Oauth2 cannot fetch token 401 unauthorized error

I have 2 google drives with cache and crypt configured in rclone. My first gdrive works fine with my own client id and client secret. But second one is giving me this error (see image) with my own client id and client secret.

Rclone v1.45

This is my config file :
[gdrive]
type = drive
scope = drive
token = xxx
client_id = xxx
client_secret = xxx
chunk_size = 8M

[gcache]
type = cache
remote = gdrive:/Plex
plex_url = http://localhost:32400
plex_username = xxx
plex_password = xxx
chunk_size = 8M
info_age = 1d

[gcrypt]
type = crypt
remote = gcache:
filename_encryption = off
directory_name_encryption = false
password = xxx

[gdrive2]
type = drive
scope = drive
token = xxx
client_id = xxx
client_secret = xxx
chunk_size = 8M

[gcache2]
type = cache
remote = gdrive2:/Plex
plex_url = http://localhost:32400
plex_username = xxx
plex_password = xxx
chunk_size = 8M
info_age = 1d

[gcrypt2]
type = crypt
remote = gcache2:
filename_encryption = standard
directory_name_encryption = true
password = xxxxx

Did it ever work?

I suggest you run through rclone config again and see if that makes it work.

It works for a small amount of time whenever I give it brand new client id and client secret.
I can use it with default rcone client id and secret but would prefer to use it with my own.

1 Like

How long for?

A good idea.

Is it possible there is something wrong with the account that you used to make the client_id?

Like around 10 GB was uploaded before I got the error.

And there shouldnt be any issue with the account used for making client_id because client_id from same account works for my primary gdrive without issues.

I’m pretty sure it is some google thing but I don’t know what. You could try making another client_id?

I have tried 2 already. I will try with client id from new google account.

Does your config look like this?

[drive]
type = drive
client_id = XXX.apps.googleusercontent.com
client_secret = XXXXXXXXXXXXXXXXXXXXXXX
token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2019-02-04T10:52:55.45137838Z"}

Do you have another rclone instance running that could be overwriting your config with the old client id?

yes it looks like this.

nope. Only one rclone instance with 6 remotes (gdrive,gcache,gcrypt,gdrive2,gcache2,gcrypt2) .

I created new client id with the different google account and now its working fine.

1 Like

I ran into the exact problem today:

  • had a Google Cloud app created in 2015 that I never used for rclone
  • configured a Google Drive remote an hour ago
  • entered the client id and secret, and the config look like this:

    type = drive
    scope = drive.file
    client_id = [...].apps.googleusercontent.com
    client_secret = [...]
    token = {"access_token":"[...]-[...]-l-[...]-W_l63","token_type":"Bearer","refresh_token":"1/[...]-[...]","expiry":"2019-07-01T15:43:43.143412464-05:00"}

  • copied <5GB of data just fine
  • now I get the "oauth2: cannot fetch token: 401 Unauthorized" error

Notice that the expiry field is set to today. Is that expected?

Tried to get a new token. Chose the "no auto config" option since this is a headless machine and navigated to the https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=[...] URL that rclone generated. That failed with:

I don't know where to find the redirect_uri setting in the Google Cloud console, and https://rclone.org/drive/ doesn't say where.

The auto option (http://127.0.0.1:53682/auth) failed as well. Had this problem an hour ago when I initially got the token; can't remember exactly what I did to get it after all, but I think I restarted the new remote setup wizard and entered blank client id and secret, then edited rclone.conf to paste in the real ones. Some type of token mismatch maybe?

Yes, the tokens only live for 1 hour normally, but are refreshed with the refresh token.

APIs & Services => Credentials - in there?

I can't find it either...

It probably depends on what type of oauth2 client you make. I choose "other" for rclone, so you might have to make a new oauth client.