OneDrive Token error after 30 minutes

chris_m · August 6, 2023, 7:52pm

What is the problem you are having with rclone?

I am using rclone for Onedrive which initally works as expected. After ~30 minutes rclone gives the error below:

The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.

Restarting rclone clears the error and Onedrive works for another 30 minutes.
I suspect that rclone tries to refresh the token after 30 minutes and runs into an error.

Does anyone have a working OneDrive configuration that they could compare this to or send me?
I would appreciate any help / advice, Thanks.

Run the command 'rclone version' and share the full output of the command.

rclone v1.63.1
- os/version: ubuntu 20.04 (64 bit)
- os/kernel: 5.4.0-155-generic (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.20.6
- go/linking: static
- go/tags: none

(Headerless system)

Which cloud storage system are you using? (eg Google Drive)

Microsoft Onedrive

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone mount \
            --config=/home/chris/.config/rclone/rclone.conf \
             -vv \
            --vfs-cache-mode=writes \
            Tracker:Tracking /home/chris/OneDrive/

The rclone config contents with secrets removed.

[Tracker]
type = onedrive
client_id = XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
client_secret = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
token = {"access_token":"XXX - 1176 characters" ,"token_type":"Bearer","refresh_token":"XXX - 376 characters","expiry":"2023-08-06T20:14:27.586214649Z"}
drive_id = XXXXXXXXXXXXXXXX
drive_type = personal

A log from the command with the `-vv` flag

Aug 06 19:30:14  : DEBUG : file.csv: vfs cache: starting upload
Aug 06 19:30:14  : DEBUG : file.csv: Starting multipart upload
Aug 06 19:30:14  : DEBUG : file.csv: Uploading segment 0/8520 size 8520
Aug 06 19:30:15  : NOTICE: Time may be set wrong - time from "api.onedrive.com" is 1h10m24.007240766s different from this computer
Aug 06 19:30:15  : DEBUG : file.csv: quickxor = bbe1b24a7b4c9516096a161afda1ae9797f0b40c OK
Aug 06 19:30:15  : INFO  : file.csv: Copied (replaced existing)
Aug 06 19:30:15  : DEBUG : file.csv: vfs cache: fingerprint now "8520,2023-08-06 19:30:08 +0000 UTC,bbe1b24a7b4c9516096a161afda1ae9797f0b40c"
Aug 06 19:30:15  : DEBUG : file.csv: vfs cache: writeback object to VFS layer
Aug 06 19:30:15  : DEBUG : : Added virtual directory entry vAddFile: "file.csv"
Aug 06 19:30:15  : INFO  : file.csv: vfs cache: upload succeeded try #1
Aug 06 18:20:41  : DEBUG : OneDrive root 'Tracking': Checking for changes on remote
Aug 06 18:20:41  : DEBUG : vfs cache RemoveNotInUse (maxAge=3600000000000, emptyOnly=false): item file.csv not removed, freed 0 bytes
Aug 06 18:20:41  : INFO  : vfs cache: cleaned: objects 1 (was 1) in use 0, to upload 0, uploading 0, total size 8.320Ki (was 8.320Ki)
Aug 06 18:20:41  : DEBUG : : changeNotify: relativePath="file.csv", type=1
Aug 06 18:20:41  : DEBUG : : invalidating directory cache
Aug 06 18:20:41  : DEBUG : : >changeNotify:
Aug 06 18:21:41  : DEBUG : OneDrive root 'Tracking': Checking for changes on remote
Aug 06 18:21:41  : DEBUG : vfs cache RemoveNotInUse (maxAge=3600000000000, emptyOnly=false): item file.csv not removed, freed 0 bytes
Aug 06 18:21:41  : INFO  : vfs cache: cleaned: objects 1 (was 1) in use 0, to upload 0, uploading 0, total size 8.320Ki (was 8.320Ki)

*** The previous three messages repeat every minute until the error. I have edited them out for clarity***

Aug 06 19:03:41  : DEBUG : vfs cache RemoveNotInUse (maxAge=3600000000000, emptyOnly=false): item file.csv not removed, freed 0 bytes
Aug 06 19:03:41  : INFO  : vfs cache: cleaned: objects 1 (was 1) in use 0, to upload 0, uploading 0, total size 8.320Ki (was 8.320Ki)
Aug 06 19:04:04  : DEBUG : OneDrive root 'Tracking': Token expired but no uploads in progress - doing nothing
Aug 06 19:04:41  : DEBUG : OneDrive root 'Tracking': Checking for changes on remote
Aug 06 19:04:41  : DEBUG : vfs cache RemoveNotInUse (maxAge=3600000000000, emptyOnly=false): item file.csv not removed, freed 0 bytes
Aug 06 19:04:41  : INFO  : vfs cache: cleaned: objects 1 (was 1) in use 0, to upload 0, uploading 0, total size 8.320Ki (was 8.320Ki)
Aug 06 19:04:41  : INFO  : OneDrive root 'Tracking': Change notify listener failure: InvalidAuthenticationToken: IDX14100: JWT is not well formed: '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', there are no dots (.).
Aug 06 19:04:41  : The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Aug 06 19:05:40  : DEBUG : /: Attr:
Aug 06 19:05:40  : DEBUG : /: >Attr: attr=valid=1s ino=0 size=0 mode=drwxr-xr-x, err=<nil>
Aug 06 19:05:41  : DEBUG : OneDrive root 'Tracking': Checking for changes on remote
Aug 06 19:05:41  : DEBUG : vfs cache RemoveNotInUse (maxAge=3600000000000, emptyOnly=false): item file.csv not removed, freed 0 bytes
Aug 06 19:05:41  : INFO  : vfs cache: cleaned: objects 1 (was 1) in use 0, to upload 0, uploading 0, total size 8.320Ki (was 8.320Ki)
Aug 06 19:05:41  : INFO  : OneDrive root 'Tracking': Change notify listener failure: InvalidAuthenticationToken: IDX14100: JWT is not well formed: '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', there are no dots (.).
Aug 06 19:05:41  : The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Aug 06 19:06:01  : DEBUG : /: Attr:
Aug 06 19:06:01  : DEBUG : /: >Attr: attr=valid=1s ino=0 size=0 mode=drwxr-xr-x, err=<nil>
Aug 06 19:06:03  : DEBUG : /: Attr:
Aug 06 19:06:03  : DEBUG : /: >Attr: attr=valid=1s ino=0 size=0 mode=drwxr-xr-x, err=<nil>
Aug 06 19:06:03  : DEBUG : /: ReadDirAll:
Aug 06 19:06:03  : DEBUG : : Dir.ReadDirAll error: couldn't list files: InvalidAuthenticationToken: IDX14100: JWT is not well formed: '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', there are no dots (.).
Aug 06 19:06:03  : The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Aug 06 19:06:03  : ERROR : IO error: couldn't list files: InvalidAuthenticationToken: IDX14100: JWT is not well formed: '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', there are no dots (.).
Aug 06 19:06:03  : The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Aug 06 19:06:03  : DEBUG : /: >ReadDirAll: item=-1, err=couldn't list files: InvalidAuthenticationToken: IDX14100: JWT is not well formed: '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', there are no dots (.).
Aug 06 19:06:03  : The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.

