Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't connect to SharePoint Online team sites such as https://orgname.sharepoint.com/sites/Site-Name #1770

Closed
hi2u opened this issue Oct 24, 2017 · 86 comments · Fixed by #3889

Comments

@hi2u
Copy link

hi2u commented Oct 24, 2017

I’ve been able to successfully connect to the default https://orgname-my.sharepoint.com/ personal SharePoint Site...

$ rclone lsd sp3:
-1 2017-01-04 22:16:34         0 Attachments
-1 2015-01-23 11:13:10         0 Shared with Everyone

But I’m having difficultly figuring out how to connect to team sites on URLs such a: https://orgname.sharepoint.com/sites/Site-Name etc.

The “rclone config” guided process doesn’t let you set the resource_url when setting it up. So I’ve tried editing ~/.config/rclone.conf using a few different methods, changing the resource_url and then reauthorizing, I've tried a number of different addresses like...

For the main/default team site:

https://orgname.sharepoint.com/ 
https://orgname.sharepoint.com/Shared Documents

For separate team sites, or what Microsoft call "site collections":

https://orgname.sharepoint.com/sites/Site-Name
https://orgname.sharepoint.com/sites/Site-Name/
https://orgname.sharepoint.com/sites/Site-Name/Shared Documents
https://orgname.sharepoint.com/sites/Site-Name/Shared Documents/
https://orgname.sharepoint.com/sites/Site-Name/Shared%20Documents
https://orgname.sharepoint.com/sites/Site-Name/Shared%20Documents/

I'm not sure which address format I'm meant to use? (for either the main team site, or all the other ones under /sites/)

I always get the error:

$ rclone -vv lsd sp3:
2017/10/25 03:17:18 DEBUG : Using config file from "/home/user/.config/rclone/rclone.conf"
2017/10/25 03:17:18 DEBUG : rclone: Version "v1.38" starting with parameters ["rclone" "-vv" "lsd" "sp3:"]
2017/10/25 03:17:19 Failed to create file system for "sp3:": failed to get root: 401 Unauthorized: 

(there's nothing after that last colon)

Does anyone know how I access team SharePoint sites?

My rclone version is:

rclone v1.38
- os/arch: linux/amd64
- go version: go1.9

...on Manjaro 64bit, installed from the distro's repos.

I'm choosing the "business" option when asked in rclone config.

@ncw
Copy link
Member

ncw commented Oct 26, 2017

@olihey any ideas how we could make this work?

@olihey
Copy link
Contributor

olihey commented Oct 27, 2017

Changing the resource url in the rclone.conf will not work as the access token is only valid for ONE resource url.

But we use the discovery endpoint to get all available services the user has access to and then automatically choose the OneDrive drive. Maybe we could present the list to the user during config and let him choose?!?! Maybe pre-select the OneDrive?

@dienal-san
Copy link

+1

@olihey
Copy link
Contributor

olihey commented Oct 28, 2017

I have created a pull request here #1780
This will ask the user for the correct resourceURL if the discovery service returns more than one resource URL.
BUT I couldn't test it as I only have a single OneDrive Business account.

@ncw
Copy link
Member

ncw commented Nov 5, 2017

Find this fix in the latest beta - please can you have a test and report back.

@dienal-san
Copy link

I tested but it does not work.
It is the same behavior than before. Output only the result_url https://orgname-my.sharepoint.com/.

@olihey
Copy link
Contributor

olihey commented Nov 7, 2017

Can you please try to setup the endpoint and use the "-v" when starting rclone?
You should see some debug messages and after "Got code" it should list all services Microsoft's discovery services returns for your user.
Mine looks like this:

Got code
2017/11/07 08:12:30 INFO  : Skipping API v1.0 endpoint https://XXXXXXX-my.sharepoint.com/_api/v1.0/me
2017/11/07 08:12:30 INFO  : Skipping API v2.0 endpoint https://XXXXXXX-my.sharepoint.com/_api/v2.0/me
--------------------

@maroc81
Copy link

maroc81 commented Nov 7, 2017

Here's what I got:

Waiting for code...
Got code
2017/11/07 08:35:02 INFO  : Skipping API v1.0 endpoint https://XXXXX-my.sharepoint.com/_api/v1.0/me
2017/11/07 08:35:02 INFO  : Skipping API v2.0 endpoint https://XXXXX-my.sharepoint.com/_api/v2.0/me

After that it dumped the config output for the remote site. There were no prompts for the correct resourceURL.

As far as I can tell, this remote is now pointing to my personal space in the business one drive.

