tag::actions[]

Key Type Default Description Status

action.allowed

stringArray

[]

List of all allowed actions. If provided, actions not listed here are not allowed.

Value

Description

com.owncloud.action.collaborate

Sharing

com.owncloud.action.copy

Copy

com.owncloud.action.createFolder

Create folder

com.owncloud.action.cutpasteboard

Cut

com.owncloud.action.delete

Delete

com.owncloud.action.duplicate

Duplicate

com.owncloud.action.favorite

Favorite item

com.owncloud.action.importpasteboard

Paste

com.owncloud.action.links

Links

com.owncloud.action.makeAvailableOffline

Make available offline

com.owncloud.action.makeUnavailableOffline

Available Offline

com.owncloud.action.markup

Markup

com.owncloud.action.move

Move

com.owncloud.action.openin

Open in

com.owncloud.action.pdfpage

Go to page

com.owncloud.action.presentationmode

Presentation Mode

com.owncloud.action.rename

Rename

com.owncloud.action.scan

Scan document

com.owncloud.action.show-exif

Image metadata

com.owncloud.action.unfavorite

Unfavorite item

com.owncloud.action.unshare

Unshare

com.owncloud.action.upload.camera_media

Take photo or video

com.owncloud.action.uploadfile

Upload file

com.owncloud.action.uploadphotos

Upload from your photo library

advanced candidate

action.disallowed

stringArray

[]

List of all disallowed actions. If provided, actions not listed here are allowed.

Value

Description

com.owncloud.action.collaborate

Sharing

com.owncloud.action.copy

Copy

com.owncloud.action.createFolder

Create folder

com.owncloud.action.cutpasteboard

Cut

com.owncloud.action.delete

Delete

com.owncloud.action.duplicate

Duplicate

com.owncloud.action.favorite

Favorite item

com.owncloud.action.importpasteboard

Paste

com.owncloud.action.links

Links

com.owncloud.action.makeAvailableOffline

Make available offline

com.owncloud.action.makeUnavailableOffline

Available Offline

com.owncloud.action.markup

Markup

com.owncloud.action.move

Move

com.owncloud.action.openin

Open in

com.owncloud.action.pdfpage

Go to page

com.owncloud.action.presentationmode

Presentation Mode

com.owncloud.action.rename

Rename

com.owncloud.action.scan

Scan document

com.owncloud.action.show-exif

Image metadata

com.owncloud.action.unfavorite

Unfavorite item

com.owncloud.action.unshare

Unshare

com.owncloud.action.upload.camera_media

Take photo or video

com.owncloud.action.uploadfile

Upload file

com.owncloud.action.uploadphotos

Upload from your photo library

advanced candidate

end::actions[]

tag::app[]

Key Type Default Description Status

app.app-store-link

string

https://itunes.apple.com/app/id1359583808?mt=8

URL for the app in the App Store.

advanced candidate

app.enable-review-prompt

bool

true

Enable/disable review prompt.

advanced candidate

app.recommend-to-friend-enabled

bool

true

Enables/disables the recommend to a friend entry in the settings.

advanced candidate

app.enable-ui-animations

bool

true

Enable/disable UI animations.

debugOnly

app.is-beta-build

bool

false

Controls if the app is built for beta or release purposes.

debugOnly

app.show-beta-warning

bool

false

Controls whether a warning should be shown on the first run of a beta version.

debugOnly

end::app[]

tag::authentication[]

Key Type Default Description Status

authentication.browser-session-class

string

operating-system

Alternative browser session class to use instead of ASWebAuthenticationSession. Please also see Compile Time Configuration if you want to use this.

Value

Description

CustomScheme

Replace http and https with custom schemes to delegate browser sessions to a different app.

MIBrowser

Replace http with mibrowser and https with mibrowsers to delegate browser sessions to the MobileIron browser.

