Log in and authorize rclone for access
Waiting for code...
Got code
2021/06/04 13:57:06 Failed to configure token: failed to get token: oauth2: cannot fetch token: 401 Unauthorized
Response: {"error":"invalid_client","error_description":"AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented.
What is your rclone version (output from rclone version)
It's below, redacted to remove the client ID and secret. That said, I think the error is self-explanatory. Rclone is passing along the client_secret, and Microsoft doesn't like it. If I capture an HTTP trace, I can see that the client_secret is indeed included.
λ rclone config
Current remotes:
Name Type
==== ====
Source drive
SourceMyDrive drive
SourceOneDrive onedrive
SourceOneDrive2 onedrive
TargetMyDrive drive
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> n
name> SourceOneDrive3
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / 1Fichier
\ "fichier"
2 / Alias for an existing remote
\ "alias"
3 / Amazon Drive
\ "amazon cloud drive"
4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, and Tencent COS
\ "s3"
5 / Backblaze B2
\ "b2"
6 / Box
\ "box"
7 / Cache a remote
\ "cache"
8 / Citrix Sharefile
\ "sharefile"
9 / Compress a remote
\ "compress"
10 / Dropbox
\ "dropbox"
11 / Encrypt/Decrypt a remote
\ "crypt"
12 / Enterprise File Fabric
\ "filefabric"
13 / FTP Connection
\ "ftp"
14 / Google Cloud Storage (this is not Google Drive)
\ "google cloud storage"
15 / Google Drive
\ "drive"
16 / Google Photos
\ "google photos"
17 / Hadoop distributed file system
\ "hdfs"
18 / Hubic
\ "hubic"
19 / In memory object storage system.
\ "memory"
20 / Jottacloud
\ "jottacloud"
21 / Koofr
\ "koofr"
22 / Local Disk
\ "local"
23 / Mail.ru Cloud
\ "mailru"
24 / Mega
\ "mega"
25 / Microsoft Azure Blob Storage
\ "azureblob"
26 / Microsoft OneDrive
\ "onedrive"
27 / OpenDrive
\ "opendrive"
28 / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
\ "swift"
29 / Pcloud
\ "pcloud"
30 / Put.io
\ "putio"
31 / QingCloud Object Storage
\ "qingstor"
32 / SSH/SFTP Connection
\ "sftp"
33 / Sugarsync
\ "sugarsync"
34 / Tardigrade Decentralized Cloud Storage
\ "tardigrade"
35 / Transparently chunk/split large files
\ "chunker"
36 / Union merges the contents of several upstream fs
\ "union"
37 / Webdav
\ "webdav"
38 / Yandex Disk
\ "yandex"
39 / Zoho
\ "zoho"
40 / http Connection
\ "http"
41 / premiumize.me
\ "premiumizeme"
42 / seafile
\ "seafile"
Storage> onedrive
** See help for onedrive backend at: https://rclone.org/onedrive/ **
OAuth Client Id
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_id> REDACTED
OAuth Client Secret
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_secret> REDACTED
Choose national cloud region for OneDrive.
Enter a string value. Press Enter for the default ("global").
Choose a number from below, or type in your own value
1 / Microsoft Cloud Global
\ "global"
2 / Microsoft Cloud for US Government
\ "us"
3 / Microsoft Cloud Germany
\ "de"
4 / Azure and Office 365 operated by 21Vianet in China
\ "cn"
region> 1
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n>
Remote config
Make sure your Redirect URL is set to "http://localhost:53682/" in your custom config.
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes (default)
n) No
y/n>
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=CDwL567OLxdI4SgLujCSmA
Log in and authorize rclone for access
Waiting for code...
Got code
2021/06/04 14:31:27 Failed to configure token: failed to get token: oauth2: cannot fetch token: 401 Unauthorized
Response: {"error":"invalid_client","error_description":"AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented.\r\nTrace ID: b587875b-0ad6-43e5-a672-ec9f4f8f4000\r\nCorrelation ID: f54ac7d6-2cba-4da6-a0d1-d99e06ea10ed\r\nTimestamp: 2021-06-04 19:31:28Z","error_codes":[700025],"timestamp":"2021-06-04 19:31:28Z","trace_id":"b587875b-0ad6-43e5-a672-ec9f4f8f4000","correlation_id":"f54ac7d6-2cba-4da6-a0d1-d99e06ea10ed"}
The issue was that I was reusing an existing app that had been set up as something other than the Web platform. I was able to set the redirect for this platform, but it causes the AADSTS7000215 error. Recreating the app from scratch and ensuring the platform is Web resolved the problem.