Rclone insufficient authentication Google Photos

What is the problem you are having with rclone?

I am a complete nube to this - but I actually had it working a week ago. I am attempting to use rclone to sync a google photo album with my raspberry pi 5.
I've done research - and see where a common issue is clicking the checkbox on the website during the config process. When the config goes to the browser, there is no checkbox to select. I really hope this is a stupid slap my forehead type issue.

Run the command 'rclone version' and share the full output of the command.

rclone v1.69.1

• os/version: raspbian 12.10 (64 bit)
• os/kernel: 6.12.20+rpt-rpi-2712 (aarch64)
• os/type: linux
• os/arch: arm (ARMv7 compatible)
• go/version: go1.24.0
• go/linking: static
• go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Google Photos

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone ls framephotos:album/

Please run 'rclone config redacted' and share the full output. If you get command not found, please make sure to update rclone.

[framephotos]
type = google photos
scope = drive.readonly
token = XXX

[googlephotos]
type = google photos
scope = drive.readonly
token = XXX

A log from the command that you were trying to run with the -vv flag

2025/04/18 11:48:34 DEBUG : rclone: Version "v1.69.1" starting with parameters ["rclone" "ls" "framephotos:album/" "-vv"]
2025/04/18 11:48:34 DEBUG : Creating backend with remote "framephotos:album/"
2025/04/18 11:48:34 DEBUG : Using config file from "/home/xxxxxxxxx/.config/rclone/rclone.conf"
2025/04/18 11:48:34 DEBUG : fs cache: renaming cache item "framephotos:album/" to be canonical "framephotos:album"
2025/04/18 11:48:35 ERROR : : error listing: couldn't list albums: Request had insufficient authentication scopes. (403 PERMISSION_DENIED)
2025/04/18 11:48:35 DEBUG : 6 go routines active
2025/04/18 11:48:35 INFO  : Google Photos path "album": Committing uploads - please wait...
2025/04/18 11:48:35 NOTICE: Failed to ls with 2 errors: last error was: couldn't list albums: Request had insufficient authentication scopes. (403 PERMISSION_DENIED)

welcome to the forum,

afiak, there is no checkbox. no checkbox is mentioned in the rclone docs.
i have never seen a checkbox when creating a gphotos remote.

Correct. There is no checkbox. Apparently there used to be - back in time.

well, then why mention the checkbox?

fwiw, just created a new gphotos remote, took about one minute, works fine.

I've done that as well. The framephotos is a new remote - still not working

again, just now, i just created yet another new gphotos remote, works fine.

rclone ls gphotos02:album -vv
2025/04/18 12:17:11 DEBUG : rclone: Version "v1.69.1" starting with parameters ["rclone" "ls" "gphotos02:album" "-vv"]
2025/04/18 12:17:11 DEBUG : Creating backend with remote "gphotos02:album"
2025/04/18 12:17:11 DEBUG : Using config file from "d:\\data\\rclone\\rclone.conf"
<redacted>

Okay....??? thanks for the update. obviously something is different - I'm just not sure where to look. Do you have any suggestions for me?

now, create a new remote, rclone config -vv and post the full output.

2025/04/18 12:22:32 DEBUG : rclone: Version "v1.69.1" starting with parameters ["rclone" "config" "-vv"]
2025/04/18 12:22:32 DEBUG : Using config file from "/home/toalsonpie/.config/rclone/rclone.conf"
Current remotes:

Name Type
==== ====
framephotos google photos
googlephotos google photos

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> n

Enter name for new remote.
name> notworking

Option Storage.
Type of storage to configure.
Choose a number from below, or type in your own value.
1 / 1Fichier
\ (fichier)
2 / Akamai NetStorage
\ (netstorage)
3 / Alias for an existing remote
\ (alias)
4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, ArvanCloud, Ceph, ChinaMobile, Cloudflare, DigitalOcean, Dreamhost, GCS, HuaweiOBS, IBMCOS, IDrive, IONOS, LyveCloud, Leviia, Liara, Linode, Magalu, Minio, Netease, Outscale, Petabox, RackCorp, Rclone, Scaleway, SeaweedFS, Selectel, StackPath, Storj, Synology, TencentCOS, Wasabi, Qiniu and others
\ (s3)
5 / Backblaze B2
\ (b2)
6 / Better checksums for other remotes
\ (hasher)
7 / Box
\ (box)
8 / Cache a remote
\ (cache)
9 / Citrix Sharefile
\ (sharefile)
10 / Cloudinary
\ (cloudinary)
11 / Combine several remotes into one
\ (combine)
12 / Compress a remote
\ (compress)
13 / Dropbox
\ (dropbox)
14 / Encrypt/Decrypt a remote
\ (crypt)
15 / Enterprise File Fabric
\ (filefabric)
16 / FTP
\ (ftp)
17 / Files.com
\ (filescom)
18 / Gofile
\ (gofile)
19 / Google Cloud Storage (this is not Google Drive)
\ (google cloud storage)
20 / Google Drive
\ (drive)
21 / Google Photos
\ (google photos)
22 / HTTP
\ (http)
23 / Hadoop distributed file system
\ (hdfs)
24 / HiDrive
\ (hidrive)
25 / ImageKit.io
\ (imagekit)
26 / In memory object storage system.
\ (memory)
27 / Internet Archive
\ (internetarchive)
28 / Jottacloud
\ (jottacloud)
29 / Koofr, Digi Storage and other Koofr-compatible storage providers
\ (koofr)
30 / Linkbox
\ (linkbox)
31 / Local Disk
\ (local)
32 / Mail.ru Cloud
\ (mailru)
33 / Mega
\ (mega)
34 / Microsoft Azure Blob Storage
\ (azureblob)
35 / Microsoft Azure Files
\ (azurefiles)
36 / Microsoft OneDrive
\ (onedrive)
37 / OpenDrive
\ (opendrive)
38 / OpenStack Swift (Rackspace Cloud Files, Blomp Cloud Storage, Memset Memstore, OVH)
\ (swift)
39 / Oracle Cloud Infrastructure Object Storage
\ (oracleobjectstorage)
40 / Pcloud
\ (pcloud)
41 / PikPak
\ (pikpak)
42 / Pixeldrain Filesystem
\ (pixeldrain)
43 / Proton Drive
\ (protondrive)
44 / Put.io
\ (putio)
45 / QingCloud Object Storage
\ (qingstor)
46 / Quatrix by Maytech
\ (quatrix)
47 / SMB / CIFS
\ (smb)
48 / SSH/SFTP
\ (sftp)
49 / Sia Decentralized Cloud
\ (sia)
50 / Storj Decentralized Cloud Storage
\ (storj)
51 / Sugarsync
\ (sugarsync)
52 / Transparently chunk/split large files
\ (chunker)
53 / Uloz.to
\ (ulozto)
54 / Union merges the contents of several upstream fs
\ (union)
55 / Uptobox
\ (uptobox)
56 / WebDAV
\ (webdav)
57 / Yandex Disk
\ (yandex)
58 / Zoho
\ (zoho)
59 / iCloud Drive
\ (iclouddrive)
60 / premiumize.me
\ (premiumizeme)
61 / seafile
\ (seafile)
Storage> 21

2025/04/18 12:22:52 DEBUG : notworking: config in: state="*all", result=""
2025/04/18 12:22:52 DEBUG : notworking: config out: out=&{State:*all-set,0,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:22:52 DEBUG : notworking: config: reading config parameter "client_id"
Option client_id.
OAuth Client Id.
Leave blank normally.
Enter a value. Press Enter to leave empty.
client_id>

