What is the problem you are having with rclone?
I am using rclone for Onedrive which initally works as expected. After ~30 minutes rclone gives the error below:
The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Restarting rclone clears the error and Onedrive works for another 30 minutes.
I suspect that rclone tries to refresh the token after 30 minutes and runs into an error.
Does anyone have a working OneDrive configuration that they could compare this to or send me?
I would appreciate any help / advice, Thanks.
Run the command 'rclone version' and share the full output of the command.
rclone v1.63.1
- os/version: ubuntu 20.04 (64 bit)
- os/kernel: 5.4.0-155-generic (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.20.6
- go/linking: static
- go/tags: none
(Headerless system)
Which cloud storage system are you using? (eg Google Drive)
Microsoft Onedrive
The command you were trying to run (eg rclone copy /tmp remote:tmp
)
rclone mount \
--config=/home/chris/.config/rclone/rclone.conf \
-vv \
--vfs-cache-mode=writes \
Tracker:Tracking /home/chris/OneDrive/
The rclone config contents with secrets removed.
[Tracker]
type = onedrive
client_id = XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
client_secret = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
token = {"access_token":"XXX - 1176 characters" ,"token_type":"Bearer","refresh_token":"XXX - 376 characters","expiry":"2023-08-06T20:14:27.586214649Z"}
drive_id = XXXXXXXXXXXXXXXX
drive_type = personal
A log from the command with the -vv
flag
Aug 06 19:30:14 : DEBUG : file.csv: vfs cache: starting upload
Aug 06 19:30:14 : DEBUG : file.csv: Starting multipart upload
Aug 06 19:30:14 : DEBUG : file.csv: Uploading segment 0/8520 size 8520
Aug 06 19:30:15 : NOTICE: Time may be set wrong - time from "api.onedrive.com" is 1h10m24.007240766s different from this computer
Aug 06 19:30:15 : DEBUG : file.csv: quickxor = bbe1b24a7b4c9516096a161afda1ae9797f0b40c OK
Aug 06 19:30:15 : INFO : file.csv: Copied (replaced existing)
Aug 06 19:30:15 : DEBUG : file.csv: vfs cache: fingerprint now "8520,2023-08-06 19:30:08 +0000 UTC,bbe1b24a7b4c9516096a161afda1ae9797f0b40c"
Aug 06 19:30:15 : DEBUG : file.csv: vfs cache: writeback object to VFS layer
Aug 06 19:30:15 : DEBUG : : Added virtual directory entry vAddFile: "file.csv"
Aug 06 19:30:15 : INFO : file.csv: vfs cache: upload succeeded try #1
Aug 06 18:20:41 : DEBUG : OneDrive root 'Tracking': Checking for changes on remote
Aug 06 18:20:41 : DEBUG : vfs cache RemoveNotInUse (maxAge=3600000000000, emptyOnly=false): item file.csv not removed, freed 0 bytes
Aug 06 18:20:41 : INFO : vfs cache: cleaned: objects 1 (was 1) in use 0, to upload 0, uploading 0, total size 8.320Ki (was 8.320Ki)
Aug 06 18:20:41 : DEBUG : : changeNotify: relativePath="file.csv", type=1
Aug 06 18:20:41 : DEBUG : : invalidating directory cache
Aug 06 18:20:41 : DEBUG : : >changeNotify:
Aug 06 18:21:41 : DEBUG : OneDrive root 'Tracking': Checking for changes on remote
Aug 06 18:21:41 : DEBUG : vfs cache RemoveNotInUse (maxAge=3600000000000, emptyOnly=false): item file.csv not removed, freed 0 bytes
Aug 06 18:21:41 : INFO : vfs cache: cleaned: objects 1 (was 1) in use 0, to upload 0, uploading 0, total size 8.320Ki (was 8.320Ki)
*** The previous three messages repeat every minute until the error. I have edited them out for clarity***
Aug 06 19:03:41 : DEBUG : vfs cache RemoveNotInUse (maxAge=3600000000000, emptyOnly=false): item file.csv not removed, freed 0 bytes
Aug 06 19:03:41 : INFO : vfs cache: cleaned: objects 1 (was 1) in use 0, to upload 0, uploading 0, total size 8.320Ki (was 8.320Ki)
Aug 06 19:04:04 : DEBUG : OneDrive root 'Tracking': Token expired but no uploads in progress - doing nothing
Aug 06 19:04:41 : DEBUG : OneDrive root 'Tracking': Checking for changes on remote
Aug 06 19:04:41 : DEBUG : vfs cache RemoveNotInUse (maxAge=3600000000000, emptyOnly=false): item file.csv not removed, freed 0 bytes
Aug 06 19:04:41 : INFO : vfs cache: cleaned: objects 1 (was 1) in use 0, to upload 0, uploading 0, total size 8.320Ki (was 8.320Ki)
Aug 06 19:04:41 : INFO : OneDrive root 'Tracking': Change notify listener failure: InvalidAuthenticationToken: IDX14100: JWT is not well formed: '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', there are no dots (.).
