Sure you can. Not wise, but you can.
???
You are confusing âcodeâ and âdatasâ. Something like ACD client ID / token is of course more related to âdatasâ than âcodeâ.
Open source code may of course perfectly use additionnal datas, either embedded in the code (like it is currently), either provided at run time (like user credentials) or at runtime.
Great News ! I love the appâŚ
So why can't the binary just look for a file containing the key(s) on startup? Don't commit any key at all to the repo, and include documentation on creating your own keyfile.
Thats the thing for Amazon you cant create your own key.
I guess this is when it comes handy to have all files synced to 2 places. I do hope ACD will be back up soon. I donât like the idea of having my files on only one cloud provider for exactly this reason.
I donât know if this is relevant or no, but after paying those 60 dollars in April, 2017, my uploads were paused because Iâm âout of storageâ after only 1,9TB of dataâŚ
Does anybody got this type of âbanâ too?
can change to raid 0
Can it be because this information in the code?
rcloneClientID = "amzn1.application-oa2-client.6bf18d2d1f5b485c94c8988bb03ad0e7"
rcloneEncryptedClientSecret = "ZP12wYlGw198FtmqfOxyNAGXU3fwVcQdmt--ba1d00wJnUs0LOzvVyXVDbqhbcUqnr5Vd1QejwWmiv1Ep7UJG1kUQeuBP5n9goXWd5MrAf0"
Others opensource applications was not banned, and they dont show this information in their code.
https://github.com/caseymrm/drivesink
They provide a auth service in some external server and dont show that for anyone.
Can i use DriveSink for a Key and Put the Key in rclone?
nope.
result {âerror_descriptionâ:âClient authentication failedâ,âerrorâ:âinvalid_clientâ}
But i think you can use other clients to transfer your data (except if you have encrypted it)
So, for what itâs worth, the idea is that an agent service would be responsible for handling token granting and renewal. This service could be a very simple web server based API that just calls Amazonâs API, using the API ID/secret. For a new user they would be redirected to the amazon login page; for a token renewal then the ârefresh_tokenâ value is passed direct from the client.
As long as that agent doesnât save a copy of the generated tokens that it wonât have permission to access the cloud drive itself. But it does require a level of trust in the agent service:
From a risk perspective I see at least 3 issues:
- The author of the agent service doesnât steal tokens
- The agent service hasnât been compromised (eg web server takeover)
- The web service must be available to renew.
The third issue is a resiliency one and also a cost based one; will @ncw be willing to run this API service for ever and ever, or will it one day be shut down? The continuing use of rclone with ACD will be dependent on the availability of the service.
It does seem to me as if the whole âAPI IDâ concept is directed towards binary delivered applications that can talk direct to Amazon (no exposed secrets in source code) or for supported gateways (and weâve seen how frequently companies have decided to not keep supporting âlegacyâ environments).
This isnât just limited to ACD; Google Cloud Storage works a similar way, as does One Drive. We might, one day, see Google or Microsoft blocking rclone for similarly exposed IDs and secrets 
sigh
1 Like
For gdrive you can get your own secret if you want which might not be a bad idea to do.
Indeed, yes; own API IDs and secrets are the safe bet 
Sorry! It did worked!!!
YOU CANT USE AUTH FROM ANOTHER APP.
First.
Use clouddrive to generate the token.
Second
Manual edit your .conf file and paste in âtokenâ parameter.
[cloudname]
type = amazon cloud drive
client_id =
client_secret =
token = {paste here}
It worked for me.
OBS: Yes⌠thats not really safe. The third party server could record that. But it can work as a temporary solution to tranfer files.
@amunhoz Note that youâll hit an issue when the token comes to be refreshed; rclone doesnât know to hit the clouddrive refresh service to get the new token so will fail (in my tests it causes a panic).
But as long as youâre willing to manually refresh the token entry then, yes, rclone will talk to ACD for a short while.
Agreed⌠So, if anyone need to transfer the files out Amazon, they can use this solution for a whyle.
1 Like
@sweh So, the perfect solution is to have your own key for api.
Do you have any idea how to get it?
Okay thanks ans how Long is one token Active before a refresh is necessary?
This is the information in the token âexpires_inâ:3600, but i dont know if it is minutes or seconds.
If it keep the same token after renew, you can run the original app in paralel to make it renewed as a temporary solution.