onedrive: Support for OneDrive for Business added #1577
Conversation
olihey
commented
Aug 3, 2017
olihey
commented
- 2 test fail (MimeType and modification date when copying)
- no headless setup
- uses the credentials for the "rclonetest" app I have created
- 2 test fail (MimeType and modification date when copying) - no headless setup - uses the credentials for the "rclonetest" app I have created
|
Thanks for submitting this. I'll hopefully have time to test and review it tomorrow. |
docs/content/onedrive.md
Outdated
| After that rclone requires two authentications. First to authenicate your account | ||
| and second to get the final token to access your companies resources. | ||
|
|
||
| Headless authentication is not working at the moment. |
There was a problem hiding this comment.
You should probably change this to "Headless authentication is not working at the moment with rclone authorize - you'll have to use the copy the config file method".
| @@ -142,10 +165,6 @@ is 10MB. | |||
| Note that OneDrive is case insensitive so you can't have a | |||
| file called "Hello.doc" and one called "hello.doc". | |||
|
|
|||
| Rclone only supports your default OneDrive, and doesn't work with One | |||
There was a problem hiding this comment.
Does this allow access to the non default OneDrive? If not then then this needs amending slightly.
|
The two authentications is a little confusing! Perhaps we should tell the user that we will auth twice (via some Print statements).
I ran the integration tests, but I'm getting a completely different error on copy - it does the test then I get an unauthorized on the redirect. Use I then got a 500 error! I've had trouble with copy being unreliable on non business... The MimeType test passes for me though!
That probably needs documenting.
Does the user have to create new credentials for each onedrive for business account? That was what I understood when I read the docs, but I may have been confused about that. If so we need to document that process. What would you recommend about the onedrive credentials? |
|
Hej, sorry for not responding but I am busy with work ;) Regarding the second authentication, onedrivecmd actually does the second one silently but as I wrote sometime ago I haven't found a way to update the token using rclone. When the second auth can be done "silently" we could also offer the headless authentication. |
Perfectly understood!
I'm not sure I would bother. Copy seems to be unreliable on onedrive :-(
Tell me what you need to do and I'll see if the oauth library can be co-erced into doing it! |
|
To avoid the second auth via WebBrowser we can also do a POST to https://login.microsoftonline.com/common/oauth2/token with the resource we got from the service API and get the new access_token back. Doing the POST and getting the data is not the problem, but how do I update the access token for the Fs that's been set during the initial auth? The getToken and putToken from oauthutil.go aren't exported? |
|
Apologies for the delay in responding, I've been on vacation.
If you need them, then make them exported so rename them to GetToken and PutToken. I generally make stuff unexported by default until it is needed elsewhere to minimise the API surface. |
# Conflicts: # onedrive/onedrive.go
|
Finally got some time to look into this PR. I made the GetToken/PutToken exported in my branch and do a direct call to the TokenURL to get the refresh token for the OneDrive resource for the user. Working fine. One last issue I have is doing "headless" authorization. The issue is that I use GetToken and in headless the token is not saved into the config file. |
A little untidy ;-) Can you factor GetToken into two to avoid this? If not just get it working and I'll have a think about how to make it less untidy! |
|
Found a better way to solve this problem: PR is fixed, please review |
|
Built this version and am able to see my OneDrive Business account as Admin, but as a non-admin user I'm getting this error
|
|
@zenjabba Thanks for the testing, really appreciated. @ncw We should also think about the client_id/client_secret because currently this uses a test app "rclonetest" I registered at Azure. From what I have heard you don't need to be a paying customer at Azure to create one yourself. I can send you screenshots of my setup in the Azure console. |
|
@olihey I tried following the new procedure to create an app ID and it led me to the page where I created the existing rclone onedrive app id. Will that work with onedrive for business now do you think? If not please send a screenshot, thanks! |
|
Here are the screenshots: https://drive.google.com/open?id=0B4DtcHPk696Ndy03V2pYNGR6Skk |
|
Success, non-admin user able to use application. |
|
@olihey thanks for the screenshots - we need something like this in the docs I think as every user will have to do this. I need help with registering a new app id though - I think I need to create a converged app: https://apps.dev.microsoft.com/#/appList - in particular what do I add in the Microsoft Graph Permissions section?
|
|
I don't think users has to setup this themselves as @zenjabba was able to access his OneDrive Business account with my rclonetest app. |
|
Just a performance update, we are seeing 8Mb/s as the best performance upload so far. No sure if it's code problem or rate limit on onedrive business. |
|
I did whitelist the app, but honestly I don't think it mattered.
