Sure you can. Not wise, but you can.
???
You are confusing “code” and “datas”. Something like ACD client ID / token is of course more related to “datas” than “code”.
Open source code may of course perfectly use additionnal datas, either embedded in the code (like it is currently), either provided at run time (like user credentials) or at runtime.
Great News ! I love the app…
So why can’t the binary just look for a file containing the key(s) on startup? Don’t commit any key at all to the repo, and include documentation on creating your own keyfile.
Thats the thing for Amazon you cant create your own key.
I guess this is when it comes handy to have all files synced to 2 places. I do hope ACD will be back up soon. I don’t like the idea of having my files on only one cloud provider for exactly this reason.
I don’t know if this is relevant or no, but after paying those 60 dollars in April, 2017, my uploads were paused because I’m “out of storage” after only 1,9TB of data…
Does anybody got this type of “ban” too?
can change to raid 0
Can it be because this information in the code?
rcloneClientID = "amzn1.application-oa2-client.6bf18d2d1f5b485c94c8988bb03ad0e7"
rcloneEncryptedClientSecret = "ZP12wYlGw198FtmqfOxyNAGXU3fwVcQdmt--ba1d00wJnUs0LOzvVyXVDbqhbcUqnr5Vd1QejwWmiv1Ep7UJG1kUQeuBP5n9goXWd5MrAf0"
Others opensource applications was not banned, and they dont show this information in their code.
https://github.com/caseymrm/drivesink
They provide a auth service in some external server and dont show that for anyone.
Can i use DriveSink for a Key and Put the Key in rclone?
nope.
result {“error_description”:“Client authentication failed”,“error”:“invalid_client”}
But i think you can use other clients to transfer your data (except if you have encrypted it)
So, for what it’s worth, the idea is that an agent service would be responsible for handling token granting and renewal. This service could be a very simple web server based API that just calls Amazon’s API, using the API ID/secret. For a new user they would be redirected to the amazon login page; for a token renewal then the “refresh_token” value is passed direct from the client.
As long as that agent doesn’t save a copy of the generated tokens that it won’t have permission to access the cloud drive itself. But it does require a level of trust in the agent service:
From a risk perspective I see at least 3 issues:
- The author of the agent service doesn’t steal tokens
- The agent service hasn’t been compromised (eg web server takeover)
- The web service must be available to renew.
The third issue is a resiliency one and also a cost based one; will @ncw be willing to run this API service for ever and ever, or will it one day be shut down? The continuing use of rclone with ACD will be dependent on the availability of the service.
It does seem to me as if the whole “API ID” concept is directed towards binary delivered applications that can talk direct to Amazon (no exposed secrets in source code) or for supported gateways (and we’ve seen how frequently companies have decided to not keep supporting “legacy” environments).
This isn’t just limited to ACD; Google Cloud Storage works a similar way, as does One Drive. We might, one day, see Google or Microsoft blocking rclone for similarly exposed IDs and secrets 
sigh
1 Like
For gdrive you can get your own secret if you want which might not be a bad idea to do.
Indeed, yes; own API IDs and secrets are the safe bet 
Sorry! It did worked!!!
YOU CANT USE AUTH FROM ANOTHER APP.
First.
Use clouddrive to generate the token.
Second
Manual edit your .conf file and paste in “token” parameter.
[cloudname]
type = amazon cloud drive
client_id =
client_secret =
token = {paste here}
It worked for me.
OBS: Yes… thats not really safe. The third party server could record that. But it can work as a temporary solution to tranfer files.
@amunhoz Note that you’ll hit an issue when the token comes to be refreshed; rclone doesn’t know to hit the clouddrive refresh service to get the new token so will fail (in my tests it causes a panic).
But as long as you’re willing to manually refresh the token entry then, yes, rclone will talk to ACD for a short while.
Agreed… So, if anyone need to transfer the files out Amazon, they can use this solution for a whyle.
1 Like
Okay thanks ans how Long is one token Active before a refresh is necessary?
This is the information in the token “expires_in”:3600, but i dont know if it is minutes or seconds.
If it keep the same token after renew, you can run the original app in paralel to make it renewed as a temporary solution.