UIWebView

Use UIWebView for browser sessions. Requires compilation with OC_FEATURE_AVAILABLE_UIWEBVIEW_BROWSER_SESSION=1 preprocessor flag.

operating-system

Use ASWebAuthenticationSession for browser sessions.

supported candidate

authentication.browser-session-prefers-ephermal

bool

false

Indicates whether the app should ask iOS for a private authentication (web) session for OAuth2 or OpenID Connect. Private authentication sessions do not share cookies and other browsing data with the user’s normal browser. Apple only promises that [this setting](https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/3237231-prefersephemeralwebbrowsersessio) will be honored if the user has set Safari as default browser.

supported candidate

end::authentication[]

tag::bookmarks[]

Key Type Default Description Status

bookmark.default-url

string

The default URL for the creation of new bookmarks.

supported candidate

bookmark.url-editable

bool

true

Controls whether the server URL in the text field during the creation of new bookmarks can be changed.

supported candidate

end::bookmarks[]

tag::branding[]

Key Type Default Description Status

branding.app-name

string

App name to use throughout the app.

supported candidate

branding.organization-name

string

Organization name to use throughout the app.

supported candidate

Allow adding accounts

branding.can-add-account

bool

true

Controls whether the user can add accounts.

advanced candidate

Allow editing accounts

branding.can-edit-account

bool

true

Controls whether the user can edit accounts.

advanced candidate

branding.enable-review-prompt

bool

false

Controls whether the app should prompt for an App Store review. Only applies if the app is branded.

advanced candidate

Profile definitions

branding.profile-definitions

dictionaryArray

Array of dictionaries, each specifying a profile. All Profile keys can be used in the profile dictionaries.

advanced candidate

Feedback Email address

branding.send-feedback-address

string

ios-app@owncloud.com

Email address to send feedback to. Set to null to disable this feature.

advanced candidate

branding.theme-definitions

dictionaryArray

Array of dictionaries, each specifying a theme.

advanced candidate

branding.theme-generic-colors

dictionary

Dictionary defining generic colors that can be used in the definitions.

advanced candidate

Documentation URL

branding.url-documentation

urlString

https://doc.owncloud.com/ios-app/

URL to documentation for the app. Opened when selecting "Documentation" in the settings.

advanced candidate

Help URL

branding.url-help

urlString

https://owncloud.com/docs-guides/

URL to get help for the app. Opened when selecting "Help" in the settings.

advanced candidate

Privacy URL

branding.url-privacy

urlString

https://owncloud.org/privacy-policy/

URL to get privacy information for the app. Opened when selecting "Privacy" in the settings.

advanced candidate

Terms of use URL

branding.url-terms-of-use

urlString

https://raw.githubusercontent.com/owncloud/ios-app/master/LICENSE

URL to terms of use for the app. Opened when selecting "Terms Of Use" in the settings.

advanced candidate

Profile
Allow URL configuration

branding.profile-allow-url-configuration

bool

Indicates if the user can change the server URL for the account.

advanced candidate

Profile
Allowed authentication methods

branding.profile-allowed-authentication-methods

stringArray

The identifiers of the authentication methods allowed for this profile. Allows to f.ex. force OAuth2, or to use Basic Auth even if OAuth2 is available.

Value

Description

com.owncloud.basicauth

Basic Auth

com.owncloud.oauth2

OAuth2

com.owncloud.openid-connect

OpenID Connect

advanced candidate

Profile
Allowed Hosts

branding.profile-allowed-hosts

stringArray

Domain names (can also include subdomain name), which are allowed as server url when adding a new account.

advanced candidate

Profile
Bookmark Name

branding.profile-bookmark-name

string

The name that should be used for the bookmark that’s generated from this profile and appears in the account list.

advanced candidate

Profile
Onboarding button title

branding.profile-help-button-label

string

Text used for the onboarding button title

advanced candidate

Profile
Onboarding URL

branding.profile-help-url

urlString

Optional URL to onboarding resources.

advanced candidate

Profile
Identifier

branding.profile-identifier

string

Identifier uniquely identifying the profile.

advanced candidate

Profile
Name

branding.profile-name

string

Name of the profile during setup.

advanced candidate

Profile
Open onboarding URL message

branding.profile-open-help-message

string

Message shown in an alert before opening the onboarding URL.

advanced candidate

Profile
Password prompt

branding.profile-password-auth-prompt

string

Text that is shown when asking the user to enter their password.

