+
Skip to content

onedrive: add support for no admin mode #8822

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

onedrive: add support for no admin mode #8822

wants to merge 3 commits into from

Conversation

KyokoMiki
Copy link

What is the purpose of this change?

Support for OneDrive without admin privileges.

The working principle is simple: it adds an option to overwrite the base URL, allowing connection to business OneDrive without admin access.

Manual Credential Acquisition for Business OneDrive

The working principle is simple: it adds an option to overwrite the base URL, allowing connection to business OneDrive without admin access.

Steps to Manually Obtain Credentials

  1. Open your browser and navigate to https://[your-tenant].sharepoint.com/

  2. Open Developer Tools (Press F12) and go to the Network tab

  3. Search for driveAccessToken in the network requests

  4. Extract the following information:

    ".driveUrl": "{tenant_url}/v2.0/drives/{drive_id}",
".driveAccessToken": "access_token={access_token}"

Rclone Configuration Format

type = onedrive
token = {"access_token":"{access_token}","token_type":"Bearer","refresh_token":"","expiry":"2025-12-31T23:59:59Z"}
drive_id = {drive_id}
noadmin = true
tenant_url = {tenant_url}
drive_type = business

Since the exact expiry time cannot be determined from web traffic, set the expiry to a future date.

Was the change discussed in an issue or in the forum before?

https://github.com/nickfox-taterli/rclone
https://www.taterli.com/7187

Checklist

  • I have read the contribution guidelines.
  • I have added tests for all changes in this PR if appropriate.
  • I have added documentation for the changes if appropriate.
  • All commit messages are in house style.
  • I'm done, this Pull Request is ready for review :-)

@nickfox-taterli @KyokoMiki
onedrive: add support for no admin mode
e285b39 
- Add noadmin and tenant_url configuration options
- Support for OneDrive without admin privileges using SharePoint API
- Modify API endpoint routing for IsNoAdmin mode
- Update parseNormalizedID and buildDriveDeltaOpts functions

This integrates the key functionality from nickfox-taterli/rclone
for scenarios where admin access is not available.
@KyokoMiki KyokoMiki marked this pull request as ready for review September 13, 2025 23:46
@ncw
Copy link
Member

ncw commented Sep 15, 2025

Can you explain more why you would need to use this please @KyokoMiki ?

Does it help people with university accounts whose administrators don't allow rclone? So is it a replacement for https://rclone.org/webdav/#sharepoint-online ?

@hiklah
Copy link

hiklah commented Sep 16, 2025

Can you explain more why you would need to use this please @KyokoMiki ?

Does it help people with university accounts whose administrators don't allow rclone? So is it a replacement for https://rclone.org/webdav/#sharepoint-online ?

Microsoft allows every student to create a free school account, but it does not require schools to register an administrator for management. Therefore, for such SharePoint accounts, students cannot use the API to connect to OneDrive via rclone. If the school does not intend to manage the tenant, students cannot authorize API access.

The WebDAV method has become invalid, which means that in the future, it will no longer be possible to connect to OneDrive through rclone.
https://cdm.iamcloud.info/docs/Content/RevertChange.htm

Or update the method of obtaining cookies.
https://forum.rclone.org/t/handle-403-error-due-to-expired-external-cookies-when-using-webdav-with-onedrive-business-sharepoint/49900

ncw
ncw reviewed Sep 17, 2025
View reviewed changes
Copy link
Member

@ncw ncw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This patch looks quite simple and we can simplify it a bit more (see inline).

This probably needs instructions on when and how to use it in the docs though.

I presume that the token will expire after some time as I don't see a refresh token - is this one hour?

backend/onedrive/onedrive.go Outdated
Default: fs.SizeSuffix(-1),
Advanced: true,
}, {
Name: "noadmin",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we really need this flag - we can just use whether tenant_url is empty string or not

Copy link
Author

@KyokoMiki KyokoMiki Sep 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to use only tenant_url in 09e7c55

@KyokoMiki
Copy link
Author

This patch looks quite simple and we can simplify it a bit more (see inline).

This probably needs instructions on when and how to use it in the docs though.

I presume that the token will expire after some time as I don't see a refresh token - is this one hour?

The token expiration and refresh mechanism is currently completely unknown, approximately around one day. Automatic token refresh could be implemented if the specific refresh mechanism is known.

@moetayuko moetayuko mentioned this pull request Sep 20, 2025
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ncw ncw ncw left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@KyokoMiki @ncw @hiklah @nickfox-taterli
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载