For getting Access Token using Authorization Code rclone is using Client Secret, is there any plan to support Certificate instead of Client Secret for this flow ?
welcome to the forum,
can you please explain in more detail?
Thanks. Authorization Code flow has 1) Front end call using Browser and rclone gets Authorization Code. 2) Back end call Rclone gets access token using authorization code.
For #2 Back end call Rclone is using Client Secret to identify with IDP, for this call is there any plan to use Certificate Instead of Client Secret.
Request an access token with a certificate credential
Is this one of these issues?
- Add a new authorization method for the onedrive · Issue #6996 · rclone/rclone · GitHub
- onedrive backend - support client credentials grant · Issue #6197 · rclone/rclone · GitHub
- Make rclone work with OneDrive app password only, like other apps do · Issue #3585 · rclone/rclone · GitHub
Onedrive authentication is extremely complicated!
Based on my reading, I don't believe it is. Client Certificate authentication describes a flow where the client presents a certificate in lieu of a client secret.
My understanding is that RClone uses a client [secret](https:// rcloneEncryptedClientSecret = "_JUdzh3LnKNqSPcf4Wu5fgMFIQOI8glZu_akYgR8yf6egowNBg-R") Which begs a few questions.
If RClone currently implements the Authorization Code Flow, why does it need a client secret? Previous discussion indicated that it's used to refresh the token. Is there a ticket to have rclone generate a client assertion using a certificate, rather than presenting a client secret? Alternatively, is there a ticket for RClone to use refresh tokens, if it doesn't already?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.