@asdffdsa Thanks! It still doesn't work though. Can't upload, can't download.
As far as I can tell, this "Unauthenticated" behavior and the inability to obtain a token that works represents new policies of Microsoft.
Access tokens are supposed to be created with lifetime of 60 to 90 minutes only. My tokens have been created with no lifetime at all. Refreshing should work, but it doesn't.
I'm using the free plan on Microsoft OneDrive, and maybe that's relevant. It's possible that by subscribing to "Microsoft 365" I might get better results. I'm not going to bother with that.
I find that I can still log in to Microsoft OneDrive using a browser: https://onedrive.live.com/login/
The browser interface still allows me to upload my files, so I'll just use that again.
I used rclone for well over a year and found it to be very convenient. I still use it for cloud storage on Google.
If I learn anything new or different I'll post back. Otherwise, it looks like I'm done here.
FYI - I have multiple free OneDrive accounts I use for testing. No issues at all - zero. I can download, I can upload.
Some have custom client_id - some have default rclone one. No difference unless I do some bulk operations then throttling kicks in. But still all works - maybe slower.
@kapitainsky : Thanks for your observations. My experience has been different, but only recently.
Have your access token(s) expired recently?
Mine did, some weeks ago. After they expired I have not been able to create a new access token that has any available lifespan. The impression I have is that a new token is born with an immediate expiration time.
It could be that Microsoft is trying to claw subscription fees out of people who previously used the free Personal OneDrive accounts. Or maybe token creation is just broken, temporarily.
Problem is I can't reproduce it. I have multiple free accounts (5GB), added one new ones last week. There is no issues with expiring tokens. All works the same as always.
Right now I have created new remote - here you are its token structure. It is the same as all other onedrive remote's tokens I use:
type = onedrive
token = {"access_token":"","token_type":"Bearer","refresh_token":"","expiry":"2023-09-04T09:30:15.349579+01:00"}
drive_id = XXX
drive_type = personal
and token is refreshed when used - e.g. after some time I can see expiry change:
"expiry":"2023-09-04T10:31:37.496375+01:00"
from my usage perspective nothing is broken or not working...
Maybe your problem is that something (firewall??) is blocking oauth token refresh? Could you test you setup from different network?
I've got exactly the same problem, but I want to add some infos:
Option region.
Choose national cloud region for OneDrive.
Choose a number from below, or type in your own string value.
Press Enter for the default (global).
1 / Microsoft Cloud Global
\ (global)
2 / Microsoft Cloud for US Government
\ (us)
3 / Microsoft Cloud Germany
\ (de)
4 / Azure and Office 365 operated by Vnet Group in China
\ (cn)
The problem appears to be including the Authorization header on the PUT request for a multipart upload. From the documentation:
Including the Authorization header when issuing the PUT call may result in a HTTP 401 Unauthorized response. The Authorization header and bearer token should only be sent when issuing the POST during the first step. It should be not be included when issuing the PUT.
Your log shows the same problem as mine. Given that including the Authorization header on the PUT request is specifically stated in the documentation as a reason for an HTTP 401 Unauthorized response, this seems like a bug.
Ultimately, the failure caused by the inclusion of the Authorization header on the PUT request is due to the upload operation hitting different backends. The POST to create the upload session is against OneDrive, but the PUT to upload the data is against Graph. Each of these has its own token, and they cannot be used interchangeably. For Graph, the required token is returned in the POST response in the tempauth field. When making the PUT request, both tokens are supplied, and the Authorization header is given precedence in the failing scenarios.
Here's a sample where I have replaced the actual tokens with ONEDRIVE_TOKEN and GRAPH_TOKEN for clarity.