Detailed guide to set up OneDrive Personal with 2FA


#1

Hello to all. I have recently turned on 2FA on my Microsoft account, which seems to have hopelessly broken the Duplicati - OneDrive integration. Looking through the forums I have seen some claim that they got it going by setting up an app password, but I did not figure out how Duplicati could be set up with such a password (using the OAuth service with the app password does not complete successfully).

Are there detailed instructions on how to get Duplicati working with OneDrive Personal and 2FA?


#2

Hello @pooispoois, welcome to the forum!

Unfortunately, I don’t know of any guide to getting two factor authentication working with OneDrive Personal (or any other destination, for that matter).

The only stuff I found that did mention using 2FA seemed to be related to email access authentication for notifications.

Perhaps @kenkendk has some idea about whether or not Duplicate supports two factor auth. for destinations and, if so, how best to use it.


#3

I have not used 2FA for OneDrive, but generally, Duplicati requires a continous access option (it will not ask you for a 2FA code each time it runs a backup).

For the other connections based on OAuth, you only need to provide the 2FA access code when setting up the integration (i.e. getting the AuthToken from https://duplicati-oauth-handler.appspot.com/). After this, a separate set of login credentials are created for Duplicati to use (encrypted on the server with the AuthToken). These credentials are assumed (by the OAuth design) to be more secure than your normal login, and thus do not require a 2FA code to be used.


#4

My first attempts on setting it up, selecting the (OAuth based?) Microsoft Graph API provider, unfortunately resulted in 401 (Unauthorized) errors in Duplicati when trying to backup. I have since turned off 2FA in order to resume backups.

I will give another shot at setting it up later this week. Is there a way of obtaining a more detailed log of the requests/responses submitted to OneDrive in order to collect details on the error in case I still get 401s?

Thank you for your help.


#5

The problem was actually the update channel. After reading the release notes for all the latest versions I understood that the GraphApi (OneDrive v2 backend) is acually only available yet on the canary channel, and I was set on beta.

While I’m not a fan of running in canary, I guess I will stay there until the OneDrive v2 backend makes it to beta. I have now set up OneDrive backup with 2FA successfully.


#6

Thanks for sharing what you figured out!

Hopefully you won’t have to way too long for a OD v2 backup beta version to come out. :slight_smile:


#7

Yes, MS decided to shut down the old API which used the account password, and now only support the Graph-based API with OAuth. I think they will reject requests to the old API some time later this year.

I hope we can roll a new beta before that happens.