Hello to all. I have recently turned on 2FA on my Microsoft account, which seems to have hopelessly broken the Duplicati - OneDrive integration. Looking through the forums I have seen some claim that they got it going by setting up an app password, but I did not figure out how Duplicati could be set up with such a password (using the OAuth service with the app password does not complete successfully).
Are there detailed instructions on how to get Duplicati working with OneDrive Personal and 2FA?
Unfortunately, I don’t know of any guide to getting two factor authentication working with OneDrive Personal (or any other destination, for that matter).
The only stuff I found that did mention using 2FA seemed to be related to email access authentication for notifications.
Perhaps @kenkendk has some idea about whether or not Duplicate supports two factor auth. for destinations and, if so, how best to use it.
I have not used 2FA for OneDrive, but generally, Duplicati requires a continous access option (it will not ask you for a 2FA code each time it runs a backup).
For the other connections based on OAuth, you only need to provide the 2FA access code when setting up the integration (i.e. getting the AuthToken from https://duplicati-oauth-handler.appspot.com/). After this, a separate set of login credentials are created for Duplicati to use (encrypted on the server with the AuthToken). These credentials are assumed (by the OAuth design) to be more secure than your normal login, and thus do not require a 2FA code to be used.
My first attempts on setting it up, selecting the (OAuth based?) Microsoft Graph API provider, unfortunately resulted in 401 (Unauthorized) errors in Duplicati when trying to backup. I have since turned off 2FA in order to resume backups.
I will give another shot at setting it up later this week. Is there a way of obtaining a more detailed log of the requests/responses submitted to OneDrive in order to collect details on the error in case I still get 401s?
The problem was actually the update channel. After reading the release notes for all the latest versions I understood that the GraphApi (OneDrive v2 backend) is acually only available yet on the canary channel, and I was set on beta.
While I’m not a fan of running in canary, I guess I will stay there until the OneDrive v2 backend makes it to beta. I have now set up OneDrive backup with 2FA successfully.
Yes, MS decided to shut down the old API which used the account password, and now only support the Graph-based API with OAuth. I think they will reject requests to the old API some time later this year.
I hope we can roll a new beta before that happens.
When setting up the configuration, I chose the Microsoft OneDrive v2 backend. By clicking “AuthID” and following the login prompts an authentication token was generated that allows Duplicati to connect without requiring a second factor authentication.
Note that previously, the OneDrive v2 backend was only functional in the canary channel, which led to my problems in this thread. This has been fixed since then and the latest beta supports the OneDrive v2 backend.
If you are having problems I would suggest starting by upgrading to Duplicati’s latest beta release, removing all permissions previously given to Duplicati in OneDrive by revoking consent in OneDrive’s consent management page, and then trying to set up the backup configuration from scratch.
Done. When I generate a new AuthID I get this error message:
Failed to connect: Failed to authorize using the OAuth service: Server error. If the problem persists, try generating a new authid token from: Duplicati OAuth Handler
Following those instructions just generates the same error message all over again.
Welp, deleting the backup config and starting from scratch is the only thing I haven’t tried yet sigh
In my case I went no farther than this. Since it has been a while since I generated my AuthId, maybe it is related to new functional bugs that popped up since (my AuthId is still working, though).
Maybe try generating a test backup config to your OneDrive to see if starting the configuration from scratch would help?
Another tip I since remembered, sometimes Duplicati’s UI does not properly update due to remaining info on the browser, also try clearing all browser info (cookies, cached content, etc) regarding Duplicati’s server before setting up the AuthId.
I’ve tried using a new Firefox container as well as a different browser I’ve never used with Duplicati before and rarely, if ever, use for anything else. Didn’t have any effect, unfortunately.
I’m gonna be swapping out the HDD on which the files are backed up soon anyway. Once that’s done I’ll probably just create the backup job from scratch.