@olihey
Copy link
Contributor

olihey commented Nov 7, 2017

Thanks for the feedback, unfortunately I only have a OneDrive Business account and NO additional Team sites so I can't test it.

I have created a commit in my repo which let a user type in a resource URL before getting the final access token. You can build that commit and see if typing in works for you.

@dienal-san
Copy link

Yes, that is the same output that I get when I discover.
Got code
2017/11/07 09:16:36 INFO : Skipping API v1.0 endpoint https://xxxxx-my.sharepoint.com/_api/v1.0/me
2017/11/07 09:16:36 INFO : Skipping API v2.0 endpoint https://xxxxx-my.sharepoint.com/_api/v2.0/me

The sites from the organization that we are trying to access are not displayed there.
My organization does not have something like this:
https://orgname.sharepoint.com/
https://orgname.sharepoint.com/Shared Documents

All sites are team sites like this:
https://orgname.sharepoint.com/site/site-name

@monkeyx-net
Copy link

Hi, could anyone please confirm if this was resolved. I downloaded the latest beta yesterday. I tried the webdav option to my sharepoint/teams files and also used the business one drive option and manually changed the resource_url and attempted to validate the token again.

I couldn't get either option to work. Happy to help test further if needed.

@olihey
Copy link
Contributor

olihey commented Dec 6, 2017

Hej, the latest beta only uses the discovery service for getting resource urls. Unfortunately the discovery service does not "see" the sharepoint sites/team sites.
As I said before, I only have one Business account that isn't connected to any sharepoint sites, so I can't test it. Changing the resource url will NOT work, as the refresh token in the rclone.conf is only valid for the resource_url specified in the config file. Changing the URL invalidates the refresh token.

I made a change in my forked repo where you get the option to input an arbitrary resource_url during setup of the remote.

Can you try to get this branch compiled and run?

@monkeyx-net
Copy link

monkeyx-net commented Dec 6, 2017

I used the following command to build your repo:-
go get -u -v github.com/olihey/rclone

It is not prompting me to enter a resource _url when creating a onedrive business remote though.

Is there something different I need to do to build via go?

@monkeyx-net
Copy link

monkeyx-net commented Dec 8, 2017

I have subsequently tried cloning your git fork and switch to the onedrive_resoure_select branch. I then used go build to check that branch and it created a new rclone file. But I must still be doing something wrong as I am pretty sure it is not using onedrive.go file from that branch.

I no very little about go projects, so not able to troubleshoot further

@olihey
Copy link
Contributor

olihey commented Dec 8, 2017

What OS are you on? Maybe I can create a build for you to test.

@monkeyx-net
Copy link

Debian stretch 64 bit.

Is there something I can read up to build properly via go. Or is it the git part I might be getting wrong?

@olihey
Copy link
Contributor

olihey commented Dec 8, 2017

OKay, I build an executable on my Ubuntu 16.04 AMD64, you can get it here: https://drive.google.com/open?id=1IsNSE34QK_UO-qzgSv2wuedxwsiMqlCZ

Please be aware that this test build currently can't do "headless" authorization, you have to use a machine which can show a web browser

@monkeyx-net
Copy link

Thanks. I have requested access to the file, as not a public share from Google Drive

@olihey
Copy link
Contributor

olihey commented Dec 8, 2017

@monkeyx-net
Copy link

monkeyx-net commented Dec 8, 2017

Did not prompt me output shown below

tim@somepc:~$ ./rcloneodb -V
rclone v1.38-DEV

  • os/arch: linux/amd64
  • go version: go1.9.2

tim@somepc:~$ ./rcloneodb -vv config
2017/12/08 11:26:07 DEBUG : Using config file from "/home/tim/.config/rclone/rclone.conf"
2017/12/08 11:26:07 DEBUG : rclone: Version "v1.38-DEV" starting with parameters ["./rcloneodb" "-vv" "config"]
Current remotes:

Name Type
==== ====
gDrive drive
oneTest onedrive

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> n
name> oneAsk
Type of storage to configure.
Choose a number from below, or type in your own value
1 / Amazon Drive
\ "amazon cloud drive"
2 / Amazon S3 (also Dreamhost, Ceph, Minio)
\ "s3"
3 / Backblaze B2
\ "b2"
4 / Box
\ "box"
5 / Cache a remote
\ "cache"
6 / Dropbox
\ "dropbox"
7 / Encrypt/Decrypt a remote
\ "crypt"
8 / FTP Connection
\ "ftp"
9 / Google Cloud Storage (this is not Google Drive)
\ "google cloud storage"
10 / Google Drive
\ "drive"
11 / Hubic
\ "hubic"
12 / Local Disk
\ "local"
13 / Microsoft Azure Blob Storage
\ "azureblob"
14 / Microsoft OneDrive
\ "onedrive"
15 / Openstack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
\ "swift"
16 / Pcloud
\ "pcloud"
17 / QingClound Object Storage
\ "qingstor"
18 / SSH/SFTP Connection
\ "sftp"
19 / Webdav
\ "webdav"
20 / Yandex Disk
\ "yandex"
21 / http Connection
\ "http"
Storage> 14
Microsoft App Client Id - leave blank normally.
client_id>
Microsoft App Client Secret - leave blank normally.
client_secret>
Remote config
Choose OneDrive account type?


[oneAsk]
client_id =
client_secret =
token = {"access_token":"my secret token","expiry":"2017-12-08T12:28:11.494924Z"}
resource_url = https://xyxyxy-my.sharepoint.com/

y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:

Name Type
==== ====
gDrive drive
oneAsk onedrive
oneTest onedrive

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config

@olihey
Copy link
Contributor

olihey commented Jan 24, 2018

Hej, sorry for the long "pause". Problem is, I only have a Office 365 account for testing. Meaning this is very hard for me to fix without having anyway to try it. Sorry.
Maybe someone with such an account can help?

@olihey
Copy link
Contributor

olihey commented Jan 24, 2018

Can someone please go to this page https://developer.microsoft.com/en-us/graph/graph-explorer, authenticate your account and run the URL: https://graph.microsoft.com/v1.0/me/drives left to the "Run Query" button (you have to click the button after entering the URL).

Do you see your sharepoint / team sites in the "Response Preview" section?

@maroc81
Copy link

maroc81 commented Jan 24, 2018

I only see my personal one drive account. The team site is not returned in the response.

@maroc81
Copy link

maroc81 commented Jan 24, 2018

Looking at that graph explorer, there are several examples that deal with sharepoint. So far I was able to find the shared site by using the request

https://graph.microsoft.com/v1.0/sites?search=my_keyword

Where my_keyword is part of the name for the shared site.

I'm still looking to see if there are ways to list shared sites (it wasn't in https://graph.microsoft.com/v1.0/sites/root/drives). However, maybe you could use the search and prompt the user for the keyword?

Thanks!

@maroc81
Copy link

maroc81 commented Jan 24, 2018

I'm sure you've seen this:

https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/site_get

But I couldn't find anyway to list the sharepoint sites I have access to. Maybe GET /groups/{group-id}/sites/root would work but I don't have permission to lists the groups I am a member of (/me/memberOf).

So it looks search may be the only way to go.

@olihey
Copy link
Contributor

olihey commented Jan 25, 2018

I haven't found a way to properly query for available sites per user. I can see that I can access them by "id". Do you have any chance to see the ID for the drives you want to access?
One on mine looks like this: b!9Z8pPhaBr06tcI6zsoXXXXXXXXXXXXXXXXD2yjX1ayLDuZSTKTwRAieJlnL

Because then I could add an option during setting up the remote to type in the ID by yourself.

@maroc81
Copy link

maroc81 commented Jan 25, 2018

Yes there is an id returned for the site in the response to

https://graph.microsoft.com/v1.0/sites?search=my_keyword

However, the id is in the form:

"id": "mycompany.sharepoint.com,########-####-####-####-############,########-####-####-####-############","

Where # is a hex digit. I see the id in the form you list above from the "me/drives" query. It appears sharepoint uses a different form. Don't know if that means it's incompatible with the access by id method you mentioned.

@ncw ncw added this to the Help Wanted milestone Aug 30, 2018
@entombedparty
Copy link

Hello,

I've had a hard time setting up a remote to my university sharepoint site. The default config procedure only offered my university-provided personal OneDrive, upecnumerique-my.sharepoint.com/personal/[mail address], but not the Sharepoint site, upecnumerique.sharepoint.com/sites/[name].
The Graph Explorer gave no result with keyword "upecnumerique".

I opened the Sharepoint site HTML source code and looked for IDs. Given the above comment #1770 (comment) and some trial-and-error, I found the ID is upecnumerique.sharepoint.com,[siteId],[webId] (I tested this by inserting the ID in request https://graph.microsoft.com/v1.0/sites/[ID]/drive/root/children as advised above).

The sharepoint site "contains" many folders. I thought rclone config would add the site as a remote, but instead each folder is seen as a drive and I have to choose only one among the 57 of them :-/ Fortunately I only need 4 of them, so I can cope with 4 separate remotes.

