Google Drive OAuth Changes

darthShadow · February 16, 2022, 9:05pm

ncw · February 17, 2022, 3:03pm

We do support OOB...

lib/oauthutil/oauthutil.go:     TitleBarRedirectURL = "urn:ietf:wg:oauth:2.0:oob"

And

backend/drive/drive.go:         RedirectURL:  oauthutil.TitleBarRedirectURL,
backend/googlecloudstorage/googlecloudstorage.go:               RedirectURL:  oauthutil.TitleBarRedirectURL,
backend/googlephotos/googlephotos.go:           RedirectURL:  oauthutil.TitleBarRedirectURL,

I can't figure out when it gets used though. The normal auth flow and the remote flow don't use it, but there may be some special case where it does get used.

Any ideas?

darthShadow · February 17, 2022, 3:53pm

I thought the remote flow used it? It seems to have it in the URL that's printed for opening in the browser

ncw · February 18, 2022, 12:07pm

Yes you are right... I checked rclone authorize which does work with google drive and assumed because of that the flow would take you there!

It would be pretty easy to change this, though it is useful for users.

Key dates for compliance

Feb 28, 2022 - new OAuth usage will be blocked for the OOB flow

Sep 5, 2022 - a user-facing warning message may be displayed to non-compliant OAuth requests

Oct 3, 2022 - the OOB flow is deprecated for existing clients

So what I read from that is that if you create a new client after Feb 28, 2022 then you won't be able to do the OOB flog, but you will be able to do it if the client was created before that data.

Do you agree?

If so it is probably important that we get the change into rclone 1.58.

Can you open a new issue on Github about this?

Thanks

darthShadow · February 18, 2022, 12:33pm

Yeah, that was my understanding as well. It will basically render all older versions of rclone obsolete for newer credentials after Feb. 28th and for everything after Oct. 3.

Pretty small timeline for such major changes considering how many apps may rely on such behaviour because of how easy it was.

None of the alternatives mentioned in OAuth 2.0 for Mobile & Desktop Apps | Google Identity | Google Developers is remotely as simple.

github.com/rclone/rclone

Change Google Drive Remote OAuth

opened 12:31PM - 18 Feb 22 UTC

darthShadow

enhancement Remote: Drive breaking change

#### The associated forum post URL from `https://forum.rclone.org` https://forum.rclone.org/t/google-drive-oauth-changes/29318/ #### What is your current rclone version (output from `rclone version`)? ``` rclone v1.57.0 - os/version: darwin 12.2.1 (64 bit) - os/kernel: 21.3.0 (x86_64) - os/type: darwin - os/arch: amd64 - go/version: go1.17.2 - go/linking: dynamic - go/tags: none ``` #### What problem are you are trying to solve? OOB Google Drive OAuth Method has been deprecated. #### How do you think rclone should be changed to solve that? Remove the remote method of authentication since none of the alternatives are suitable for it. #### How to use GitHub * Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are affected by the same issue. * Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue. * Subscribe to receive notifications on status change and new comments.

ncw · February 18, 2022, 12:40pm

Luckily we support those already using rclone authorize.

Thanks for opening the issue - I'll continue there.

system · April 20, 2022, 8:40am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.