Can't connect to SharePoint Online team sites such as https://orgname.sharepoint.com/sites/Site-Name #1770
Comments
|
@olihey any ideas how we could make this work? |
|
Changing the resource url in the rclone.conf will not work as the access token is only valid for ONE resource url. But we use the discovery endpoint to get all available services the user has access to and then automatically choose the OneDrive drive. Maybe we could present the list to the user during config and let him choose?!?! Maybe pre-select the OneDrive? |
|
+1 |
|
I have created a pull request here #1780 |
|
Find this fix in the latest beta - please can you have a test and report back. |
|
I tested but it does not work. |
|
Can you please try to setup the endpoint and use the "-v" when starting rclone? |
|
Here's what I got: After that it dumped the config output for the remote site. There were no prompts for the correct resourceURL. As far as I can tell, this remote is now pointing to my personal space in the business one drive. |
|
Thanks for the feedback, unfortunately I only have a OneDrive Business account and NO additional Team sites so I can't test it. I have created a commit in my repo which let a user type in a resource URL before getting the final access token. You can build that commit and see if typing in works for you. |
|
Yes, that is the same output that I get when I discover. The sites from the organization that we are trying to access are not displayed there. All sites are team sites like this: |
|
Hi, could anyone please confirm if this was resolved. I downloaded the latest beta yesterday. I tried the webdav option to my sharepoint/teams files and also used the business one drive option and manually changed the resource_url and attempted to validate the token again. I couldn't get either option to work. Happy to help test further if needed. |
|
Hej, the latest beta only uses the discovery service for getting resource urls. Unfortunately the discovery service does not "see" the sharepoint sites/team sites. I made a change in my forked repo where you get the option to input an arbitrary resource_url during setup of the remote. Can you try to get this branch compiled and run? |
|
I used the following command to build your repo:- It is not prompting me to enter a resource _url when creating a onedrive business remote though. Is there something different I need to do to build via go? |
|
I have subsequently tried cloning your git fork and switch to the onedrive_resoure_select branch. I then used go build to check that branch and it created a new rclone file. But I must still be doing something wrong as I am pretty sure it is not using onedrive.go file from that branch. I no very little about go projects, so not able to troubleshoot further |
|
What OS are you on? Maybe I can create a build for you to test. |
|
Debian stretch 64 bit. Is there something I can read up to build properly via go. Or is it the git part I might be getting wrong? |
|
OKay, I build an executable on my Ubuntu 16.04 AMD64, you can get it here: https://drive.google.com/open?id=1IsNSE34QK_UO-qzgSv2wuedxwsiMqlCZ Please be aware that this test build currently can't do "headless" authorization, you have to use a machine which can show a web browser |
|
Thanks. I have requested access to the file, as not a public share from Google Drive |
|
Sorry, not that skilled with Google Drive. Try this: https://drive.google.com/file/d/1IsNSE34QK_UO-qzgSv2wuedxwsiMqlCZ/view?usp=sharing |
|
Did not prompt me output shown below tim@somepc:~$ ./rcloneodb -V
tim@somepc:~$ ./rcloneodb -vv config Name Type e) Edit existing remote
[oneAsk]
|
|
Hej, sorry for the long "pause". Problem is, I only have a Office 365 account for testing. Meaning this is very hard for me to fix without having anyway to try it. Sorry. |
|
Can someone please go to this page https://developer.microsoft.com/en-us/graph/graph-explorer, authenticate your account and run the URL: Do you see your sharepoint / team sites in the "Response Preview" section? |
|
I only see my personal one drive account. The team site is not returned in the response. |
|
Looking at that graph explorer, there are several examples that deal with sharepoint. So far I was able to find the shared site by using the request
Where my_keyword is part of the name for the shared site. I'm still looking to see if there are ways to list shared sites (it wasn't in Thanks! |
|
I'm sure you've seen this: But I couldn't find anyway to list the sharepoint sites I have access to. Maybe So it looks search may be the only way to go. |
|
I haven't found a way to properly query for available sites per user. I can see that I can access them by "id". Do you have any chance to see the ID for the drives you want to access? Because then I could add an option during setting up the remote to type in the ID by yourself. |
|
Yes there is an id returned for the site in the response to
However, the id is in the form: "id": "mycompany.sharepoint.com,########-####-####-####-############,########-####-####-####-############"," Where # is a hex digit. I see the id in the form you list above from the "me/drives" query. It appears sharepoint uses a different form. Don't know if that means it's incompatible with the access by id method you mentioned. |
|
Hello, I've had a hard time setting up a remote to my university sharepoint site. The default config procedure only offered my university-provided personal OneDrive, upecnumerique-my.sharepoint.com/personal/[mail address], but not the Sharepoint site, upecnumerique.sharepoint.com/sites/[name]. I opened the Sharepoint site HTML source code and looked for IDs. Given the above comment #1770 (comment) and some trial-and-error, I found the ID is upecnumerique.sharepoint.com,[siteId],[webId] (I tested this by inserting the ID in request https://graph.microsoft.com/v1.0/sites/[ID]/drive/root/children as advised above). The sharepoint site "contains" many folders. I thought rclone config would add the site as a remote, but instead each folder is seen as a drive and I have to choose only one among the 57 of them :-/ Fortunately I only need 4 of them, so I can cope with 4 separate remotes. Thank you for the great software. |
