On this page
Day 6 - Native clients, tutorials, and a site that matches the vision
KM0 Cloud on every device: Dex OIDC clients for desktop and mobile sync, loopback login fix, branded sharing previews, multilingual tutorials, and a refreshed km0digital.com home.
Introduction
Day 6 picks up after the vision meeting: the stack already worked in the browser (days 1–4), but real users also need native apps, clear onboarding, and a public site that tells the same story. This entry covers that stretch of work without naming individual calendar days.
Two fronts move in parallel: km0digital.com gets movement-focused copy, security FAQs, and step-by-step cloud guides; cloud.km0digital.com gets OIDC fixes for desktop and mobile sync, KM0 branding, and richer link previews when URLs are shared.
Summary
What changed
- Site: Vision and Community sections on the home page; FAQ accordion UX; security answers (ISO 27001 at AMVARA, EU hosting); KM0 Cloud tutorials for web, Android, and iOS in four languages; outreach decks (CA/ES/EN) as PPT and PDF.
- Native auth: Dex static OIDC clients for
OpenCloudDesktop,OpenCloudAndroid, andOpenCloudIOS; nginx sends only the web browser client to/login.html. - Desktop loopback: Dex upgraded to
v2.42.0so OAuth redirect URIs likehttp://127.0.0.1:<port>work (RFC 8252). - Brand & sharing: KM0 favicon on login, Dex, and the authenticated SPA; Open Graph / Twitter cards and
/brand/og-preview.pngfor social crawlers. - Horizon: Facebook login investigated via Dex OAuth; documented and env-gated, not enabled in production yet.
Corporate site
From vision to onboarding
After day 5, the home page needed to reflect the community narrative, not only the technical stack. New Vision and Community sections, refreshed movement copy across locales, and a simpler footer (GitHub + AMVARA) anchor the story in people and place.
The FAQ was rebuilt as a measured accordion (one panel open at a time) and extended with honest security answers: AMVARA CONSULTING S.L. holds ISO 27001; KM0 Cloud scope certification is planned; data stays in the EU; no third-party model training on customer files.
Onboarding guides live under /tutorials/: getting started on the web, Android, and iOS, each localized. The Services block links straight to the web guide so new users are not left guessing after reading about the cloud.
Three presentation decks (Origen Local in Catalan, Impacto Digital in Spanish, Sovereign Tech in English) were generated from site and stack content for community outreach after the Masnou meeting.
OpenCloud
Native sync clients and OIDC
Web login through Dex LDAP (day 4) was fine; Android, iOS, and desktop apps failed with invalid client_id. Dex had no static clients for the native app IDs, and nginx redirected every /dex/auth request to the hybrid login.html, which native clients cannot render.
- Dex: register
opencloud-web,OpenCloudDesktop,OpenCloudAndroid, andOpenCloudIOSwith the redirect URIs each platform expects. - nginx: redirect to
/login.htmlonly whenclient_id=opencloud-web; mobile and desktop clients keep the Dex authorization endpoint.
Server-side smoke checks pass (WebFinger, auth endpoint status codes). Full file sync on a physical device remains operator verification.
OpenCloud
Why desktop needed Dex v2.42.0
Even with the client registered, the desktop app still failed: it uses OAuth loopback (http://127.0.0.1:<random-port> on each login). Dex v2.41.1 required an exact redirect URI match; a fixed http://127.0.0.1 entry does not cover a new port every time.
Upgrade to ghcr.io/dexidp/dex:v2.42.0 and set OpenCloudDesktop with empty redirectURIs so Dex accepts any loopback port on 127.0.0.1 or localhost. Web and mobile clients were already on fixed HTTPS or custom-scheme URIs and did not need this change.
OpenCloud
KM0 favicon and link previews
Shared cloud links previously showed generic OpenCloud metadata. nginx now injects Open Graph and Twitter tags for crawlers; Dex and login.html carry the same KM0 title and preview image (/brand/og-preview.png).
The KM0 gradient pin favicon replaces the default OpenCloud icon on the login page, Dex LDAP screens, and the authenticated SPA theme path, so tabs and bookmarks look consistent with km0digital.com.
Horizon
Facebook login (investigation only)
Meta login was scoped for Dex as an upstream OAuth connector (Dex remains the sole OIDC issuer for OpenCloud). Investigation is complete: example config, env-gated entrypoint hook, and runbook notes on App Review and email claims.
Production enablement waits on Meta app review and a product decision on accounts without a verified email. Google, Apple, and LDAP local login are unaffected.
Next step
Day 7
Day 6 closes the loop between vision and daily use: sync apps, tutorials, and a site that explains both. A special day 7 entry follows separately. Until then, try the cloud guides or sign in at cloud.km0digital.com.