JOn1+veMdjgAwDD0+rkn2bIHYNXNa5L8ZJQDAgAGrOTHeeimtcnWTYBJLbl9dCMCAAat9svWub575otyx2iGAwAMQ9f1t8713TY3WgEAgF9iXa/bOteXbW4vU+ecubSWHDWCMQEAA1Rqlm9asejlSWqyzQpAklpLuW4kowIABqqWLMzTk3+yfQAkXVk47AEBAEPQr9vN8dsFQG9p7/Yka4Y6IABgsEoe6a2ctd1ev+1XAHJzr9Z8ZZhjAgAGq/bz1eTa8W1v6559p7FSPjO8IQEAgzbWdZ9+9m07BMDG5Tfdk2TxUEYEAAzaoo3Lbtzhon87BECS1FI/NfjxAACDVku9eqLbJwyA8WWzrk/iEsEA8MK25Ok5fQcTBkBy7Xit5apBjggAGKzNc/n2m/+22EkAJOMrDrk2VgEA4IVqydNz+YR2GgDJteO11A8OYkQAwGDVUq/Y2U//yfbXApjw76fMmbcopZwxucMCAAZocW/5orOyzal/n+05VgCSJLWr3WVJ+pM6LABgUPpdv7sszzH5J8nY8z3L+GMP/qwcdMyhpeT1kzY0AGAgas3VvZU3feH57vd8KwBJkvEn+5fX5P69HhUAMDA1eWD8yf7lu3LfXQqAPHLz+pJ6SRwKAIB9VS3pLskjN6/flTs/7yGALfqPLl3RzXjF/knm7vHQAIABqR/rLV/0uV29966tADytt3z8yrhOAADsW0pu6R362BW795DdNXvuoVOnTbm7pszZ7ccCAJOqpK7YNHXqCbn/mw/vzuN2awUgSbL6tkeSLEjyxG4/FgCYTE8kWbC7k3+yJwGQZNPyxXfXkrck6e3J4wGAvdZLv1y4afniu/fkwbu8CfDZ6qMP3lcOOua+UnJh9uRQAgCwp2qt5eLxlTddt6dPsMcBkCT1sQd/MDbj5auScl5EAAAMQy3JH/ZWLPrS3jzJXgVAkvQfXXp3OeiYH5eSN2cPDykAALukV2u5eG8n/2QSf2ofO3reb5Va/jXJiybrOQGArZ6oJW8ZX7bohsl4skldtp961LzXJVnoI4IAMHlK6ookC/Z0w99EJnXJftPyxXdvmjr1hJTcMpnPCwDNKrll09SpJ0zm5J9Mwh6AHfzi/g39Vx5yTff4fvsl5eTYHAgAe6Im9WO9Qx97V354+7rJfvKBTs5Tjpp/ak3/iyV5xSBfBwB+mdTkgZLukt7yG28f1GtM/grANvqPPrC8Tjv6c2VKOaiUnBCrAQDwXPq15urxJ/tv7a9adN8gX2hoE/K0I+f/ar/r/32SecN6TQB4AVnc9bvLNq688fvDeLFh/0Rexo6et6DU8pEkxw35tQFgX7SklnrF+LLFC5PUYb3oiJbkLxobm/Pzi0qpV0YIANCmJbWWq8ZXHHJtcu34sF98xMfkLxobO3rNm0st701y5mjHAgBDsaiWevX4slnXj2Li32Kf2ZQ37ej5x433++8pJb+bZNaoxwMAk2hNTb48VrrPbFx245JRDybZhwLgGWdMmXJkOSVdd2FSL0xy5KhHBAC7q9QsryUL068LeyvrHcnNvVGPaVv7YABsp+x3zLxX9fvdqf3UU0pySmpeNepBAcAOSn5c++X2ruvf0fW625966KafZIib+nbXvh4AO3rZWTOndHl1KfXYWnJcUo+rtRxbNq8UTBn18AD4pdarycpS6r1JWVJqltRa7u31c08eumntqAe3O154AbBTf9ll9qKZ06bsN7vf1dk1/SNKutlJZtVSp3c102vJgal1eko5MDXTSzK9bo6GsWz+faKvXeIY4IWpn2Q8Se/pX9t9XTZP5utTsj61rksp60vNun7J+lLL+iRravqrS7pVXb+s3th7anVWn7k2+VB/dN/S5Pl/+eoeM0VLCgYAAAAASUVORK5CYII=\" />\n        <h1>Login Error</h1><p>The reply from the server did not contain all expected fields\n:\tError: Missing field refresh_token\n</p>\n    </div>\n</div>\n</body>\n"