Aug 06 19:04:41 : The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Aug 06 19:05:40 : DEBUG : /: Attr:
Aug 06 19:05:40 : DEBUG : /: >Attr: attr=valid=1s ino=0 size=0 mode=drwxr-xr-x, err=<nil>
Aug 06 19:05:41 : DEBUG : OneDrive root 'Tracking': Checking for changes on remote
Aug 06 19:05:41 : DEBUG : vfs cache RemoveNotInUse (maxAge=3600000000000, emptyOnly=false): item file.csv not removed, freed 0 bytes
Aug 06 19:05:41 : INFO : vfs cache: cleaned: objects 1 (was 1) in use 0, to upload 0, uploading 0, total size 8.320Ki (was 8.320Ki)
Aug 06 19:05:41 : INFO : OneDrive root 'Tracking': Change notify listener failure: InvalidAuthenticationToken: IDX14100: JWT is not well formed: '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', there are no dots (.).
Aug 06 19:05:41 : The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Aug 06 19:06:01 : DEBUG : /: Attr:
Aug 06 19:06:01 : DEBUG : /: >Attr: attr=valid=1s ino=0 size=0 mode=drwxr-xr-x, err=<nil>
Aug 06 19:06:03 : DEBUG : /: Attr:
Aug 06 19:06:03 : DEBUG : /: >Attr: attr=valid=1s ino=0 size=0 mode=drwxr-xr-x, err=<nil>
Aug 06 19:06:03 : DEBUG : /: ReadDirAll:
Aug 06 19:06:03 : DEBUG : : Dir.ReadDirAll error: couldn't list files: InvalidAuthenticationToken: IDX14100: JWT is not well formed: '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', there are no dots (.).
Aug 06 19:06:03 : The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Aug 06 19:06:03 : ERROR : IO error: couldn't list files: InvalidAuthenticationToken: IDX14100: JWT is not well formed: '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', there are no dots (.).
Aug 06 19:06:03 : The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
Aug 06 19:06:03 : DEBUG : /: >ReadDirAll: item=-1, err=couldn't list files: InvalidAuthenticationToken: IDX14100: JWT is not well formed: '[PII of type 'Microsoft.IdentityModel.Logging.SecurityArtifact' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', there are no dots (.).
Aug 06 19:06:03 : The token needs to be in JWS or JWE Compact Serialization Format. (JWS): 'EncodedHeader.EndcodedPayload.EncodedSignature'. (JWE): 'EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag'.
rclone is running at startup as a systemd service.
The system time is correct after a few seconds of startup.
OneDrive App ID Manifset file
{
"id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"addIns": [],
"allowPublicClient": null,
"appId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2023-08-06T13:10:52Z",
"description": null,
"certification": null,
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "Tracker",
"notes": null,
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [
{
"customKeyIdentifier": null,
"endDate": "2025-08-05T13:11:28.825Z",
"keyId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
"startDate": "2023-08-06T13:11:28.825Z",
"value": null,
"createdOn": "2023-08-06T13:11:43.2768377Z",
"hint": "I0I",
"displayName": "BTracker1"
}
],
"preAuthorizedApplications": [],
"publisherDomain": null,
"replyUrlsWithType": [
{
"url": "http://localhost:53682/",
"type": "Web"
}
],
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "5447fe39-cb82-4c1a-b977-520e67e724eb",
"type": "Scope"
},
{
"id": "17dde5bd-8c17-420f-a486-969730c1b827",
"type": "Scope"
},
{
"id": "8019c312-3263-48e6-825e-2b833497195b",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "10465720-29dd-4523-a11a-6a75c743c9d9",
"type": "Scope"
},
{
"id": "5c28f0bf-8a70-41f1-8ab2-9032436ddb65",
"type": "Scope"
},
{
"id": "df85f4d6-205c-4ac5-a5ea-6bf408dba283",
"type": "Scope"
},
{
"id": "863451e7-0667-486c-a5d6-d135439485f0",
"type": "Scope"
},
{
"id": "205e70e5-aba6-4c52-a976-6d2d46c48043",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null
}
Permissions from the manifest file are difficult for person to read but the ID numbers correspond to:
Microsoft Graph (10)
Files.Read
Files.Read.All
Files.Read.Selected
Files.ReadWrite
Files.ReadWrite.All
Files.ReadWrite.AppFolder
Files.ReadWrite.Selected
offline_access
Sites.Read.All
User.Read