advanced candidate

Profile
Token authentication prompt

branding.profile-token-auth-prompt

string

Text that is shown to the user before opening the authentication web view (f.ex. for OAuth2, OIDC).

advanced candidate

Profile
URL

branding.profile-url

urlString

The URL of the server targeted by this profile.

advanced candidate

Profile
URL prompt

branding.profile-url-prompt

string

Text shown above the URL field when setting up an account.

advanced candidate

Profile
Welcome Message

branding.profile-welcome-message

string

Welcome message shown during account setup.

advanced candidate

end::branding[]

tag::browsersession[]

Key Type Default Description Status

browser-session.custom-scheme-plain

string

Scheme to use instead of plain http when using browser session class CustomScheme, i.e. mibrowser.

advanced candidate

browser-session.custom-scheme-secure

string

Scheme to use instead of https when using browser session class CustomScheme, i.e. mibrowsers.

advanced candidate

end::browsersession[]

tag::connection[]

Key Type Default Description Status

connection.allow-cellular

bool

true

Allow the use of cellular connections.

recommended candidate

core.cookie-support-enabled

bool

true

Enable or disable per-process, in-memory cookie storage.

supported candidate

http.user-agent

string

ownCloudApp/{{app.version}} ({{app.part}}/{{app.build}}; {{os.name}}/{{os.version}}; {{device.model}})

A custom User-Agent to send with every HTTP request.

The following placeholders can be used to make it dynamic: - {{app.build}}: the build number of the app (f.ex. 123) - {{app.version}}: the version of the app (f.ex. 1.2) - {{app.part}}: the part of the app (more exactly: the name of the main bundle) from which the request was sent (f.ex. App, ownCloud File Provider) - {{device.model}}: the model of the device running the app (f.ex. iPhone, iPad) - {{device.model-id}}: the model identifier of the device running the app (f.ex. iPhone8,1) - {{os.name}} : the name of the operating system running on the device (f.ex. iOS, iPadOS) - {{os.version}}: the version of operating system running on the device (f.ex. 13.2.2)

supported candidate

connection.always-request-private-link

bool

false

Controls whether private links are requested with regular PROPFINDs.

advanced candidate

connection.plain-http-policy

string

warn

Policy regarding the use of plain (unencryped) HTTP URLs for creating bookmarks. A value of warn will create an issue (typically then presented to the user as a warning), but ultimately allow the creation of the bookmark. A value of forbidden will block the use of http-URLs for the creation of new bookmarks.

advanced candidate

connection.validator-flags

stringArray

Allows fine-tuning the behavior of the connection validator by enabling/disabling aspects of it.

Value

Description

502-triggers

Connection validation is triggered when receiving a responses with 502 status.

clear-cookies

Clear all cookies for the connection when entering connection validation.

advanced candidate

core.action-concurrency-budgets

dictionary

map[actions:10 all:0 download:3 download-wifi-and-cellular:3 download-wifi-only:2 transfer:6 upload:3 upload-cellular-and-wifi:3 upload-wifi-only:2]

Concurrency budgets available for sync actions by action category.

advanced candidate

core.scan-for-changes-interval

int

10

Minimum number of seconds until the next scan for changes, measured from the completion of the previous scan.

advanced candidate

connection.allow-background-url-sessions

bool

true

Allow the use of background URL sessions. Note: depending on iOS version, the app may still choose not to use them. This settings is overriden by force-background-url-sessions.

debugOnly

connection.force-background-url-sessions

bool

false

Forces the use of background URL sessions. Overrides allow-background-url-sessions.

debugOnly

connection.minimum-server-version

string

10.0

The minimum server version required.

debugOnly

core.override-availability-signal

bool

Override the availability signal, so the host is considered to always be in maintenance mode (true) or never in maintenance mode (false).

debugOnly

core.override-reachability-signal

bool

Override the reachability signal, so the host is always considered reachable (true) or unreachable (false).

debugOnly

core.thumbnail-available-for-mime-type-prefixes

stringArray

[*]

Provide hints that thumbnails are available for items whose MIME-Type starts with any of the strings provided in this array. Providing an empty array turns off thumbnail loading. Providing ["*"] turns on thumbnail loading for all items.

debugOnly

host-simulator.active-simulations

stringArray

[]

Active Host simulation extensions.

