OneDrive: How to configure rclone for client credentials OAuth flow?

What is the problem you are having with rclone?

I'm trying to use rclone as an Administrator to copy multiple users' OneDrive data to another remote, but I don't see a way to obtain a token using the client credentials flow. When I use rclone config to manually set up a remote, the only options I see take me through the authorization code flow, which is end-user based. Obviously that won't work for multiple users in batch mode.

Client credentials flow documentation

What is your rclone version (output from rclone version)

λ rclone version
rclone v1.55.1
- os/type: windows
- os/arch: amd64
- go/version: go1.16.3
- go/linking: dynamic
- go/tags: cmount

Which OS you are using and how many bits (eg Windows 7, 64 bit)

Windows 10, 64-bit

Which cloud storage system are you using? (eg Google Drive)


The command you were trying to run (eg rclone copy /tmp remote:tmp)

Not really applicable here, as I can't get far enough to actually attempt to run a command. I guess you can see the problem using reclone config and attempting to set up a OneDrive remote.

The rclone config contents with secrets removed.


A log from the command with the -vv flag



if you search the forum, you will find posts dealing with that onedrive issue.
i could be wrong that there is not a good working solution.

many backends support service account files, that might be a workaround.

I spent some time searching before creating this thread and didn't find anything. Do you happen to have some links to those posts? If rclone uses the client credentials flow and gets a new token when the existing one expires, it seems like it should work. I just don't think that OAuth flow is built into the tool right now, but I could be wrong.

The request parameters to make it happen look like this:

$params = @{
  Method      = 'Post'
  Uri         = ''
  ContentType = 'application/x-www-form-urlencoded'
  Body        = @{
	client_id     = $global:M365_OAUTH_CLIENT_ID
	client_secret = $global:M365_OAUTH_CLIENT_SECRET
	grant_type    = 'client_credentials'
	scope         = ''

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.