OneDrive: refreshing tokens without web browser


First of all: just discovered the tool a couple of days ago and I love it!

I see that the backend for OneDrive forces to renew the tokens by using the web browser flow (from their documentation: Token Flow). There is the possibility too to use the Code Flow, where the initial first approval is done with the browser but then token renewals can happen without user intervention.

I can't include links in the post, but I googled the onedrive developer documentation, the latest version uses graph oauth.

And now the questions :slight_smile:

  • Is there are reason for not using the Code Flow? Documentation says that this only works on some scenarios and this could be the reason why it is not implemented.
  • Are the plans to extend rclone to use token autorenewal (Code Flow)?


At the very least, rclone remotes for Onedrive personal do refresh tokens automatically. Once the remote is set up then I've never had to open the browser again in the 6 months I've had the remote defined.

Now business setups may be different, and can depend on the company. For example, if they've federated authentication then the company may require a human to reauthenticate every day, as part of their security measures; in this scenario tokens may expire and not be auto-renewed.

There's a lot of scenarios with business Onedrive accounts that can prevent autorenew from working. But it definitely works with personal accounts.

Onedrive auth is complicated! But I can report on my onedrive business account that they renew automatically and I haven't opened a web browser for a long time to renew it.

@sweh, @ncw - thanks for the replies!
Given your comments, I deleted my configuration and started from scratch... it just worked out of the box! I think the error was that I added the client_id and secret after the first sync.

Thanks a lot!

1 Like

I've had to do this with OneDrive before. I was symlinking my config and it made the updated tokens not sync. I think that really messed things up between machines trying to get a new token so I just nuked it and tried again. I also changed how I symlink configs