Check username or email address from rclone authorise

mattd · November 7, 2023, 10:03pm

What is the problem you are having with rclone?

Question more than a problem, I am trying to set up a user interface for google drive for linux for my organisation. Because of the way that I'm approaching the problem I'm calling:

rclone authorise "google cloud storage"

Is there a way to confirm that the user has authenticated the correct google account either in the call or afterwards? I want to prevent (or raise an exception) if I expecte the user to authenticate email1a@gmail.com, but they instead authenticate email1b@gmail.com.

I've done a fair bit of searching, but I haven't found a thread to pull on. Thanks for you time!

Run the command 'rclone version' and share the full output of the command.

rclone v1.62.2
- os/version: ubuntu 22.04 (64 bit)
- os/kernel: 5.15.0-88-generic (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.20.2
- go/linking: static
- go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Google Drive

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone authorize "google cloud storage"

Animosity022 · November 7, 2023, 10:20pm

There isn't a way to do that as you fire off an OAUTH to login and that's all based on your browser which rclone can't see.

I've seen it generally ask you for what user to login with so pick the right one I'd imagine.

You can always use service accounts as well as a non oAUTH way to leverage drive.

Google drive (rclone.org)

mattd · November 7, 2023, 11:23pm

Hi thanks. I intentionally staying away from service accounts. If there is no way during the authenticate is it possible to do so afterwards? Eg with another rclone call?

Animosity022 · November 8, 2023, 12:42am

Not that I’m aware of.

ncw · November 8, 2023, 11:53am

It is possible after authentication to ask for the info.

This is implemented for google photos - you can do

$ rclone config userinfo gphotos:
family_name: Craig-Wood
 given_name: Nick
     locale: en-GB
       name: Nick Craig-Wood
    picture: https://lh3.googleusercontent.com/a/XXX
        sub: XXX

The code that does this is here

github.com

rclone/rclone/blob/ad83ff769b03b0731757431a596823822d12ae29/backend/googlephotos/googlephotos.go#L381


      
          
          	// Find userinfo endpoint
          	endpoint, ok := openIDconfig[name].(string)
          	if !ok {
          		return "", fmt.Errorf("couldn't find %q from openID config", name)
          	}
          
          	return endpoint, nil
          }
          
          // UserInfo fetches info about the current user with oauth2
          func (f *Fs) UserInfo(ctx context.Context) (userInfo map[string]string, err error) {
          	endpoint, err := f.fetchEndpoint(ctx, "userinfo_endpoint")
          	if err != nil {
          		return nil, err
          	}
          
          	// Fetch the user info with auth
          	opts := rest.Opts{
          		Method:  "GET",
          		RootURL: endpoint,

This is a standard OAuth feature so Google drive could support it too, but it doesn't at the moment

Check username or email address from rclone authorise

What is the problem you are having with rclone?

Run the command 'rclone version' and share the full output of the command.

Which cloud storage system are you using? (eg Google Drive)

The command you were trying to run (eg rclone copy /tmp remote:tmp)

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)