OneDrive: school blocks API scopes use, workaround?

What is the problem you are having with rclone?

My school gives all students an office365 account but blocks any 'developer' settings. I'm trying to gather some ideas for working around the limitation if possible at all?

All access to portal.azure.com is blocked, I asked my school if they would enable my profile to be of role 'developer' and they denied the request.

Would it be possible for me to circumvent this issue by using 2 onedrive accounts?

  • (ultimate storage bucket) my college EDU onedrive folder
  • (my personal hotmail) use this account to create API scope for rclone to use for credentials.

In theory I was thinking I could "share a folder" with my personal hotmail account, therefore granting access to my API credentials used by rclone. A long time ago I was able to do this with Google Drive but I am not familiar with Microsoft / One drive.

As I won't be able to create any API credentials for the account where I want to store my files creating a 'shared' folder could circumvent this issue? Anyone done this and any tips on how to make it work?

What is your rclone version (output from rclone version)

rclone v1.55.0

  • os/type: windows
  • os/arch: amd64
  • go/version: go1.16.2
  • go/linking: dynamic
  • go/tags: cmount

Which OS you are using and how many bits (eg Windows 7, 64 bit)

Win 10 x64

Which cloud storage system are you using? (eg Google Drive)

One Drive

This documentation seems to indicate accessing a shared folder may be possible: Accessing shared files and folders - OneDrive API - OneDrive dev center | Microsoft Docs

While I do see the user@hotmail.com account having explicit permissions (not link) I am not sure which rclone commands or how to find out the onedrive ID of the account I am trying to store the files at (my edu)?

So this means you can't access the Onedrive API and use the onedrive backend from rclone - is that right?

You should be able to access your space with the webdav backend - this has a special mode for onedrive and was added just for EDU accounts.

I think this might work - give it a go!

Correct :frowning:

I have given this a try, looks like when I share a folder with my hotmail account it sends an email link to it, does not grant full folder priviledges at the system level (ala Google Drive) meaning that when I view the folder properties on OneDrive I see that my hotmail.com account is shared via link but not identity itself. So my 'client_id' and secret associated with my hotmail is unable to read / write to the shared folder.

The shared folder also does not show on my hotmail.com 'shared folders' account - so there must be some other restriction that my university has put in place. I think its the setting 'sharing with people outside organization' to be link only is enabled.

This is good to know, my account has 2FA enforced and can't be disabled. I know the domain and have setup webdav as the instructions say but I am getting forbidden errors - is there a way to make rclone more verbose in what is occuring behind the scenes before the 403?

C:\Users\Giovanni>rclone -vv ls onedrive:
2021/04/20 23:23:05 DEBUG : Using config file from "C:\\Users\\Giovanni\\.config\\rclone\\rclone.conf"
2021/04/20 23:23:05 DEBUG : rclone: Version "v1.55.0" starting with parameters ["rclone" "-vv" "ls" "onedrive:"]
2021/04/20 23:23:05 DEBUG : Creating backend with remote "onedrive:"
2021/04/20 23:23:06 ERROR : : error listing: couldn't list files: 403 FORBIDDEN: 403 FORBIDDEN
2021/04/20 23:23:06 DEBUG : 4 go routines active
2021/04/20 23:23:06 Failed to ls with 2 errors: last error was: couldn't list files: 403 FORBIDDEN: 403 FORBIDDEN

:frowning:

Try adding -vv --dump bodies and it will show the HTTP transactions which may give some further clues.