Thank you for the great software.

@Cnly
Copy link
Member

Cnly commented Nov 5, 2018

@llevrel I'm a little lost in your words. Are you looking for some way to add the whole site as a drive? I doubt if it's possible because if you look at the response of https://graph.microsoft.com/v1.0/sites/[ID]/drives, you'll see those "folders" (if I get your point) are really different drives.

@entombedparty
Copy link

@Cnly I think you got my point. I'm new to this so "sites", "drives", etc. are vague concepts for me. Anyway I understand my wish cannot be fulfilled. Never mind, as I need only 4 of them it's no big deal. Thank you for answering!

@Script-Nomad
Copy link

@llevrel In my research of this problem, it seems like this is more of a shortcoming of the graph API and its permissions model rather than rclone. Unfortunately, I don't see any feasible way to support this.

Every resource that rclone would require in order to "search" for team sites or sub-sites within sharepoint requires some form of admin privilege, even for you to check your own drives. You can probably thank Microsoft's absurd permissions model which doesn't distinguish an individual's resources from a team's resources. In order to list sites/drives for team sites and sub-sites that you have been granted access to, you need the Sites.ReadAll and User.ReadAll permissions according to the documentation, which is admin-only. To add content, you would need to elevate to the ReadWrite permission respectively.

https://docs.microsoft.com/en-us/graph/api/user-list-joinedteams?view=graph-rest-1.0

Rclone would either need to be granted permission to an organization's entire root site's resources as an application (a massive security hole), or you would need to have your user added as an administrator to grant yourself permission to your own team site, which would also grant rclone permission to ALL team sites under your credentials (impractical, and yet another security hole).

This is the sad story that is the Microsoft Graph API, which isn't much better than Windows permissions 😞

@iNode
Copy link

iNode commented Mar 3, 2019

One can lookup site ID manually by using https://developer.microsoft.com/graph/graph-explorer/ and login with default permissions. After that she will be able to lookup site by name with request like https://graph.microsoft.com/v1.0/sites/mysite.sharepoint.com:/sites/my-team and received ID can be used by rclone.

Don't see any particular reason why rclone can't lookup site my-team by it's name in the same way.

But anyway thanks for the current implementation. Please let me know if I can help you with test(s).

@diman82
Copy link

diman82 commented May 18, 2019

@mkoegel wrote:

Version 1.41 should support SharePoint via webdav, but the docu is not updated yet. Did someone get this to run?

You can find the docs here: https://rclone.org/webdav/#sharepoint

@heerohawwah
Those "DEBUG : Couldn't decode error response: EOF" messages mean that the remote end returned an HTTP error rather than an XML Webdav error most likely. You can ignore them - they aren't important.

I wonder if the "Failed to copy: object not found" errors are caused by the rclone uploading the file, then going to check it but finding it isn't there yet due to some eventual consistency stuff.

If you retry the sync, does it clean up any it missed OK?

You saved me with the webdav option (that I obviously wan't aware of)!
Spent s*****ad of time trying to configure my Onedrive for Business personal account in vain!

@villapx
Copy link

villapx commented Nov 13, 2019

One can lookup site ID manually by using https://developer.microsoft.com/graph/graph-explorer/ and login with default permissions. After that she will be able to lookup site by name with request like https://graph.microsoft.com/v1.0/sites/mysite.sharepoint.com:/sites/my-team and received ID can be used by rclone.

To provide a bit more detail:

@kcrkor
Copy link

kcrkor commented Jan 8, 2020

The above did not work for me for some reason. The search however worked great!

As above go to the MS Graph Explorer and authenticate.

Then get the siteID by searching part of the site name with the below url:
https://graph.microsoft.com/v1.0/sites?search={your query}
Finally use option 4 to add the site and paste the id there.


There is a bug in the search in rclone:

Choose a number from below, or type in an existing value
 1 / OneDrive Personal or Business
   \ "onedrive"
 2 / Root Sharepoint site
   \ "sharepoint"
 3 / Type in driveID
   \ "driveid"
 4 / Type in SiteID
   \ "siteid"
 5 / Search a Sharepoint site
   \ "search"
Your choice> 5
What to search for> xxx000
2020/01/08 16:10:30 Failed to query available sites: HTTP error 403 (403 Forbidden) returned body: "{\r\n  \"error\": {\r\n    \"code\": \"accessDenied\",\r\n    \"message\": \"The caller does not have permission to perform the action.\",\r\n    \"innerError\": {\r\n      \"request-id\": \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",\r\n      \"date\": \"2020-01-08T16:10:30\"\r\n    }\r\n  }\r\n}"

If you do it manually via the Graph API it works and returns the siteID in the id field.