|
@llevrel I'm a little lost in your words. Are you looking for some way to add the whole site as a drive? I doubt if it's possible because if you look at the response of |
|
@Cnly I think you got my point. I'm new to this so "sites", "drives", etc. are vague concepts for me. Anyway I understand my wish cannot be fulfilled. Never mind, as I need only 4 of them it's no big deal. Thank you for answering! |
|
@llevrel In my research of this problem, it seems like this is more of a shortcoming of the graph API and its permissions model rather than rclone. Unfortunately, I don't see any feasible way to support this. Every resource that rclone would require in order to "search" for team sites or sub-sites within sharepoint requires some form of admin privilege, even for you to check your own drives. You can probably thank Microsoft's absurd permissions model which doesn't distinguish an individual's resources from a team's resources. In order to list sites/drives for team sites and sub-sites that you have been granted access to, you need the Sites.ReadAll and User.ReadAll permissions according to the documentation, which is admin-only. To add content, you would need to elevate to the ReadWrite permission respectively. Rclone would either need to be granted permission to an organization's entire root site's resources as an application (a massive security hole), or you would need to have your user added as an administrator to grant yourself permission to your own team site, which would also grant rclone permission to ALL team sites under your credentials (impractical, and yet another security hole). This is the sad story that is the Microsoft Graph API, which isn't much better than Windows permissions 😞 |
|
One can lookup site ID manually by using https://developer.microsoft.com/graph/graph-explorer/ and login with default permissions. After that she will be able to lookup site by name with request like https://graph.microsoft.com/v1.0/sites/mysite.sharepoint.com:/sites/my-team and received ID can be used by rclone. Don't see any particular reason why rclone can't lookup site my-team by it's name in the same way. But anyway thanks for the current implementation. Please let me know if I can help you with test(s). |
You saved me with the webdav option (that I obviously wan't aware of)! |
To provide a bit more detail:
|
|
The above did not work for me for some reason. The search however worked great! As above go to the MS Graph Explorer and authenticate. Then get the There is a bug in the search in rclone: If you do it manually via the Graph API it works and returns the siteID in the id field. |
That says access denied... Is it a user permissions problem? |
|
Nope. It's a missing Rclone permission maybe? The graph api explorer works for the same account and same query. |
|
It looks like the app is not requesting the Sites.Read.All permission. rclone/backend/onedrive/onedrive.go Line 64 in 1ba5e99 Sites.Read.All should be sufficient for search (https://docs.microsoft.com/en-us/graph/api/site-search?view=graph-rest-1.0&tabs=http) and does not require admin consent. |
|
Confirmed. Search works if I add "Sites.Read.All" to the backend and to the azure app. |
|
I've created a pull request, though I'm not sure if any documentation or tests are missing. |
|
@telepath I think we'd better add the permission under the docs here: https://github.com/rclone/rclone/blob/master/docs/content/onedrive.md#getting-your-own-client-id-and-key. And can you confirm whether the new scope takes effect immediately with the code change, or only after the user is shown the consent page again? |
|
New consent ist required. |
|
I've merged @telepath 's fix for this to master now which means it will be in the latest beta in 15-30 mins and released in v1.51 |
|
When using rclone 1.51.0 and doing a "Search a Shaepoint site" I got: When using "Type in SiteID", it works ok. |
|
I also get the same error as @jrd when trying to use the "Search a SharePoint Site" feature Maybe this issue should get re-opened? |
|
@jrd @mikey32230 The HTTP 503 error is usually temporary and should go away if you retry some time later; I didn't find any changes in the API. Alternatively if you download the latest beta, you can now also choose the newly added |
Found it easier to add Teams locations by searching, needs extra permission as described in rclone#1770
|
The request for I've created a version of rclone with an advanced config entry to decide whether to contain the |
and others
I’ve been able to successfully connect to the default https://orgname-my.sharepoint.com/ personal SharePoint Site...
But I’m having difficultly figuring out how to connect to team sites on URLs such a: https://orgname.sharepoint.com/sites/Site-Name etc.
The “rclone config” guided process doesn’t let you set the resource_url when setting it up. So I’ve tried editing ~/.config/rclone.conf using a few different methods, changing the resource_url and then reauthorizing, I've tried a number of different addresses like...
For the main/default team site:
For separate team sites, or what Microsoft call "site collections":
I'm not sure which address format I'm meant to use? (for either the main team site, or all the other ones under /sites/)
I always get the error:
(there's nothing after that last colon)
Does anyone know how I access team SharePoint sites?
My rclone version is:
...on Manjaro 64bit, installed from the distro's repos.
I'm choosing the "business" option when asked in
rclone config.The text was updated successfully, but these errors were encountered: