Is there any plan to support Certificate instead of using Client Secret?

For getting Access Token using Authorization Code rclone is using Client Secret, is there any plan to support Certificate instead of Client Secret for this flow ?

welcome to the forum,

can you please explain in more detail?

Thanks. Authorization Code flow has 1) Front end call using Browser and rclone gets Authorization Code. 2) Back end call Rclone gets access token using authorization code.
For #2 Back end call Rclone is using Client Secret to identify with IDP, for this call is there any plan to use Certificate Instead of Client Secret.

Request an access token with a certificate credential

Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft identity platform | Microsoft Learn

Is this one of these issues?

Onedrive authentication is extremely complicated!

Based on my reading, I don't believe it is. Client Certificate authentication describes a flow where the client presents a certificate in lieu of a client secret.

My understanding is that RClone uses a client [secret](https:// rcloneEncryptedClientSecret = "_JUdzh3LnKNqSPcf4Wu5fgMFIQOI8glZu_akYgR8yf6egowNBg-R") Which begs a few questions.

If RClone currently implements the Authorization Code Flow, why does it need a client secret? Previous discussion indicated that it's used to refresh the token. Is there a ticket to have rclone generate a client assertion using a certificate, rather than presenting a client secret? Alternatively, is there a ticket for RClone to use refresh tokens, if it doesn't already?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.