Successfully connected the drive using device_flow but then the Microsoft OneDrive connection stops working after 1 hour when the access token expires.
Run the command 'rclone version' and share the full output of the command.
Tried on two versions:
v1.50.2
v1.57.0
Which cloud storage system are you using? (eg Google Drive)
OneDrive
The command you were trying to run (eg rclone copy /tmp remote:tmp)
Starting it up via python but these are the params:
rclone: Version "v1.50.2" starting with parameters ["rclone" "mount" "onedriveremote:" "/tmp/OneDrive" "--log-level" "DEBUG" "--log-file" "/tmp/rclone.log" "--config" "/tmp/rclone.conf" "--daemon"]
The rclone config contents with secrets removed.
[onedriveremote]
type = onedrive
region = global
drive_id = b***
drive_type = business
token = {"access_token": "ey***", "token_type": "Bearer", "refresh_token": "0.A***", "expiry": "2022-02-25T15:10:50+00:00"}
A log from the command with the -vv flag
2022/02/24 19:49:35 DEBUG : onedriveremote: Loaded invalid token from config file - ignoring
2022/02/24 19:49:35 DEBUG : onedriveremote: Token refresh failed try 1/5: oauth2: cannot fetch token: 401 Unauthorized
Response: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app ***}
So I tested quite a bit in regards to the azure app registration, trying to get one to work with both rclone and MSAL (as that is a requirement in my case). Eventually got it to work by
set it to issue access & id tokens (maybe id isn't needed?)
enabled mobile and desktop flows
Using this new app registration I managed to get an access token from the app with both msal and rclone.
Thought I could populate the rclone.conf with the access_token and refresh_token fetched via python/MSAL. But when the access_token runs out I got another error:
{"error":"invalid_client","error_description":"AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented
Did a rclone config on another machine and copied the refresh token over to the initial one and the error disappeared and the onedrive mount started working again.
When comparing the refresh tokens, the start of them are equal (header?) and the rest is different (including the length).
I guess the refresh token fetched via python & MSAL just isn't compatible with rclone unfortunately...
Maybe the way to get around is to not store the refresh token in the rclone.conf and then just replace it every hour with python...
It would've been cleaner if I could tell the running rclone process to re-read the rclone.conf file to pickup the new access token. I'm guessing that's probably not possible though? But oh well, at least it works!
For someone looking for a way to do an ad-hoc non-browser/headless connection to onedrive with rclone; python msal + rclone does at least work ( Remote Setup (rclone.org))
That would need a new rclone remote control call. Its easy enough to reload the config file, but getting the oauth to use the new tokens would be a bit harder...