Value

Description

five-seconds-of-404

Return status code 404 for every request for the first five seconds.

only-404

Return status code 404 for every request.

recovering-apm

Redirect any request without cookies to a bogus endpoint for 30 seconds, then to a cookie-setting endpoint, where cookies are set - and then redirect back.

reject-downloads-500

Reject Downloads with status 500 responses.

simple-apm

Redirect any request without cookies to a cookie-setting endpoint, where cookies are set - and then redirect back.

debugOnly

end::connection[]

tag::diagnostics[]

Key Type Default Description Status

diagnostics.enabled

bool

false

Controls whether additional diagnostic options and information is available throughout the user interface.

advanced candidate

end::diagnostics[]

tag::displaysettings[]

Key Type Default Description Status

display.prevent-dragging-files

bool

false

Controls whether drag and drop should be prevented for items inside the app.

advanced candidate

display.show-hidden-files

bool

false

Controls whether hidden files (i.e. files starting with . ) should also be shown.

advanced candidate

display.sort-folders-first

bool

false

Controls whether folders are shown at the top.

advanced candidate

end::displaysettings[]

tag::endpoints[]

Key Type Default Description Status

connection.endpoint-capabilities

string

ocs/v2.php/cloud/capabilities

Endpoint to use for retrieving server capabilities.

advanced candidate

connection.endpoint-recipients

string

ocs/v2.php/apps/files_sharing/api/v1/sharees

Path of the sharing recipient API endpoint.

advanced candidate

connection.endpoint-remote-shares

string

ocs/v2.php/apps/files_sharing/api/v1/remote_shares

Path of the remote shares API endpoint.

advanced candidate

connection.endpoint-shares

string

ocs/v2.php/apps/files_sharing/api/v1/shares

Path of the shares API endpoint.

advanced candidate

connection.endpoint-status

string

status.php

Endpoint to retrieve basic status information and detect an ownCloud installation.

advanced candidate

connection.endpoint-thumbnail

string

index.php/apps/files/api/v1/thumbnail

Path of the thumbnail endpoint.

advanced candidate

connection.endpoint-user

string

ocs/v2.php/cloud/user

Endpoint to use for retrieving information on logged in user.

advanced candidate

connection.endpoint-webdav

string

remote.php/dav/files

Endpoint to use for WebDAV.

advanced candidate

connection.endpoint-webdav-meta

string

remote.php/dav/meta

Endpoint to use for WebDAV metadata.

advanced candidate

connection.well-known

string

.well-known

Path of the .well-known endpoint.

advanced candidate

end::endpoints[]

tag::licensing[]

Key Type Default Description Status

licensing.disable-appstore-licensing

bool

false

Enables/disables App Store licensing support.

debugOnly

licensing.disable-enterprise-licensing

bool

false

Enables/disables Enterprise licensing support.

debugOnly

end::licensing[]

tag::logging[]

Key Type Default Description Status

log.level

int

4

Log level

Value

Description

-1

verbose

0

debug

1

info

2

warning

3

error

4

off

supported candidate

log.privacy-mask

bool

false

Controls whether certain objects in log statements should be masked for privacy.

supported candidate

log.blank-filtered-messages

bool

false

Controls whether filtered out messages should still be logged, but with the message replaced with -.

advanced candidate

log.colored

bool

false

Controls whether log levels should be replaced with colored emojis.

advanced candidate

log.enabled-components

stringArray

[writer.stderr writer.file]

List of enabled logging system components.