[DeepDiver1975]

25-02-12 03:53:18:208 [ warning sync.credentials.oauth ]: Error when getting the accessToken "The reply from the server did not contain all expected fields\n:\tError: Missing field refresh_token\n"

there is no refresh token sent back to the client. To get the refresh token the scope must contain 'offline_access' - but this is set.
I have no understanding of authentik - all I can tell: it is not as expected.

[prohtex]

25-02-12 03:53:18:208 [ warning sync.credentials.oauth ]: Error when getting the accessToken "The reply from the server did not contain all expected fields\n:\tError: Missing field refresh_token\n"

there is no refresh token sent back to the client. To get the refresh token the scope must contain 'offline_access' - but this is set. I have no understanding of authentik - all I can tell: it is not as expected.

That is correct: I noted the extensive discussion of offline_access elsewhere and made sure to set:

However, I had disabled recently for troubleshooting. When I re-enabled offline_access, I am back to the terrible cycle above:

1. Open ownCloud Desktop. Delete all users
2. Open browser and ensure user is logged out from Authentik and OCIS
3. Clear browser cache and cookies
4. Set up new account in desktop
5. Auth flow succeeds
6. After a few minutes user is kicked out
7. Trying to log back in again gives the Authentik "Not Found" error
8. Nothing else can be done to get user authenticated again except for repeating steps

@kobergj @DeepDiver1975 I believe I finally found the relevant logs. This seems to be what is causing the user to be kicked out after a few minutes:

25-02-12 04:21:06:825 [ info gui.scheduler.syncscheduler ]:	Enqueue "/Users/profileroles/ownCloud (3)/Personal/" OCC::SyncScheduler::Priority::Low QueueSize: 2
25-02-12 04:21:06:825 [ info gui.scheduler.syncscheduler ]:	Enqueue "/Users/profileroles/ownCloud (3)/Shares/" OCC::SyncScheduler::Priority::Low QueueSize: 2
25-02-12 04:21:06:825 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job finished OCC::JsonApiJob(OCC::Account("Firstname [email protected]"), "https://ocis.server.com/ocs/v2.php/cloud/user?format=json", "GET", Original-Request-ID: "3ed6a61c-d9e7-40d2-9fa0-b752e99735e4", X-Request-ID: "3ed6a61c-d9e7-40d2-9fa0-b752e99735e4")
25-02-12 04:21:06:825 [ info sync.httplogger ]:	"2862c242-4a81-4eb7-9ae7-2c3ce79ed58a: Request: GET https://ocis.server.com/app/list Header: { Authorization: Bearer [redacted], User-Agent: Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64), Accept: */*, Accept-Language: en_US, X-Request-ID: 2862c242-4a81-4eb7-9ae7-2c3ce79ed58a, Original-Request-ID: 2862c242-4a81-4eb7-9ae7-2c3ce79ed58a, } Data: []"
25-02-12 04:21:06:831 [ info sync.httplogger ]:	"2862c242-4a81-4eb7-9ae7-2c3ce79ed58a: Response: GET 200 (5ms) https://ocis.server.com/app/list Header: { Content-Security-Policy: child-src 'self'; connect-src 'self' blob: https://companion.server.com/ wss://companion.server.com/ https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://auth.server.com; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/ https://onlyoffice.server.com/ https://collabora.server.com/ https://owncloud.dev; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://onlyoffice.server.com/ https://collabora.server.com/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline', Content-Type: application/json, Date: Wed, 12 Feb 2025 09:21:06 GMT, Referrer-Policy: strict-origin-when-cross-origin, Vary: Origin, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Permitted-Cross-Domain-Policies: none, X-Request-Id: 2862c242-4a81-4eb7-9ae7-2c3ce79ed58a, X-Robots-Tag: none, X-Xss-Protection: 1; mode=block, Transfer-Encoding: chunked, } Data: [{\"mime-types\":[{\"mime_type\":\"application/pdf\",\"ext\":\"pdf\",\"name\":\"PDF\",\"description\":\"PDF document\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.oasis.opendocument.text\",\"ext\":\"odt\",\"name\":\"OpenDocument\",\"description\":\"OpenDocument text document\",\"allow_creation\":true,\"default_application\":\"Collabora\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.oasis.opendocument.spreadsheet\",\"ext\":\"ods\",\"name\":\"OpenSpreadsheet\",\"description\":\"OpenDocument spreadsheet document\",\"allow_creation\":true,\"default_application\":\"Collabora\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.oasis.opendocument.presentation\",\"ext\":\"odp\",\"name\":\"OpenPresentation\",\"description\":\"OpenDocument presentation document\",\"allow_creation\":true,\"default_application\":\"Collabora\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.openxmlformats-officedocument.wordprocessingml.document\",\"ext\":\"docx\",\"name\":\"Microsoft Word\",\"description\":\"Microsoft Word document\",\"allow_creation\":true,\"default_application\":\"OnlyOffice\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet\",\"ext\":\"xlsx\",\"name\":\"Microsoft Excel\",\"description\":\"Microsoft Excel document\",\"allow_creation\":true,\"default_application\":\"OnlyOffice\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.openxmlformats-officedocument.presentationml.presentation\",\"ext\":\"pptx\",\"name\":\"Microsoft PowerPoint\",\"description\":\"Microsoft PowerPoint