rclone is running at startup as a systemd service.
The system time is correct after a few seconds of startup.

OneDrive App ID Manifset file

{
	"id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
	"acceptMappedClaims": null,
	"accessTokenAcceptedVersion": 2,
	"addIns": [],
	"allowPublicClient": null,
	"appId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
	"appRoles": [],
	"oauth2AllowUrlPathMatching": false,
	"createdDateTime": "2023-08-06T13:10:52Z",
	"description": null,
	"certification": null,
	"disabledByMicrosoftStatus": null,
	"groupMembershipClaims": null,
	"identifierUris": [],
	"informationalUrls": {
		"termsOfService": null,
		"support": null,
		"privacy": null,
		"marketing": null
	},
	"keyCredentials": [],
	"knownClientApplications": [],
	"logoUrl": null,
	"logoutUrl": null,
	"name": "Tracker",
	"notes": null,
	"oauth2AllowIdTokenImplicitFlow": false,
	"oauth2AllowImplicitFlow": false,
	"oauth2Permissions": [],
	"oauth2RequirePostResponse": false,
	"optionalClaims": null,
	"orgRestrictions": [],
	"parentalControlSettings": {
		"countriesBlockedForMinors": [],
		"legalAgeGroupRule": "Allow"
	},
	"passwordCredentials": [
		{
			"customKeyIdentifier": null,
			"endDate": "2025-08-05T13:11:28.825Z",
			"keyId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
			"startDate": "2023-08-06T13:11:28.825Z",
			"value": null,
			"createdOn": "2023-08-06T13:11:43.2768377Z",
			"hint": "I0I",
			"displayName": "BTracker1"
		}
	],
	"preAuthorizedApplications": [],
	"publisherDomain": null,
	"replyUrlsWithType": [
		{
			"url": "http://localhost:53682/",
			"type": "Web"
		}
	],
	"requiredResourceAccess": [
		{
			"resourceAppId": "00000003-0000-0000-c000-000000000000",
			"resourceAccess": [
				{
					"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
					"type": "Scope"
				},
				{
					"id": "5447fe39-cb82-4c1a-b977-520e67e724eb",
					"type": "Scope"
				},
				{
					"id": "17dde5bd-8c17-420f-a486-969730c1b827",
					"type": "Scope"
				},
				{
					"id": "8019c312-3263-48e6-825e-2b833497195b",
					"type": "Scope"
				},
				{
					"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
					"type": "Scope"
				},
				{
					"id": "10465720-29dd-4523-a11a-6a75c743c9d9",
					"type": "Scope"
				},
				{
					"id": "5c28f0bf-8a70-41f1-8ab2-9032436ddb65",
					"type": "Scope"
				},
				{
					"id": "df85f4d6-205c-4ac5-a5ea-6bf408dba283",
					"type": "Scope"
				},
				{
					"id": "863451e7-0667-486c-a5d6-d135439485f0",
					"type": "Scope"
				},
				{
					"id": "205e70e5-aba6-4c52-a976-6d2d46c48043",
					"type": "Scope"
				}
			]
		}
	],
	"samlMetadataUrl": null,
	"signInUrl": null,
	"signInAudience": "AzureADandPersonalMicrosoftAccount",
	"tags": [],
	"tokenEncryptionKeyId": null
}

Permissions from the manifest file are difficult for person to read but the ID numbers correspond to:

Microsoft Graph (10)
	Files.Read
	Files.Read.All
	Files.Read.Selected
	Files.ReadWrite
	Files.ReadWrite.All
	Files.ReadWrite.AppFolder
	Files.ReadWrite.Selected
	offline_access
	Sites.Read.All
	User.Read

chris_m · August 6, 2023, 11:25pm

Hi,

Updating from Ubuntu 20.04 LTS to Ubuntu 22.04 LTS seems to solve this issue.
This topic can be closed.

Working - Command 'rclone version'.

rclone v1.63.1
- os/version: ubuntu 22.04 (64 bit)
- os/kernel: 5.15.0-78-generic (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.20.6
- go/linking: static
- go/tags: none

system · September 5, 2023, 11:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.