2025/04/18 12:23:31 DEBUG : notworking: config in: state="*all-set,0,false", result=""
2025/04/18 12:23:31 DEBUG : notworking: config out: out=&{State:*all,1,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:23:31 DEBUG : notworking: config in: state="*all,1,false", result=""
2025/04/18 12:23:31 DEBUG : notworking: config out: out=&{State:*all-set,1,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:23:31 DEBUG : notworking: config: reading config parameter "client_secret"
Option client_secret.
OAuth Client Secret.
Leave blank normally.
Enter a value. Press Enter to leave empty.
client_secret>

2025/04/18 12:23:34 DEBUG : notworking: config in: state="*all-set,1,false", result=""
2025/04/18 12:23:34 DEBUG : notworking: config out: out=&{State:*all,2,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:23:34 DEBUG : notworking: config in: state="*all,2,false", result=""
2025/04/18 12:23:34 DEBUG : notworking: config out: out=&{State:*all,3,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:23:34 DEBUG : notworking: config in: state="*all,3,false", result=""
2025/04/18 12:23:34 DEBUG : notworking: config out: out=&{State:*all,4,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:23:34 DEBUG : notworking: config in: state="*all,4,false", result=""
2025/04/18 12:23:34 DEBUG : notworking: config out: out=&{State:*all,5,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:23:34 DEBUG : notworking: config in: state="*all,5,false", result=""
2025/04/18 12:23:34 DEBUG : notworking: config out: out=&{State:*all,6,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:23:34 DEBUG : notworking: config in: state="*all,6,false", result=""
2025/04/18 12:23:34 DEBUG : notworking: config out: out=&{State:*all-set,6,false Option:false OAuth: Error: Result:}, err=
2025/04/18 12:23:34 DEBUG : notworking: config: reading config parameter "read_only"
Option read_only.
Set to make the Google Photos backend read only.
If you choose read only then rclone will only request read only access
to your photos, otherwise rclone will request full access.
Enter a boolean value (true or false). Press Enter for the default (false).
read_only> true

2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all-set,6,false", result="true"
2025/04/18 12:24:13 DEBUG : Saving config "read_only" in section "notworking" of the config file
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,7,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,7,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,8,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,8,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,9,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,9,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,10,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,10,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,11,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,11,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,12,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,12,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,13,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,13,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,14,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,14,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,15,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,15,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,16,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,16,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all,17,false Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config in: state="*all,17,false", result=""
2025/04/18 12:24:13 DEBUG : notworking: config out: out=&{State:*all-advanced Option:false OAuth: Error: Result:}, err=
2025/04/18 12:24:13 DEBUG : notworking: config: reading config parameter "config_fs_advanced"
Edit advanced config?
y) Yes
n) No (default)
y/n> n

2025/04/18 12:24:20 DEBUG : notworking: config in: state="*all-advanced", result="false"
2025/04/18 12:24:20 DEBUG : notworking: config out: out=&{State:*postconfig Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:20 DEBUG : notworking: config in: state="*postconfig", result=""
2025/04/18 12:24:20 DEBUG : notworking: config in: state="", result=""
2025/04/18 12:24:20 DEBUG : notworking: config out: out=&{State:*oauth,warning,, Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:20 DEBUG : notworking: config out: out=&{State:*oauth,warning,, Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:20 DEBUG : notworking: config in: state="*oauth,warning,,", result=""
2025/04/18 12:24:20 DEBUG : notworking: config out: out=&{State:*oauth-confirm,warning,, Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:20 DEBUG : notworking: config in: state="*oauth-confirm,warning,,", result=""
2025/04/18 12:24:20 DEBUG : notworking: config out: out=&{State:*oauth-islocal,warning,, Option:true OAuth: Error: Result:}, err=
2025/04/18 12:24:20 DEBUG : notworking: config: reading config parameter "config_is_local"
Use web browser to automatically authenticate rclone with remote?