document\",\"allow_creation\":true,\"default_application\":\"OnlyOffice\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.apple.numbers\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.sun.xml.impress\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/x-gnumeric\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.ms-excel.sheet.binary.macroenabled.12\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.oasis.opendocument.text-master\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.sun.xml.draw\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.oasis.opendocument.text-template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true,\"target_ext\":\"odt\"}]},{\"mime_type\":\"image/x-freehand\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.oasis.opendocument.text-web\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.ms-powerpoint.presentation.macroenabled.12\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.visio\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"image/svg+xml\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.oasis.opendocument.presentation-template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true,\"target_ext\":\"odp\"}]},{\"mime_type\":\"image/x-ms-bmp\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.sun.xml.calc\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.sun.xml.draw.template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/msword\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.ms-excel.sheet.macroenabled.12\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/x-pilot\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"image/jpeg\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.oasis.opendocument.spreadsheet-template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true,\"target_ext\":\"ods\"}]},{\"mime_type\":\"image/emf\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"text/tab-separated-values\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.ms-word.template.macroenabled.12\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.ms-works\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/x-mswrite\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"image/gif\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"image/tiff\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.apple.pages\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.lotus-1-2-3\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"image/cgm\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.sun.xml.impress.template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"image/wmf\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.sun.xml.writer\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.wordperfect\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/x-abiword\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.ms-powerpoint.template.macroenabled.12\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"text/rtf\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.sun.xml.writer.template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"text/csv\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.openxmlformats-officedocument.presentationml.slideshow\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"image/png\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.oasis.opendocument.graphics-template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.openxmlformats-officedocument.spreadsheetml.template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.ms-word.document.macroenabled.12\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/x-mspublisher\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.oasis.opendocument.graphics\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.sun.xml.calc.template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"text/plain\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.ms-excel\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"image/vnd.dxf\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.ms-excel.template.macroenabled.12\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.sun.xml.writer.global\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.openxmlformats-officedocument.wordprocessingml.template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.openxmlformats-officedocument.presentationml.template\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]},{\"mime_type\":\"application/vnd.ms-powerpoint\",\"app_providers\":[{\"address\":\"com.owncloud.api.collaboration.CollaboraOnline\",\"name\":\"CollaboraOnline\",\"description\":\"Open office documents with Collabora\",\"icon\":\"https://collabora.server.com/favicon.ico\",\"product_name\":\"Collabora\",\"secure_view\":true}]}]}]"