Value

Description

option.log-file-operations

Log internal file operations

option.log-requests-and-responses

Log HTTP requests and responses

writer.file

Log file

writer.stderr

Standard error output

advanced candidate

log.format

string

text

Determines the format that log messages are saved in

Value

Description

json

Detailed JSON (one line per message).

json-composed

A simpler JSON version where details are already merged into the message.

text

Standard logging as text.

advanced candidate

log.maximum-message-size

int

0

Maximum length of a log message before the message is truncated. A value of 0 means no limit.

advanced candidate

log.omit-matching

stringArray

If set, omits logs messages containing any of the exact terms in this array.

advanced candidate

log.omit-tags

stringArray

If set, omits all log messages tagged with tags in this array.

advanced candidate

log.only-matching

stringArray

If set, only logs messages containing at least one of the exact terms in this array.

advanced candidate

log.only-tags

stringArray

If set, omits all log messages not tagged with tags in this array.

advanced candidate

log.single-lined

bool

true

Controls whether messages spanning more than one line should be broken into their individual lines and each be logged with the complete lead-in/lead-out sequence.

advanced candidate

log.synchronous

bool

false

Controls whether log messages should be written synchronously (which can impact performance) or asynchronously (which can loose messages in case of a crash).

advanced candidate

measurements.enabled

bool

true

Turn measurements on or off

debugOnly

end::logging[]

tag::oauth2[]

Key Type Default Description Status

authentication-oauth2.oa2-authorization-endpoint

string

index.php/apps/oauth2/authorize

OAuth2 authorization endpoint.

advanced candidate

authentication-oauth2.oa2-client-id

string

mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1

OAuth2 Client ID.

advanced candidate

authentication-oauth2.oa2-client-secret

string

KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx

OAuth2 Client Secret.

advanced candidate

authentication-oauth2.oa2-redirect-uri

string

oc://ios.owncloud.com

OAuth2 Redirect URI.

advanced candidate

authentication-oauth2.oa2-token-endpoint

string

index.php/apps/oauth2/api/v1/token

OAuth2 token endpoint.

advanced candidate

authentication-oauth2.oa2-expiration-override-seconds

int

OAuth2 Expiration Override - lets OAuth2 tokens expire after the provided number of seconds (useful to prompt quick refresh_token requests for testing)

debugOnly

end::oauth2[]

tag::oidc[]

Key Type Default Description Status

authentication-oauth2.oidc-redirect-uri

string

oc://ios.owncloud.com

OpenID Connect Redirect URI

supported candidate

authentication-oauth2.oidc-register-client

bool

true

Use OpenID Connect Dynamic Client Registration if the .well-known/openid-configuration provides a registration_endpoint. If this option is enabled and a registration endpoint is available, oa2-client-id and oa2-client-secret will be ignored.

supported candidate

authentication-oauth2.oidc-register-client-name-template

string

ownCloud/{{os.name}} {{app.version}}

Client Name Template to use during OpenID Connect Dynamic Client Registration. In addition to the placeholders available for http.user-agent, {{url.hostname}} can also be used.

supported candidate

authentication-oauth2.oidc-scope

string

openid offline_access email profile

OpenID Connect Scope

supported candidate

end::oidc[]

tag::passcode[]

Key Type Default Description Status

passcode.enforced

bool

false

Controls wether the user MUST establish a passcode upon app installation

advanced candidate

passcode.maximumPasscodeDigits

int

6

Controls how many passcode digits are maximal possible for passcode lock.

advanced candidate

passcode.requiredPasscodeDigits

int

4

Controls how many passcode digits are at least required for passcode lock.

advanced candidate

end::passcode[]

tag::policies[]

Key Type Default Description Status

item-policy.local-copy-expiration

int

604800

The number of seconds that a file hasn’t been downloaded, modified or opened after which the local copy is removed.

advanced candidate

item-policy.local-copy-expiration-enabled

bool

true

Controls whether local copies should automatically be removed after they haven’t been downloaded, modified or opened for a period of time.

advanced candidate

item-policy.vacuum-sync-anchor-ttl

bool

60

Number of seconds since the removal of an item after which the metadata entry may be finally removed.

debugOnly

end::policies[]

tag::privacy[]

Key Type Default Description Status

core.add-accept-language-header

bool

true

Add an Accept-Language HTTP header using the preferred languages set on the device.

advanced candidate

end::privacy[]

tag::releasenotes[]

Key Type Default Description Status

releasenotes.lastSeenAppVersion

string

The last-seen app version.

debugOnly

releasenotes.lastSeenReleaseNotesVersion

string

The app version for which the release notes were last shown.

debugOnly

end::releasenotes[]

tag::security[]

Key Type Default Description Status

connection.allowed-authentication-methods

stringArray

Array of allowed authentication methods. Nil/Missing for no restrictions.