• Say Y if the machine running rclone has a web browser you can use
• Say N if running rclone on a (remote) machine without web browser access
  If not sure try Y. If Y failed, try N.

y) Yes (default)
n) No
y/n> y

2025/04/18 12:24:25 DEBUG : notworking: config in: state="*oauth-islocal,warning,,", result="true"
2025/04/18 12:24:25 DEBUG : notworking: config out: out=&{State:*oauth-do,warning,, Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:25 DEBUG : notworking: config in: state="*oauth-do,warning,,", result=""
2025/04/18 12:24:25 NOTICE: Make sure your Redirect URL is set to "http://127.0.0.1:53682/" in your custom config.
2025/04/18 12:24:25 DEBUG : Starting auth server on 127.0.0.1:53682
2025/04/18 12:24:25 NOTICE: If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=JwKo52vO-OG_FGJQS7SuTQ
2025/04/18 12:24:25 NOTICE: Log in and authorize rclone for access
2025/04/18 12:24:25 NOTICE: Waiting for code...
2025/04/18 12:24:25 DEBUG : Redirecting browser to: Anmelden – Google Konten
2025/04/18 12:24:31 DEBUG : Received GET request on auth server to "/"
2025/04/18 12:24:31 NOTICE: Got code
2025/04/18 12:24:31 DEBUG : Closing auth server
2025/04/18 12:24:31 DEBUG : Closed auth server with error: accept tcp 127.0.0.1:53682: use of closed network connection
2025/04/18 12:24:31 DEBUG : Saving config "token" in section "notworking" of the config file
2025/04/18 12:24:31 DEBUG : notworking: Saved new token in config file
2025/04/18 12:24:31 DEBUG : notworking: config out: out=&{State:*oauth-done,warning,, Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:31 DEBUG : notworking: config in: state="*oauth-done,warning,,", result=""
2025/04/18 12:24:31 DEBUG : notworking: config out: out=&{State:warning Option: OAuth: Error: Result:}, err=
2025/04/18 12:24:31 DEBUG : notworking: config in: state="warning", result=""
2025/04/18 12:24:31 DEBUG : notworking: config out: out=&{State:warning_done Option:true OAuth: Error: Result:}, err=
2025/04/18 12:24:31 DEBUG : notworking: config: reading config parameter "config_warning"
Warning

IMPORTANT: All media items uploaded to Google Photos with rclone
are stored in full resolution at original quality. These uploads
will count towards storage in your Google Account.
y) Yes (default)
n) No
y/n> y

2025/04/18 12:25:10 DEBUG : notworking: config in: state="warning_done", result="true"
2025/04/18 12:25:10 DEBUG : notworking: config out: out=, err=
Configuration complete.
Options:

• type: google photos
• read_only: true
• token: {"access_token":"ya29.xxxx-04:00"}
  Keep this "notworking" remote?
  y) Yes this is OK (default)
  e) Edit this remote
  d) Delete this remote
  y/e/d> y

Current remotes:

Name Type
==== ====
framephotos google photos
googlephotos google photos
notworking google photos

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
2025/04/18 12:25:17 DEBUG : rclone: Version "v1.69.1" finishing with parameters ["rclone" "config" "-vv"]

Hmmmmm....... is this something? 'closed auth server with error'
2025/04/18 12:24:31 DEBUG : Received GET request on auth server to "/"
2025/04/18 12:24:31 NOTICE: Got code
2025/04/18 12:24:31 DEBUG : Closing auth server
2025/04/18 12:24:31 DEBUG : Closed auth server with error: accept tcp 127.0.0.1:53682: use of closed network connection
2025/04/18 12:24:31 DEBUG : Saving config "token" in section "notworking" of the config file

as a test, run rclone config on another machine and see what happens.

I do not have another machine. I have my corp laptop which is locked down.

could be the pi firewall or other such software is creating a problem.

i create remotes using my android phone...

try creating a new remote without that flag.

Has that rclone thing that lets it download it using full resolution merged into any rclone version already?

Otherwise don't use the google photos remote, it will download bad photos

Look into this

Same problem here. Worked fine for a few months, but now I'm getting that 403 error for every command.

Tried adding the remote again and it doesn't work.

rclone Google Photos functionality is pretty much over due to changes made by Google.