25-02-12 04:21:06:832 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job finished OCC::JsonJob(OCC::Account("Firstname [email protected]"), "https://ocis.server.com/app/list", "GET", Original-Request-ID: "2862c242-4a81-4eb7-9ae7-2c3ce79ed58a", X-Request-ID: "2862c242-4a81-4eb7-9ae7-2c3ce79ed58a")
25-02-12 04:21:06:834 [ info sync.httplogger ]:	"50dbc282-54b2-4262-aa0d-a594cadc8502: Response: GET 200 (Piplined,9ms) https://ocis.server.com/ocs/v2.php/apps/notifications/api/v1/notifications?format=json Header: { Content-Length: 72, Content-Security-Policy: child-src 'self'; connect-src 'self' blob: https://companion.server.com/ wss://companion.server.com/ https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://auth.server.com; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/ https://onlyoffice.server.com/ https://collabora.server.com/ https://owncloud.dev; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://onlyoffice.server.com/ https://collabora.server.com/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline', Content-Type: text/plain; charset=utf-8, Date: Wed, 12 Feb 2025 09:21:06 GMT, Referrer-Policy: strict-origin-when-cross-origin, Vary: Origin, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Permitted-Cross-Domain-Policies: none, X-Request-Id: 50dbc282-54b2-4262-aa0d-a594cadc8502, X-Robots-Tag: none, X-Userlog-Version: 7.0.0, X-Xss-Protection: 1; mode=block, } Data: [{\"ocs\":{\"meta\":{\"message\":\"\",\"status\":\"\",\"statuscode\":200},\"data\":null}}]"
25-02-12 04:21:06:834 [ debug sync.networkjob ]	[ OCC::AbstractNetworkJob::slotFinished ]:	Network job finished OCC::JsonApiJob(OCC::Account("Firstname [email protected]"), "https://ocis.server.com/ocs/v2.php/apps/notifications/api/v1/notifications?format=json", "GET", Original-Request-ID: "50dbc282-54b2-4262-aa0d-a594cadc8502", X-Request-ID: "50dbc282-54b2-4262-aa0d-a594cadc8502")
25-02-12 04:21:12:716 [ debug sync.networkjob.jobqueue ]	[ OCC::JobQueue::block ]:	block: 1 "Firstname [email protected]"
25-02-12 04:21:12:716 [ debug sync.credentials.oauth ]	[ OCC::AccountBasedOAuth::refreshAuthentication ]:	fetching dynamic registration data
25-02-12 04:21:12:716 [ info sync.credentials.manager ]:	get "ownCloud_credentials:ocis.server.com:6cc641e8-b1ca-4ab2-8f6c-18c277ce8c61:http/clientSecret"
25-02-12 04:21:12:716 [ debug sync.credentials.manager ]	[ OCC::CredentialJob::start ]:	We don't know "http/clientSecret" skipping retrieval from keychain
25-02-12 04:21:12:716 [ debug sync.credentials.oauth ]	[ OCC::AccountBasedOAuth::refreshAuthentication(const QString &)::(anonymous class)::operator() ]:	fetched dynamic registration data successfully
25-02-12 04:21:12:716 [ debug sync.credentials.oauth ]	[ (anonymous namespace)::logCredentialsJobResult ]:	credentials job has finished
25-02-12 04:21:12:716 [ info sync.credentials.oauth ]:	Failed to read client id ""
25-02-12 04:21:12:716 [ debug sync.credentials.oauth ]	[ OCC::AccountBasedOAuth::fetchWellKnown ]:	starting CheckServerJob before fetching "/.well-known/openid-configuration"
25-02-12 04:21:12:760 [ info sync.httplogger ]:	"3a4ad162-0434-46ea-896c-61df1e529e2a: Request: GET https://ocis.server.com/status.php Header: { OC-Connection-Validator: desktop, Authorization: Bearer [redacted], User-Agent: Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64), Accept: */*, Accept-Language: en_US, X-Request-ID: 3a4ad162-0434-46ea-896c-61df1e529e2a, Original-Request-ID: 3a4ad162-0434-46ea-896c-61df1e529e2a, } Data: []"
