I've been using rclone with Gdrive for personal use extensively. Recently, my company ditched Crashplan and directed us to start using our G-Suite Gdrive storage. But no automation has been provided to do backups to Gdrive. Of course, my first thought was to turn rclone to the task.
I've been able to get rclone configured w/Gdrive + Okta for basic tasks--until the token expires in about 1 hour, and it fails to refresh.
I get a message like the following:
2019/08/24 11:42:06 ERROR : Attempt 1/3 failed with 1 errors and: couldn't list directory: Get https://www.googleapis.com/drive/v3/files?alt=json&fields=files%28id%2Cname%2Csize%2Cmd5Checksum%2Ctrashed%2CmodifiedTime%2CcreatedTime%2CmimeType%2Cparents%2CwebViewLink%29%2CnextPageToken&pageSize=1000&prettyPrint=false&q=trashed%3Dfalse+and+%28%27root%27+in+parents%29+and+%28name%3D%27mbp_test%27%29+and+mimeType%3D%27application%2Fvnd.google-apps.folder%27: oauth2: cannot fetch token: 401 Unauthorized Response: { "error": "unauthorized_client", "error_description": "Unauthorized" }
OS X 10.14.6, rclone installed via homebrew:
rclone v1.48.0
- os/arch: darwin/amd64
- go version: go1.12.6
Rclone config:
[workbkup]
type = drive
client_id = .apps.googleusercontent.com
client_secret =
scope = drive.file
root_folder_id =
token = {"access_token":"","token_type":"Bearer","refresh_token":"","expiry":"2019-08-24T15:34:46.274873-04:00"}
Debug log from when the token expires (ran a while loop copying and deleting a file with a 2m pause b/w each):
Summary
2019/08/24 15:31:23 DEBUG : test.mp4: Sending chunk 92274688 length 3157392
2019/08/24 15:31:24 INFO : test.mp4: Copied (new)
2019/08/24 15:31:24 INFO :
Transferred: 91.011M / 91.011 MBytes, 100%, 14.591 MBytes/s, ETA 0s
Errors: 0
Checks: 0 / 0, -
Transferred: 1 / 1, 100%
Elapsed time: 6.2s
2019/08/24 15:31:24 DEBUG : 6 go routines active
2019/08/24 15:31:24 DEBUG : rclone: Version "v1.48.0" finishing with parameters ["rclone" "--log-file=test_refresh.log" "-vvv" "copy" "moo/test.mp4" "workbkup:mbp_test/"]
2019/08/24 15:33:24 DEBUG : rclone: Version "v1.48.0" starting with parameters ["rclone" "--log-file=test_refresh.log" "-vvv" "delete" "workbkup:mbp_test/test.mp4"]
2019/08/24 15:33:24 DEBUG : Using config file from "/Users/nmiller/.config/rclone/rclone.conf"
2019/08/24 15:33:26 INFO : Waiting for deletions to finish
2019/08/24 15:33:26 DEBUG : moo: Excluded
2019/08/24 15:33:26 INFO : test.mp4: Deleted
2019/08/24 15:33:26 DEBUG : 6 go routines active
2019/08/24 15:33:26 DEBUG : rclone: Version "v1.48.0" finishing with parameters ["rclone" "--log-file=test_refresh.log" "-vvv" "delete" "workbkup:mbp_test/test.mp4"]
2019/08/24 15:35:26 DEBUG : rclone: Version "v1.48.0" starting with parameters ["rclone" "--log-file=test_refresh.log" "-vvv" "copy" "moo/test.mp4" "workbkup:mbp_test/"]
2019/08/24 15:35:26 DEBUG : Using config file from "/Users/nmiller/.config/rclone/rclone.conf"
2019/08/24 15:35:26 DEBUG : workbkup: Loaded invalid token from config file - ignoring
2019/08/24 15:35:27 DEBUG : workbkup: Token refresh failed try 1/5: oauth2: cannot fetch token: 401 Unauthorized
Response: {
"error": "unauthorized_client",
"error_description": "Unauthorized"
}
<...snipped 3 attempts..>
2019/08/24 15:35:42 DEBUG : workbkup: Loaded invalid token from config file - ignoring
2019/08/24 15:35:42 DEBUG : workbkup: Token refresh failed try 5/5: oauth2: cannot fetch token: 401 Unauthorized
Response: {
"error": "unauthorized_client",
"error_description": "Unauthorized"
}
2019/08/24 15:35:43 ERROR : Attempt 1/3 failed with 1 errors and: couldn't list directory: Get https://www.googleapis.com/drive/v3/files?alt=json&fields=files(id%2Cname%2Csize%2Cmd5Checksum%2Ctrashed%2CmodifiedTime%2CcreatedTime%2CmimeType%2Cparents%2CwebViewLink)%2CnextPageToken&pageSize=1000&prettyPrint=false&q=trashed%3Dfalse+and+('root'+in+parents)+and+(name%3D'mbp_test')+and+mimeType%3D'application%2Fvnd.google-apps.folder': oauth2: cannot fetch token: 401 Unauthorized
Response: {
"error": "unauthorized_client",
"error_description": "Unauthorized"
}
I read through this thread: Enabling rclone for SSO box.com accounts
However, even if the Gdrive web interface is active and has a valid Okta session token when I run the authorize command, rclone fails to refresh the Gdrive token after it expires. Our SSO is set up such that for Gdrive use, we must use Okta even when on VPN or on the office network.
I'm wondering if anyone has successfully worked with Gdrive and Okta as the SSO? I do not have any administrative access to authorize rclone at a higher level, only at my user account level.
Any suggestions appreciated.