AADSTS90036 authentication failure against SharePoint Online Document Library

edwingustafson · November 20, 2024, 12:07pm

What is the problem you are having with rclone?

Microsoft error AADSTS90036 when authenticating against a SharePoint Online Document Library with a client_id and client_secret: "AADSTS90036: An unexpected, non-retryable error stemming from the directory service has occurred."

Run the command 'rclone version' and share the full output of the command.

rclone v1.66.0

os/version: ubuntu 20.04 (64 bit)
os/kernel: 5.4.0-200-generic (x86_64)
os/type: linux
os/arch: amd64
go/version: go1.22.1
go/linking: static
go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Microsoft SharePoint Online Document Library

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone ls sodl:

Please run 'rclone config redacted' and share the full output. If you get command not found, please make sure to update rclone.

[sodl]
type = onedrive
client_id = XXX
client_secret = XXX
drive_id = XXX
drive_type = documentLibrary
access_scopes = Files.Read Files.Read.All Sites.Read.All offline_access
description = My SharePoint Online Document Library

A log from the command that you were trying to run with the `-vv` flag

2024/11/20 07:01:56 DEBUG : rclone: Version "v1.66.0" starting with parameters ["rclone" "-vv" "ls" "sodl:"]
2024/11/20 07:01:56 DEBUG : Creating backend with remote "sodl:"
2024/11/20 07:01:56 DEBUG : Using config file from "/home/me/.config/rclone/rclone.conf"
2024/11/20 07:01:56 Failed to create file system for "sodl:": failed to configure OneDrive: empty token found - please run "rclone config reconnect sodl:"

Following instructions to run rclone config reconnect sodl: opens web browser with the AADSTS90036 message immediately.

Is there anything I am obviously doing wrong? Or is this something I must take back to my overburdened system administrator?

edwingustafson · November 20, 2024, 12:15pm

Just reproduced with rclone v1.68.2 on a different machine:

rclone v1.68.2
- os/version: darwin 15.1 (64 bit)
- os/kernel: 24.1.0 (x86_64)
- os/type: darwin
- os/arch: amd64
- go/version: go1.23.3
- go/linking: dynamic
- go/tags: none

asdffdsa · November 20, 2024, 2:30pm

for testing, use default values

that is an error returned from onedrive. never mentioned in the forum before.
so, i would check micro$oft documentation, about the error and how to fix it.

edwingustafson · November 20, 2024, 2:41pm

Thanks for responding.

Same result when omitting access_scopes from my configuration.

Researching AADSTS90036 now.

asdffdsa · November 20, 2024, 2:43pm

not sure what that means?

created a new remote from scratch?
edited the non-working remote?
or what?

for testing, try to simplify as much as possible, use defaults, no client_id.

edwingustafson · November 20, 2024, 3:01pm

Sorry — I edited non-working remote configuration for sodl in rclone.conf to remove access_scopes which yielded the same AADSTS90036 error.

Then I edited again to remove client_id which produced an error about invalid client_secret. Removing that allowed me to authenticate using my employee account in my browser.

From there I was able to pick config_type url and enter the SharePoint Online URL, which offered me a list of document libraries from which I picked the one I need. Its drive_id appeared in my rclone.conf and I can now list files in the document library.

This gets me access but it is all tied to my employee account. Of course my boss wants rclone running independently of my employee account, which is why he provided me client_id and client_secret to begin with.

I am continuing to research AADSTS90036.

Thanks again for responding.

asdffdsa · November 20, 2024, 3:06pm

maybe try?
https://rclone.org/webdav/#sharepoint-online

system · December 20, 2024, 3:07pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.