@ncw
Copy link
Member

ncw commented Jan 9, 2020

2020/01/08 16:10:30 Failed to query available sites: HTTP error 403 (403 Forbidden) returned body: "{\r\n "error": {\r\n "code": "accessDenied",\r\n "message": "The caller does not have permission to perform the action.",\r\n "innerError": {\r\n "request-id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",\r\n "date": "2020-01-08T16:10:30"\r\n }\r\n }\r\n}"

That says access denied... Is it a user permissions problem?

@kcrkor
Copy link

kcrkor commented Jan 9, 2020

Nope. It's a missing Rclone permission maybe? The graph api explorer works for the same account and same query.

@telepath
Copy link
Contributor

telepath commented Jan 15, 2020

It looks like the app is not requesting the Sites.Read.All permission.

Scopes: []string{"Files.Read", "Files.ReadWrite", "Files.Read.All", "Files.ReadWrite.All", "offline_access"},

Sites.Read.All should be sufficient for search (https://docs.microsoft.com/en-us/graph/api/site-search?view=graph-rest-1.0&tabs=http) and does not require admin consent.

@telepath
Copy link
Contributor

Confirmed. Search works if I add "Sites.Read.All" to the backend and to the azure app.

@ncw
Copy link
Member

ncw commented Jan 16, 2020

@telepath wrote:

Confirmed. Search works if I add "Sites.Read.All" to the backend and to the azure app.

Ah ha!

@Cnly what do you think about adding this to the requested scopes?

@Cnly
Copy link
Member

Cnly commented Jan 17, 2020

@ncw Although I myself haven't seen this problem before, this seems a plausible fix. Does @telepath want to open a PR for it? :)

@telepath
Copy link
Contributor

I've created a pull request, though I'm not sure if any documentation or tests are missing.

@Cnly
Copy link
Member

Cnly commented Jan 19, 2020

@telepath I think we'd better add the permission under the docs here: https://github.com/rclone/rclone/blob/master/docs/content/onedrive.md#getting-your-own-client-id-and-key. And can you confirm whether the new scope takes effect immediately with the code change, or only after the user is shown the consent page again?

@telepath
Copy link
Contributor

New consent ist required.

@ncw
Copy link
Member

ncw commented Jan 20, 2020

I've merged @telepath 's fix for this to master now which means it will be in the latest beta in 15-30 mins and released in v1.51

@jrd
Copy link

jrd commented May 7, 2020

When using rclone 1.51.0 and doing a "Search a Shaepoint site" I got:

2020/05/07 11:55:52 Failed to query available sites: HTTP error 503 (503 Service Unavailable) returned body: "{\r\n  \"error\": {\r\n    \"code\": \"serviceNotAvailable\",\r\n    \"message\": \"Service unavailable\",\r\n    \"innerError\": {\r\n      \"request-id\": \"d3090cd6-acec-4573-b5bd-5dc088e6269d\",\r\n      \"date\": \"2020-05-07T09:55:52\"\r\n    }\r\n  }\r\n}"

When using "Type in SiteID", it works ok.

@mikey32230
Copy link

mikey32230 commented Sep 28, 2020

I also get the same error as @jrd when trying to use the "Search a SharePoint Site" feature
Did the API/namespace change a little bit perhaps?

Maybe this issue should get re-opened?

@Cnly
Copy link
Member

Cnly commented Jan 11, 2021

@jrd @mikey32230 The HTTP 503 error is usually temporary and should go away if you retry some time later; I didn't find any changes in the API. Alternatively if you download the latest beta, you can now also choose the newly added Sharepoint site name or URL (e.g. mysite or https://contoso.sharepoint.com/sites/mysite) option so you don't need to search.

tomgreen66 added a commit to tomgreen66/rclone that referenced this issue Dec 16, 2021
Found it easier to add Teams locations by searching, needs extra permission as described in rclone#1770
@cqjjjzr
Copy link
Contributor

cqjjjzr commented Dec 25, 2021

The request for Sites.Read.All permission should be explicitly mentioned in the document. I've run into permission issues on a domain with an excessively strict authorization policy (my university). If the domain disallow users to consent permissions on their own and the Sites.Read.All permission is undocumented thus not configured, the extra Sites.Read.All scope when requesting an access token will trigger "Application needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it." message.

I've created a version of rclone with an advanced config entry to decide whether to contain the Sites.Read.All scope: https://github.com/cqjjjzr/rclone/tree/fix-onedrive-sites

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.