Cannot refresh OAuth refresh token after expiration (oneDrive)

NachoDave · September 1, 2020, 10:23am

What is the problem you are having with rclone?

Hi. I'm new to the forum. I've been using RClone successfully for a couple of months (thank you for all the effort that has gone into its development).

However, I now have the following problem. When syncing with the remote I get the AADSTS50076 error, which indicates my refresh token has expired, as described in the rclone oneDrive documentation https://rclone.org/onedrive/#access-denied-aadsts65005.

When I follow the steps to refresh the token I get to the 'Use auto config?' step and the following message appears in the web browser

"AADSTS7000112: Application 'b15665d9-eda6-4092-8539-0eec376afd59'(rclone) is disabled."

Does this mean that my organization has disabled RClone use? I have taken this up with IT support and they say that rerunning the refresh token step should work, suggesting they haven't (knowingly) blocked it.

I have tried:

Editing the remote to refreshing the token using config
Creating a new remote using config
Clearing all data from my web browser cache and rerunning config, and resigning into oneDrive
Updating RClone and trying the above steps in the latest version

All of these steps result in the same error message in the web browser.
I have use the default client ID.

Any help or suggestions are greatly appreciated.

Thank you

What is your rclone version (output from `rclone version`)

v1.5.1.0 and v1.5.1.3

Which OS you are using and how many bits (eg Windows 7, 64 bit)

Ubuntu 18.04

Which cloud storage system are you using? (eg Google Drive)

OneDrive

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone sync $tpDr$d remote:backUp/$d --exclude-from $excludeDir --filter-from $filter

rclone config

The rclone config contents with secrets removed.

[remote]
type = onedrive
token = 
drive_id = 
drive_type = business

A log from the command with the `-vv` flag


Response: {"error":"invalid_grant","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access ...}

ncw · September 1, 2020, 9:51pm

A bit of searching indicated that this might be cookie related.

Try opening the URL that is printed in the terminal in an incognito window to not use any if your existing cookies.

NachoDave · September 2, 2020, 8:17am

Hi Nick,

Thank you for your response. I've tried opening the URL in an incognito window, but still get the same response.

A bit of searching turned up this blog post, in which the author had a similar problem. He solved it by creating a new client ID. Like the author I don't have permission to access the Azure AD portal, but will try using the old depreciated app registration web portal.

I shall this and report back.

ncw · September 2, 2020, 5:14pm

Ok. Let us know what happens

NachoDave · September 8, 2020, 8:07am

The old app registration portal has been removed. I guess I'll have to ask my organisation to generate me a client ID and Key, as I'm not allowed to access the Azure app registration portal. Not sure whether they will, central IT are not always the most helpful!!

system · November 8, 2020, 4:07am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.