Closed dabassett closed 5 years ago
Yeah, that's the limitation of the project, because I need this permission to download, remove, rename and deal with the files. If you are not so comfortable with this, just fork the project and put your credentials there, that's the better solution in this case.
Hello @dabassett, how are you doing??
I've changed some things on the project and now you can use your own domain to authenticate and do everything. Just change the config file with your own credentials, and done.
I will create one tutorial how to do this after.
Derrix
As seen in https://github.com/gzxu/onedrive-sync-client/blob/master/onedrive/sdk.py#L76-L85 (and the called code) this service sets the redirect_uri to https://login.microsoftonline.com/common/oauth2/nativeclient
, so this could be avoided?
Hmm, maybe. I remember that I spend long hours reading Microsoft documentation and each documentation says to do something different. I will try to use this native client as the redirect and if I can do this, would be amazing.
Yup - I know other libraries actually serve a basic webserver too and parse the code instead, this also removes the reliance.
The redirect url is defined when you create a project on graph. I tried to change the url and I got this error:
Sign in
Sorry, but we’re having trouble signing you in.
AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '6fdb55b4-c905-4612-bd23-306c3918217c'.
:cry:
Can you not redefine the redirect url on graph?
Bump? Any luck?
Reopening issue to redefine the redirect url
Closing again because using the current API is not possible. I've implemented these changes in the branch that is using GraphAPI.
I was just trying the configuration steps and these are the instructions and url I've received:
The client_id and redirect_uri show that you seem to have registered your own client app to receive the user's auth token. The user is asked to grant this domain (https://od.cnbeining.com) read/write access to their files and and profile data.
I'm not accusing you of anything but I think it's a serious security concern if this code is asking users to trust your client software with their business account token. I don't think most users will realize that configuring this client will be entrusting their accounts to a stranger.