25-02-12 04:21:12:764 [ info sync.httplogger ]:	"3a4ad162-0434-46ea-896c-61df1e529e2a: Response: GET 200 (3ms) https://ocis.server.com/status.php Header: { Content-Length: 269, Content-Security-Policy: child-src 'self'; connect-src 'self' blob: https://companion.server.com/ wss://companion.server.com/ https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://auth.server.com; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/ https://onlyoffice.server.com/ https://collabora.server.com/ https://owncloud.dev; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://onlyoffice.server.com/ https://collabora.server.com/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline', Content-Type: application/json, Date: Wed, 12 Feb 2025 09:21:12 GMT, Referrer-Policy: strict-origin-when-cross-origin, Vary: Origin, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Permitted-Cross-Domain-Policies: none, X-Request-Id: 3a4ad162-0434-46ea-896c-61df1e529e2a, X-Robots-Tag: none, X-Xss-Protection: 1; mode=block, } Data: [{\n    \"installed\": true,\n    \"maintenance\": false,\n    \"needsDbUpgrade\": false,\n    \"version\": \"10.11.0.0\",\n    \"versionstring\": \"10.11.0\",\n    \"edition\": \"Community\",\n    \"productname\": \"Infinite Scale\",\n    \"product\": \"Infinite Scale\",\n    \"productversion\": \"7.0.0\"\n}]"
25-02-12 04:21:12:764 [ info sync.checkserverjob ]:	status.php returns:  QJsonDocument({"edition":"Community","installed":true,"maintenance":false,"needsDbUpgrade":false,"product":"Infinite Scale","productname":"Infinite Scale","productversion":"7.0.0","version":"10.11.0.0","versionstring":"10.11.0"})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x600001297360)
25-02-12 04:21:12:764 [ debug sync.credentials.oauth ]	[ OCC::AccountBasedOAuth::fetchWellKnown()::(anonymous class)::operator() ]:	CheckServerJob succeeded, fetching "/.well-known/openid-configuration"
25-02-12 04:21:12:764 [ debug sync.credentials.oauth ]	[ OCC::OAuth::fetchWellKnown ]:	fetching "/.well-known/openid-configuration"
25-02-12 04:21:12:765 [ info sync.httplogger ]:	"c8d6814b-6349-4620-9031-a9f73581edd7: Request: GET https://ocis.server.com/.well-known/openid-configuration Header: { User-Agent: Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64), Accept: */*, Accept-Language: en_US, X-Request-ID: c8d6814b-6349-4620-9031-a9f73581edd7, Original-Request-ID: c8d6814b-6349-4620-9031-a9f73581edd7, } Data: []"
25-02-12 04:21:12:768 [ info sync.httplogger ]:	"c8d6814b-6349-4620-9031-a9f73581edd7: Response: GET 200 (3ms) https://ocis.server.com/.well-known/openid-configuration Header: { Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value, Content-Length: 1830, Content-Security-Policy: child-src 'self'; connect-src 'self' blob: https://companion.server.com/ wss://companion.server.com/ https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://auth.server.com; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/ https://onlyoffice.server.com/ https://collabora.server.com/ https://owncloud.dev; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://onlyoffice.server.com/ https://collabora.server.com/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline', Content-Type: application/json; encoding=utf-8, Date: Wed, 12 Feb 2025 09:21:12 GMT, Expires: Thu, 01 Jan 1970 00:00:00 GMT, Last-Modified: Wed, 12 Feb 2025 09:21:12 GMT, Referrer-Policy: strict-origin-when-cross-origin, Vary: Origin, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Idp-Version: 7.0.0, X-Permitted-Cross-Domain-Policies: none, X-Request-Id: c8d6814b-6349-4620-9031-a9f73581edd7, X-Robots-Tag: none, X-Xss-Protection: 1; mode=block, } Data: [{\n  \"issuer\": \"https://auth.server.com/application/o/owncloud-web-client/\",\n  \"authorization_endpoint\": \"https://auth.server.com/signin/v1/identifier/_/authorize\",\n  \"token_endpoint\": \"https://auth.server.com/konnect/v1/token\",\n  \"userinfo_endpoint\": \"https://auth.server.com/konnect/v1/userinfo\",\n  \"end_session_endpoint\": \"https://auth.server.com/signin/v1/identifier/_/endsession\",\n  \"check_session_iframe\": \"https://auth.server.com/konnect/v1/session/check-session.html\",\n  \"jwks_uri\": \"https://auth.server.com/konnect/v1/jwks.json\",\n  \"scopes_supported\": [\n    \"openid\",\n    \"offline_access\",\n    \"profile\",\n    \"email\",\n    \"LibgreGraph.UUID\",\n    \"LibreGraph.RawSub\"\n  ],\n  \"response_types_supported\": [\n    \"id_token token\",\n    \"id_token\",\n    \"code id_token\",\n    \"code id_token token\"\n  ],\n  \"subject_types_supported\": [\n    \"public\"\n  ],\n  \"id_token_signing_alg_values_supported\": [\n    \"RS256\",\n    \"RS384\",\n    \"RS512\",\n    \"PS256\",\n    \"PS384\",\n    \"PS512\"\n  ],\n  \"userinfo_signing_alg_values_supported\": [\n    \"RS256\",\n    \"RS384\",\n    \"RS512\",\n    \"PS256\",\n    \"PS384\",\n    \"PS512\"\n  ],\n  \"request_object_signing_alg_values_supported\": [\n    \"ES256\",\n    \"ES384\",\n    \"ES512\",\n    \"RS256\",\n    \"RS384\",\n    \"RS512\",\n    \"PS256\",\n    \"PS384\",\n    \"PS512\",\n    \"none\",\n    \"EdDSA\"\n  ],\n  \"token_endpoint_auth_methods_supported\": [\n    \"client_secret_basic\",\n    \"none\"\n  ],\n  \"token_endpoint_auth_signing_alg_values_supported\": [\n    \"RS256\",\n    \"RS384\",\n    \"RS512\",\n    \"PS256\",\n    \"PS384\",\n    \"PS512\"\n  ],\n  \"claims_parameter_supported\": true,\n  \"claims_supported\": [\n    \"iss\",\n    \"sub\",\n    \"aud\",\n    \"exp\",\n    \"iat\",\n    \"name\",\n    \"family_name\",\n    \"given_name\",\n    \"email\",\n    \"email_verified\"\n  ],\n  \"request_parameter_supported\": true,\n  \"request_uri_parameter_supported\": false\n}\n]"
25-02-12 04:21:12:768 [ debug sync.credentials.oauth ]	[ OCC::OAuth::fetchWellKnown()::(anonymous class)::operator() ]:	parsing .well-known reply successful, auth endpoint QUrl("https://auth.server.com/signin/v1/identifier/_/authorize") and token endpoint QUrl("https://auth.server.com/konnect/v1/token") and registration endpoint QUrl("")
25-02-12 04:21:12:768 [ debug sync.credentials.oauth ]	[ (const QString &)::(anonymous class)::operator()():: ]:	registration endpoint not provided or empty: QUrl("")
25-02-12 04:21:12:769 [ info sync.httplogger ]:	"e2cf5fcf-2a3b-4e6b-85a8-3e64cdf2544c: Request: POST https://auth.server.com/konnect/v1/token Header: { Authorization: Basic [redacted], Content-Type: application/x-www-form-urlencoded; charset=UTF-8, User-Agent: Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64), Accept: */*, Accept-Language: en_US, X-Request-ID: e2cf5fcf-2a3b-4e6b-85a8-3e64cdf2544c, Original-Request-ID: e2cf5fcf-2a3b-4e6b-85a8-3e64cdf2544c, Content-Length: 215, } Data: [grant_type=refresh_token&refresh_token=xfepPqu3mhnfIMoCKNY5YoLAY4irULVrDjkmEPB4TPyYXPLQE7CLoDejRdGE98V7xel52LsJFF05Jn1JMt0ykrZ4bZtEUurSpiHvzNVFxUT3xRghKl4gHPTnys1ncInY&scope=openid%20offline_access%20email%20profile]"
25-02-12 04:21:12:805 [ info sync.httplogger ]:	"e2cf5fcf-2a3b-4e6b-85a8-3e64cdf2544c: Response: POST 405 (Error: Error transferring https://auth.server.com/konnect/v1/token - server replied: Method Not Allowed,35ms) https://auth.server.com/konnect/v1/token Header: { Allow: GET, HEAD, OPTIONS, Content-Encoding: gzip, Content-Type: text/html; charset=utf-8, Date: Wed, 12 Feb 2025 09:21:11 GMT, Referrer-Policy: same-origin, Vary: Accept-Encoding, Cookie, X-Authentik-Id: 14e733ec8bc342e5a65476a14e83aef9, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-Powered-By: authentik, } Data: []"
25-02-12 04:21:12:805 [ warning sync.credentials.oauth ]:	Error while refreshing the token: QNetworkReply::ContentOperationNotPermittedError : "Error transferring https://auth.server.com/konnect/v1/token - server replied: Method Not Allowed" 405
25-02-12 04:21:12:805 [ warning sync.credentials.http ]:	Too many failed refreshes 3 -> log out
25-02-12 04:21:12:805 [ warning sync.credentials.http ]:	Invalidating the credentials
25-02-12 04:21:12:805 [ debug sync.credentials.http ]	[ OCC::HttpCredentials::fetchUser ]:	user already set, no need to fetch from settings
25-02-12 04:21:12:805 [ info sync.account ]:	Clearing cookies
25-02-12 04:21:12:805 [ info sync.credentials.manager ]:	del "ownCloud_credentials:ocis.server.com:6cc641e8-b1ca-4ab2-8f6c-18c277ce8c61:http/oauthtoken"
25-02-12 04:21:12:805 [ info gui.account.state ]:	Fetched credentials for "https://ocis.server.com" attempting to connect
25-02-12 04:21:12:805 [ info gui.account.state ]:	checkConnectivity blocking: false "Firstname [email protected]"
25-02-12 04:21:12:816 [ debug sync.connectionvalidator ]	[ OCC::ConnectionValidator::checkServer ]:	Checking server and authentication