Value

Description

com.owncloud.basicauth

Basic Auth

com.owncloud.oauth2

OAuth2

com.owncloud.openid-connect

OpenID Connect

recommended candidate

connection.preferred-authentication-methods

stringArray

[com.owncloud.openid-connect com.owncloud.oauth2 com.owncloud.basicauth]

Array of authentication methods in order of preference (most preferred first).

Value

Description

com.owncloud.basicauth

Basic Auth

com.owncloud.oauth2

OAuth2

com.owncloud.openid-connect

OpenID Connect

recommended candidate

connection.certificate-extended-validation-rule

string

bookmarkCertificate == serverCertificate

Rule that defines the criteria a certificate needs to meet for OCConnection to recognize it as valid for a bookmark.

Examples of expressions: - bookmarkCertificate == serverCertificate: the whole certificate needs to be identical to the one stored in the bookmark during setup. - bookmarkCertificate.publicKeyData == serverCertificate.publicKeyData: the public key of the received certificate needs to be identical to the public key stored in the bookmark during setup. - serverCertificate.passedValidationOrIsUserAccepted == true: any certificate is accepted as long as it has passed validation by the OS or was accepted by the user. - serverCertificate.commonName == "demo.owncloud.org": the common name of the certificate must be "demo.owncloud.org". - serverCertificate.rootCertificate.commonName == "DST Root CA X3": the common name of the root certificate must be "DST Root CA X3". - serverCertificate.parentCertificate.commonName == "Let’s Encrypt Authority X3": the common name of the parent certificate must be "Let’s Encrypt Authority X3". - serverCertificate.publicKeyData.sha256Hash.asFingerPrintString == "2A 00 98 90 BD … F7": the SHA-256 fingerprint of the public key of the server certificate needs to match the provided value.

advanced candidate

connection.renewed-certificate-acceptance-rule

string

(bookmarkCertificate.publicKeyData == serverCertificate.publicKeyData) OR check.parentCertificatesHaveIdenticalPublicKeys == true) AND (serverCertificate.passedValidationOrIsUserAccepted == true OR bookmarkCertificate.parentCertificate.sha256Fingerprint.asFingerPrintString == "73 0C 1B DC D8 5F 57 CE 5D C0 BB A7 33 E5 F1 BA 5A 92 5B 2A 77 1D 64 0A 26 F7 A4 54 22 4D AD 3B") AND (bookmarkCertificate.rootCertificate.sha256Fingerprint.asFingerPrintString == "06 87 26 03 31 A7 24 03 D9 09 F1 05 E6 9B CF 0D 32 E1 BD 24 93 FF C6 D9 20 6D 11 BC D6 77 07 39") AND (serverCertificate.parentCertificate.sha256Fingerprint.asFingerPrintString == "67 AD D1 16 6B 02 0A E6 1B 8F 5F C9 68 13 C0 4C 2A A5 89 96 07 96 86 55 72 A3 C7 E7 37 61 3D FD") AND (serverCertificate.rootCertificate.sha256Fingerprint.asFingerPrintString == "96 BC EC 06 26 49 76 F3 74 60 77 9A CF 28 C5 A7 CF E8 A3 C0 AA E1 1A 8F FC EE 05 C0 BD DF 08 C6") AND (serverCertificate.passedValidationOrIsUserAccepted == true

Rule that defines the criteria that need to be met for OCConnection to accept a renewed certificate and update the bookmark’s certificate automatically instead of prompting the user. Used when the extended validation rule fails. Set this to never if the user should always be prompted when a server’s certificate changed.

advanced candidate

user-settings.allow

stringArray

List of settings (as flat identifiers) users are allowed to change. If this list is specified, only these settings can be changed by the user.

advanced candidate

user-settings.disallow

stringArray

List of settings (as flat identifiers) users are not allowed to change. If this list is specified, all settings not on the list can be changed by the user.

advanced candidate

connection.transparent-temporary-redirect

bool

false

Controls whether 307 redirects are handled transparently at the HTTP pipeline level (by resending the headers and body).

debugOnly

end::security[]