Question about Onedrive authentication methods

doronbehar · December 15, 2024, 8:13am

I have been using rclone with a onedrive remote for a while now and everything is OK. Still though, I want to get a slightly better synchronization experience then running rsync bisync periodically, or with inotifywatch and all kind of other hooks. Hence this search made me find this tool:

However, when trying to setup this up I encountered an authentication denial that is described here.

I am writing this post because I want to find out how come I didn't encounter the same authentication issue with rclone. What is the authentication method that rclone uses? Perhaps I'd be able to convince or modify onedrive to use the same authentication method... For comparison, this is an example oauth URL that onedrive produces:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=22c49a0d-d21c-4792-aed1-8f163c982546&scope=Files.ReadWrite%20Files.ReadWrite.all%20Sites.ReadWrite.All%20offline_access&response_type=code&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient

And the response URI is supposed to be something like this:

https://login.microsoftonline.com/common/oauth2/nativeclient?code=<redacted>

Perhaps rclone is using SAML? Thanks for any help

kapitainsky · December 15, 2024, 9:37am

Looking briefly at your issue it looks like it is your onedrive account permissions problem - I think you should ask your admin to allow this other app. It is probably as simple as that.

doronbehar · December 15, 2024, 9:41am

Yes but how come I didn't have to ask them to manually allow the rclone app to access the data? That's what's so peculiar to me.

kapitainsky · December 15, 2024, 9:45am

I think the best way forward would be to talk to your admin. Usually they have some reasons (e.g. some apps causing issues for other users) to introduce certain restrictions and trying to find a workaround (or hack) is not the right thing to do - talking from IT admin perspective here:)

Dan_Foxley · December 26, 2024, 8:04pm

Are you able to login to: https://entra.microsoft.com/? My regular non-Admin user can, I don't recall enabling my reqular user to have more permissions, perhaps your non-admin user can see the registered apps in your Entra.

I can see app registristrations in there: