Rclone using Student Onedrive

I am trying to connect to Rclone using my student onedrive. I found a solution specifically for cases where the Onedrive API cannot be accessed and you have to use WebDAV but when I tried this, I get an authentication error. I am using Rclone version 1.62.2 if that's relevant.

The command I used:

C:\rclone\rclone mount --log-file=C:\rclone\logs\rclone-mount.log  -vv --dump bodies --user-agent=onedriveuser onedrivewebdav: C:\rclone\cloud

My config:

[onedrivewebdav]
type = webdav
url = https://***REDACTED***-my.sharepoint.com/personal/***REDACTED***/Documents
vendor = sharepoint
user = ***REDACTED***
pass = ***REDACTED***

My log:

2023/06/05 14:57:30 Can't set -v and --log-level
2023/06/05 14:57:46 DEBUG : rclone: Version "v1.62.2" starting with parameters ["C:\\rclone\\rclone" "mount" "--log-file=C:\\rclone\\logs\\rclone-mount.log" "-vv" "--dump" "bodies" "--user-agent=onedriveuser" "onedrivewebdav:" "C:\\rclone\\cloud"]
2023/06/05 14:57:46 DEBUG : Creating backend with remote "onedrivewebdav:"
2023/06/05 14:57:46 DEBUG : Using config file from "C:\\rclone\\rclone.conf"
2023/06/05 14:57:46 DEBUG : found headers: 
2023/06/05 14:57:46 DEBUG : You have specified to dump information. Please be noted that the Accept-Encoding as shown may not be correct in the request and the response may not show Content-Encoding if the go standard libraries auto gzip encoding was in effect. In this case the body of the request will be gunzipped before showing it.
2023/06/05 14:57:46 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2023/06/05 14:57:46 DEBUG : HTTP REQUEST (req 0xc000b5c500)
2023/06/05 14:57:46 DEBUG : POST /extSTS.srf HTTP/1.1
Host: login.microsoftonline.com
User-Agent: onedriveuser
Content-Length: 1357
Accept-Encoding: gzip

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
<o:Security s:mustUnderstand="1"
 xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken>
  <o:Username>***REDACTED***</o:Username>
  <o:Password>***REDACTED***</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
  <a:EndpointReference>
    <a:Address>https://***REDACTED***-my.sharepoint.com/personal/***REDACTED***/Documents/</a:Address>
  </a:EndpointReference>
</wsp:AppliesTo>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
2023/06/05 14:57:46 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2023/06/05 14:57:46 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2023/06/05 14:57:46 DEBUG : HTTP RESPONSE (req 0xc000b5c500)
2023/06/05 14:57:46 DEBUG : HTTP/1.1 200 OK
Content-Length: 1485
Cache-Control: no-store, no-cache
Content-Type: application/soap+xml; charset=utf-8
Date: Mon, 05 Jun 2023 12:57:46 GMT
Expires: -1
P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma: no-cache
Set-Cookie: fpc=Ak8ESiLmEK1PkeosGkuEWaDZoWiCAQAAAMrSD9wOAAAA; expires=Wed, 05-Jul-2023 12:57:46 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Ms-Ests-Server: 2.1.15427.11 - NEULR1 ProdSlices
X-Ms-Request-Id: e65d916a-21e2-4af4-8b0a-83fee4b41800
X-Xss-Protection: 0

<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Header><psf:pp xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:serverVersion>1</psf:serverVersion><psf:authstate>0x80048800</psf:authstate><psf:reqstatus>0x80048823</psf:reqstatus><psf:serverInfo ServerTime="2023-06-05T12:57:46.6394484Z">ESTS-PUB-NEULR1-AZ3-FD095-001.ProdSlices rid:e65d916a-21e2-4af4-8b0a-83fee4b41800</psf:serverInfo></psf:pp></S:Header><S:Body xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Fault><S:Code><S:Value>S:Sender</S:Value><S:Subcode><S:Value>wst:FailedAuthentication</S:Value></S:Subcode></S:Code><S:Reason><S:Text xml:lang="en-US">Authentication Failure</S:Text></S:Reason><S:Detail><psf:error xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:value>0x80048823</psf:value><psf:internalerror><psf:code>0x80048823</psf:code><psf:text>AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.</psf:text></psf:internalerror></psf:error></S:Detail></S:Fault></S:Body></S:Envelope>
2023/06/05 14:57:46 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2023/06/05 14:57:46 Failed to create file system for "onedrivewebdav:": wst:FailedAuthentication: Authentication Failure (AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.)

Anyone knows if there's any other solution to access the Onedrive using Rclone?

Could you run:

rclone lsd onedrivewebdav: -vv

and post output? I would like to see if problem is with webdav access or your mount command.

This is the output I got:

C:\rclone>rclone lsd onedrivewebdav: -vv
2023/06/05 19:03:45 DEBUG : rclone: Version "v1.62.2" starting with parameters ["rclone" "lsd" "onedrivewebdav:" "-vv"]
2023/06/05 19:03:45 DEBUG : Creating backend with remote "onedrivewebdav:"
2023/06/05 19:03:45 DEBUG : Using config file from "C:\\rclone\\rclone.conf"
2023/06/05 19:03:45 DEBUG : found headers:
2023/06/05 19:03:45 Failed to create file system for "onedrivewebdav:": wst:FailedAuthentication: Authentication Failure (AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.)

OK. So problem is with remote itself. Let's see maybe others have some clever ideas.

I'm afraid not..

It looks like the authentication worked OK but it failed getting the token

I think this implies your sysadmin has blocked this working.

So I guess there is no alternative way?

It is explicitly blocked by whoever administers your account.

It is always worth trying to write an email to your admin explaining why you need it etc. Make your case. Maybe they can unlock it for you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.