mirror of
https://github.com/rclone/rclone.git
synced 2024-11-22 08:23:47 +01:00
drive,gcs,googlephotos: disable OAuth OOB flow (copy a token) due to google deprecation
Before this change, rclone supported authorizing for remote systems by going to a URL and cutting and pasting a token from Google. This is known as the OAuth out-of-band (oob) flow. This, while very convenient for users, has been shown to be insecure and has been deprecated by Google. https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html#disallowed-oob > OAuth out-of-band (OOB) is a legacy flow developed to support native > clients which do not have a redirect URI like web apps to accept the > credentials after a user approves an OAuth consent request. The OOB > flow poses a remote phishing risk and clients must migrate to an > alternative method to protect against this vulnerability. New > clients will be unable to use this flow starting on Feb 28, 2022. This change disables that flow, and forces the user to use the redirect URL flow. (This is the flow used already for local configs.) In practice this will mean that instead of cutting and pasting a token for remote config, it will be necessary to run "rclone authorize" instead. This is how all the other OAuth backends work so it is a well tested code path. Fixes #6000
This commit is contained in:
parent
f22b703a51
commit
dc7e3ea1e3
@ -84,7 +84,7 @@ var (
|
||||
Endpoint: google.Endpoint,
|
||||
ClientID: rcloneClientID,
|
||||
ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret),
|
||||
RedirectURL: oauthutil.TitleBarRedirectURL,
|
||||
RedirectURL: oauthutil.RedirectURL,
|
||||
}
|
||||
_mimeTypeToExtensionDuplicates = map[string]string{
|
||||
"application/x-vnd.oasis.opendocument.presentation": ".odp",
|
||||
|
@ -65,7 +65,7 @@ var (
|
||||
Endpoint: google.Endpoint,
|
||||
ClientID: rcloneClientID,
|
||||
ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret),
|
||||
RedirectURL: oauthutil.TitleBarRedirectURL,
|
||||
RedirectURL: oauthutil.RedirectURL,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -69,7 +69,7 @@ var (
|
||||
Endpoint: google.Endpoint,
|
||||
ClientID: rcloneClientID,
|
||||
ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret),
|
||||
RedirectURL: oauthutil.TitleBarRedirectURL,
|
||||
RedirectURL: oauthutil.RedirectURL,
|
||||
}
|
||||
)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user