I used rclone to access documents in my SharePoint site. I generate a bearer token and use it in rclone.conf. Plus, I leave user and pass blank.
When using simple rclone commands, e.g rclone ls in this case, I got this error
wst:FailedAuthentication: Authentication Failure (AADSTS500127: No authenticated credentials found in request.)
It seems like even the bearer_token is provided, it still requires the user/pass
What is your rclone version (output from rclone version)
rclone v1.51.0
os/arch: linux/amd64
go version: go1.13.7
Which OS you are using and how many bits (eg Windows 7, 64 bit)
Fedora 30, 64 bit
Which cloud storage system are you using? (eg Google Drive)
SharePoint with Webdav
The command you were trying to run (eg rclone copy /tmp remote:tmp)
rclone ls sp:/
A log from the command with the -vv flag (eg output from rclone -vv copy /tmp remote:tmp)
2020/05/06 13:46:54 DEBUG : Using config file from "/home/buidohiep/.config/rclone/rclone.conf"
2020/05/06 13:46:54 Failed to create file system for "aaa:/": wst:FailedAuthentication: Authentication Failure (AADSTS500127: No authenticated credentials found in request.)
I can see this is rclone trying to get the odrive cookie which is a sharepoint special...
The request is done without auth, hence the failure. I can make it use the auth auth, but I think you probably don't need those cookies at all. Can you try this which sets the provider to something else.
This is the result when I try the command rclone lsf sp:/ -vv --dump bodies --low-level-retries 1 --retries 1 --webdav-vendor other:
2020/05/08 16:30:18 DEBUG : rclone: Version "v1.51.0" starting with parameters ["rclone" "lsf" "sp:/" "-vv" "--dump" "bodies" "--low-level-retries" "1" "--retries" "1" "--webdav-vendor" "other"]
2020/05/08 16:30:18 DEBUG : Using config file from "/home/buidohiep/.config/rclone/rclone.conf"
2020/05/08 16:30:18 DEBUG : You have specified to dump information. Please be noted that the Accept-Encoding as shown may not be correct in the request and the response may not show Content-Encoding if the go standard libraries auto gzip encoding was in effect. In this case the body of the request will be gunzipped before showing it.
2020/05/08 16:30:18 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2020/05/08 16:30:18 DEBUG : HTTP REQUEST (req 0xc0002b0600)
2020/05/08 16:30:18 DEBUG : PROPFIND / HTTP/1.1
Host: hiepbuianduin.sharepoint.com
User-Agent: rclone/v1.51.0
Authorization: XXXX
Depth: 1
Referer: https://hiepbuianduin.sharepoint.com/
Accept-Encoding: gzip
2020/05/08 16:30:18 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2020/05/08 16:30:18 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2020/05/08 16:30:18 DEBUG : HTTP RESPONSE (req 0xc0002b0600)
2020/05/08 16:30:18 DEBUG : HTTP/2.0 401 Unauthorized
Content-Length: 16
Content-Type: text/plain; charset=utf-8
Date: Fri, 08 May 2020 09:30:18 GMT
Microsoftsharepointteamservices: 16.0.0.20029
Ms-Cv: n1BcvimwAABFotjVkZhUSg.0
P3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Request-Id: be5c509f-b029-0000-45a2-d8d59198544a
Sprequestguid: be5c509f-b029-0000-45a2-d8d59198544a
Www-Authenticate: Bearer realm="88756440-3d37-4db6-b3da-9a81e855f2ab",client_id="00000003-0000-0ff1-ce00-000000000000",trusted_issuers="00000001-0000-0000-c000-000000000000@*,D3776938-3DBA-481F-A652-4BEDFCAB7CD8@*,https://sts.windows.net/*/,00000003-0000-0ff1-ce00-000000000000@90140122-8516-11e1-8eff-49304924019b",authorization_uri="https://login.windows.net/common/oauth2/authorize"
X-Content-Type-Options: nosniff
X-Ms-Invokeapp: 1; RequireReadOnly
X-Ms-Suspended-Features: features=""
X-Msedge-Ref: Ref A: 29506667F37F4A0CA7269F6F90CCD1DE Ref B: HK2EDGE0710 Ref C: 2020-05-08T09:30:18Z
X-Powered-By: ASP.NET
X-Sharepointhealthscore: 1
401 UNAUTHORIZED
2020/05/08 16:30:18 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2020/05/08 16:30:18 ERROR : : error listing: couldn't list files: 401 UNAUTHORIZED: 401 Unauthorized
2020/05/08 16:30:18 Failed to lsf with 2 errors: last error was: error in ListJSON: couldn't list files: 401 UNAUTHORIZED: 401 Unauthorized
It is passing the bearer token in Authorization: XXXX but still no auth.
You can use --dump bodies,auth if you want to check the Authorization header looks correct (but don't post it here!).
I looked at the cookie code and it is expecting a username and password to pass to a login api so I don't think that will work changing that to use a bearer token.
Can you use the bearer token with anything else so we know it is working? Maybe with curl?
How did you make the bearer token - can you point me at some docs?
You can use --dump bodies,auth if you want to check the Authorization header looks correct (but don't post it here!).
Right, I can see the whole token is there.
Can you use the bearer token with anything else so we know it is working? Maybe with curl ?
How did you make the bearer token - can you point me at some docs?
I follow the guideline from this medium post https://medium.com/@anoopt/accessing-sharepoint-data-using-postman-sharepoint-rest-api-76b70630bcbf. I followed the post to create the bearer token and try with some file folder api https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/working-with-folders-and-files-with-rest using Postman and it worked.
P/S: The forum keep saying that I am not able to include links in my post, so I have to put them in the ``
Sorry that was just my little joke! I made a prediction as to what would happen with the listed options and it wasn't any of them
Ah, those docs seem to show the token is for the sharepoint API not for the webdav interface.
Can I ask why you are trying to use a bearer token? You should be able to use sharepoint either with the onedrive backend or with the webdav backend + the sharepoint vendor - it shouldn't need any special configuration.
Ah, those docs seem to show the token is for the sharepoint API not for the webdav interface.
Well, that may be true, but I couldn't find any resource or topic talking about this, seems like no hope for me
Can I ask why you are trying to use a bearer token? You should be able to use sharepoint either with the onedrive backend or with the webdav backend + the sharepoint vendor - it shouldn't need any special configuration.
I choose bearer_token as using it is considered as safer choice compared to using plain username/password. I tried using OneDrive backend but OneDrive for business couldn't recognize the Shared drive but only can get My File drive, which means it can't access the Sharepoint site documents.