25-02-12 04:21:12:816 [ debug sync.connectionvalidator ]	[ OCC::ConnectionValidator::checkServer ]:	Trying to look up system proxy
25-02-12 04:21:12:818 [ info sync.connectionvalidator ]:	No system proxy set by OS
25-02-12 04:21:12:841 [ info sync.httplogger ]:	"a830c0d4-2c1b-4a62-99b7-324eb9a6f427: Request: GET https://ocis.server.com/status.php Header: { OC-Connection-Validator: desktop, User-Agent: Mozilla/5.0 (Macintosh) mirall/5.3.2.15463 (ownCloud, macos-24.3.0 ClientArchitecture: arm64 OsArchitecture: arm64), Accept: */*, Accept-Language: en_US, X-Request-ID: a830c0d4-2c1b-4a62-99b7-324eb9a6f427, Original-Request-ID: a830c0d4-2c1b-4a62-99b7-324eb9a6f427, } Data: []"
25-02-12 04:21:12:845 [ info sync.httplogger ]:	"a830c0d4-2c1b-4a62-99b7-324eb9a6f427: Response: GET 200 (3ms) https://ocis.server.com/status.php Header: { Content-Length: 269, Content-Security-Policy: child-src 'self'; connect-src 'self' blob: https://companion.server.com/ wss://companion.server.com/ https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://auth.server.com; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/ https://onlyoffice.server.com/ https://collabora.server.com/ https://owncloud.dev; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/ https://onlyoffice.server.com/ https://collabora.server.com/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline', Content-Type: application/json, Date: Wed, 12 Feb 2025 09:21:12 GMT, Referrer-Policy: strict-origin-when-cross-origin, Vary: Origin, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Permitted-Cross-Domain-Policies: none, X-Request-Id: a830c0d4-2c1b-4a62-99b7-324eb9a6f427, X-Robots-Tag: none, X-Xss-Protection: 1; mode=block, } Data: [{\n    \"installed\": true,\n    \"maintenance\": false,\n    \"needsDbUpgrade\": false,\n    \"version\": \"10.11.0.0\",\n    \"versionstring\": \"10.11.0\",\n    \"edition\": \"Community\",\n    \"productname\": \"Infinite Scale\",\n    \"product\": \"Infinite Scale\",\n    \"productversion\": \"7.0.0\"\n}]"
25-02-12 04:21:12:845 [ info sync.checkserverjob ]:	status.php returns:  QJsonDocument({"edition":"Community","installed":true,"maintenance":false,"needsDbUpgrade":false,"product":"Infinite Scale","productname":"Infinite Scale","productversion":"7.0.0","version":"10.11.0.0","versionstring":"10.11.0"})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x6000012971d0)
25-02-12 04:21:12:845 [ info sync.connectionvalidator ]:	** Application: ownCloud found:  QUrl("https://ocis.server.com")  with version  "10.11.0"
25-02-12 04:21:12:845 [ debug sync.connectionvalidator ]	[ OCC::ConnectionValidator::reportResult ]:	OCC::ConnectionValidator::CredentialsNotReady duration(0h, 0min, 0s, 29ms)
25-02-12 04:21:12:845 [ info gui.account.state ]:	AccountState connection status change:  OCC::ConnectionValidator::Connected -> OCC::ConnectionValidator::CredentialsNotReady
25-02-12 04:21:12:845 [ info gui.account.state ]:	Invalid credentials for "https://ocis.server.com"
25-02-12 04:21:12:845 [ info gui.account.state ]:	refreshing oauth
25-02-12 04:21:12:845 [ info gui.account.state ]:	refreshing oauth failed

Is this the culprit?

25-02-12 04:21:12:805 [ warning sync.credentials.oauth ]:	Error while refreshing the token: QNetworkReply::ContentOperationNotPermittedError : "Error transferring https://auth.server.com/konnect/v1/token - server replied: Method Not Allowed" 405

[DeepDiver1975]

Is this the culprit?

405 upon calling the token endpoint is fishy

[prohtex]

Is this the culprit?

405 upon calling the token endpoint is fishy

I see: goauthentik/authentik#12087 fixed with PR goauthentik/authentik#12080

[prohtex]

Is this the culprit?

405 upon calling the token endpoint is fishy

Hi @DeepDiver1975, thank you again SO much for your assistance here. At this stage, I'm not sure what else to try except various combinations of PROXY env vars, Authentik tweaks, etc. I note similar issues created by @Crashman1983 @fmoc @michaelstingl @ishioni @C8opmBM @kehralexander @IljaN @Yasamato @seriousm4x. I'm hopeful perhaps one of them has pointers or specific resolvers to attempt. Thank you all :)