Hey, based on the review comment #5632, I add this issue for setting up behavior tests for OneDrive in the CI.

This requires a bit admin work, mainly with Microsoft Entra ID.

I investigated how-to but didn't go through the entire process. Some understanding comes from my prior experience, too. And the process can be a bit complicated.

To start, we go for the app-only access. These steps should be:

1. Register a dev Microsoft account.

2. Navigate to Microsoft Entra admin center and login. Then we create an application for OpenDAL in CI to access the dev account files.

3. Go to Applications - App registrations

4. Enroll in the M365 Developer Program or sign up for Azure with the dev account from 1.

5. Register an application

   • Supported account types: "Accounts in any organizational directory and personal Microsoft accounts". This type should work for the CI purpose.

6. Obtain Application (client) ID and client secrets.

7. Configure Platform Settings, desktop application type should work. If not, we can revise.

8. Now OAuth 2.0 flow. Read here.

9. Now configure permissions for Microsoft Graph, go to the application's API permissions page

10. Add a permission, select "Files.ReadWrite".

11. Go to Microsoft Entra admin center and find the application (in "Applications").

12. You should be able to find admin consent with a few clicks and navigations.

13. Validate if you can get a token:

    // Line breaks are for legibility only.

    POST https://login.microsoftonline.com/common/oauth2/v2.0/token HTTP/1.1
    Host: login.microsoftonline.com
    Content-Type: application/x-www-form-urlencoded

    client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
    &scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
    &client_secret=qWgdYA....L1qKv5bPX
    &grant_type=client_credentials

14. Store credentials to 1Password.

The workflow should be somewhat straightforward:

name: onedrive
description: 'Behavior test for OneDrive'

runs:
  using: "composite"
  steps:
    - name: Setup
      uses: 1password/load-secrets-action@v1
      with:
        export-env: true
      env:
        OPENDAL_ONEDRIVE_ROOT: op://services/onedrive/root
        OPENDAL_ONEDRIVE_CLIENT_ID: op://services/onedrive/client_id
        OPENDAL_ONEDRIVE_CLIENT_SECRET: op://services/onedrive/client_secret

    - name: Get OneDrive access token
      run: |
        TOKEN=$(curl --location --request POST 'https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token' \
          --header 'Content-Type: application/x-www-form-urlencoded' \
          --data-urlencode 'client_id=535fb089-9ff3-47b6-9bfb-4f1264799865' \
          --data-urlencode 'scope=https://graph.microsoft.com/.default' \
          --data-urlencode 'client_secret=qWgdYA....L1qKv5bPX' \
          --data-urlencode 'grant_type=client_credentials' | jq ".access_token")

        echo "OPENDAL_ONEDRIVE_ACCESS_TOKEN=$TOKEN" >> "$GITHUB_ENV"

Open question

What about supporting the auth and refresh token for OneDrive service?

IMO, this can wait as the access token is enough to test. Authentication, once set up, is trivial.