…Sent from my iPad
On Sep 7, 2017, at 11:24 AM, Oliver Heyme ***@***.***> wrote:
I don't think users has to setup this themselves as @zenjabba was able to access his OneDrive Business account with my rclonetest app.
I am trying to re-create the steps to create such an app on Azure and provide you with a guide.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
I just tried to re-create the setup with a non-paying Microsoft account and I could not. That means either someone with an Office365 subscription "sponsors" an client_id/secret or each user has to setup the app in azure by themselves. Basically I would be willing to share my client_id/secret 😄 Not sure what's the worst that can happen!?!? |
|
Offered @ncw a free Office 365 business account so he can control it all. |
|
great job, just wanted to say have been testing it with bwlimit=85M which seems to limit it to 8.5 MB/s. seems to be a bug |
|
@zenjabba thank you for the account - most helpful. Can you email me at nick@craig-wood.com so I have your email details too? I succesfully attached @olihey 's client id to the storage which was good - the registration process works very well now :-) I failed in making an rclone app in the account from @zenjabba though - I couldn't figure out which permissions to add (see my comment) and I couldn't figure out how to get to the screenshot in your comment! Maybe what I should do is merge the code as it is then sort that stuff out later if necessary? @olihey wrote
Not a lot! It is really only a way of identifying a client - all the access to data etc requires the user to login. |
|
@l3uddz wrote
bwlimit 85M is 85 MBytes/s, if you want Mbit/s then divide by 8 or 10. Rclone reports its usage in MByte/s normally too. |
|
@ncw Im aware, just saying that with bwlimit=85M it throttles it to 8.5 MBytes, instead of the expected 85 MBytes/s. |
|
@ncw Feel free to merge this with my client_id/secret for now |
|
I can confirm this is running at full speed with --onedrive-chunk-size=30M if you dont have this, you run into API limits and it slows you down. |
|
@ncw There are the permissions that a converged app needs. |
|
Hey. The situation I am facing is, Problem is, I am only a student of the Uni, apparently, I do not have the access to the admin account. But besides, when I check the Site Permission, it shows only my account without the others, and I have the full control of the site. I tried to use Office Admin, but this requests me own the Domain: sheffield.ac.uk; again, you can tell this is a University URL which doesn't belong to me... Hence, is there any solution that I can bypass the admin requirement? P.S. it seems like no one is admin this site though, I believe it's more likely Microsoft mis-understands my account? |
|
Also, if I look at the result from the registration it returns error AADSTS65005 which might indicate that there is something wrong with the permissions in Azure for the rclone app we use the credentials. You can try either creating your own app (clientID / client secret) on azure or try out if onedrivecmd works for you. |
|
Sharepoint Online Plan 1 EDU works with rclone.
… On 17 Oct 2017, at 12:49 pm, Oliver Heyme ***@***.***> wrote:
<https://user-images.githubusercontent.com/372454/31675262-65b58fcc-b364-11e7-8d1a-7fffc7fe6908.png>
As you can see, the premissions don't require Admin.
But looking at your plan, it does not include "Office 365 Sharepoint Online" because that's the API (Permission) rclone uses to access the files.
<https://user-images.githubusercontent.com/372454/31675308-81936e9e-b364-11e7-995e-48c615e48e27.png>
Also, if I look at the result from the registration it returns error AADSTS65005 <https://support.microsoft.com/en-us/help/3124219/-aadsts65005-error-when-you-try-to-sign-in-to-microsoft-cloud-services> which might indicate that there is something wrong with the permissions in Azure for the rclone app we use the credentials.
As I am not a Azure pro so there might be a setting we have forgotten.
You can try either creating your own app (clientID / client secret) on azure or try out if onedrivecmd <https://github.com/cnbeining/onedrivecmd> works for you.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#1577 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AApfuLsroimCB-wJy2Rj9mh_XJJglVGuks5stNqggaJpZM4Os7B4>.
|
|
If I decode the URL I get: Please be aware that an organziation can control the access to the data which can prevent you from using rclone. One of the companies I work for only allows access to OneDrive Business from enrolled PCs and approved applications. No dice to use rclone there. Try onedrivecmd and see if that works |
|
@olihey (P.S. Actually I saw comments on OneDriveCMD said rclone is better; hence, I am here xD) |
|
@Grand-Grand |
|
@Grand-Grand PS:Yeah :) |
|
@putiyeb |
|
@Grand-Grand I actually got the same error for my university. I contacted them and they said that the validation would require them to manage password resets and other stuff by themselves, which is why they don't plan to validate the domain. |
|
@hensur can you flesh this out in a new issue on github please? |
|
@hensur @Grand-Grand @ncw |
|
@putiyeb @Grand-Grand I just created issue #1975 for this, as requested by @ncw |
