Unable to authenticate OneDrive client

[alexsokolek2]

Summary
I’m unable to complete the OAuth 2.0 authorization flow for the OneDrive client because the Microsoft login page never emits the redirect URI. This happens consistently across multiple environments, browsers, and binaries. I’m trying to determine whether this is a known Microsoft-side behavior and whether there is a recommended workaround.

Details
I have tested the OneDrive client on several systems (host OS, guest VM, and multiple Live USB environments). In every case, the OAuth login page loads normally, I enter my credentials, and the login succeeds — but the final step of the Authorization Code Flow never produces the redirect URI of the form:

https://login.microsoftonline.com/common/oauth2/nativeclient?code=...

Instead, the browser transitions to a blank or intermediate page with no redirect URL visible in the address bar, no link to click, and no way to extract the authorization code. The client eventually times out with “no redirect URI received.”

What I’ve already tried

Multiple distros (Debian, Ubuntu, Noble, Live USB sessions)

Multiple browsers (Firefox, Chrome, private windows, fresh profiles)

Multiple OneDrive client builds (including fresh rebuilds)

Running the client in a VM and on bare metal

Clearing cookies, cache, and all Microsoft login state

Using different networks

The behavior is identical in all cases: the redirect URI is never emitted.

Device Code Flow
I also attempted to use the Device Code Flow (--auth-device), but my build of v2.5.10 does not expose this option. I understand that device authentication was introduced earlier (v2.5.6+), so I may be missing a build flag or dependency. If device authentication is the recommended workaround for redirect failures, I would appreciate guidance on enabling it.

Questions

Is this redirect-suppression behavior known or documented on Microsoft’s side?

Is there a recommended workaround when the Authorization Code Flow does not emit a redirect URI?

Should I be using Device Code Flow instead, and if so, what is the correct way to enable it in current builds?

Any guidance would be appreciated.

Thank you for your attention to this matter. I look forward to hearing from you.

Alex Sokolek

[abraunegg]

What you are describing does not indicate that client code has “disappeared” from the application.

There are two separate things here which need to be kept distinct:

1. Interactive browser authentication
   This is the default flow where the client asks you to open a Microsoft login URL, then copy the final redirect URI back into the terminal.

2. Device authentication
   As per the documentation (https://github.com/abraunegg/onedrive/blob/master/docs/usage.md#oauth2-device-authorisation-flow-for-microsoft-entra-id-accounts), this is not a command-line switch such as --auth-device. It is enabled via configuration with:

   use_device_auth = "true"

Please also note the important limitation here:

• Device authentication is only usable for Microsoft Entra ID / Work / School accounts
• It is not a valid workaround for Personal Microsoft accounts, because Microsoft blocks that auth flow for personal accounts on unapproved applications

So before anything else, you need to clearly state:

• are you authenticating a Personal OneDrive account
• or a Business / Work / School account

Because that changes what is and is not supported.

Also, if you believe your installed client “does not expose” device authentication, then the most likely explanation is that you are not actually running the binary you think you are running, or you have multiple onedrive binaries installed and an older one is being picked up first.

Please run the following and provide the complete output:

sudo find / -xdev -type f -name 'onedrive' -executable 2>/dev/null -print0 \
| while IFS= read -r -d '' f; do
    echo "=== $f ==="
    "$f" --version 2>&1
    echo
done

Also provide:

onedrive --version
onedrive --display-config
which onedrive
type -a onedrive

Without that data, there is nothing concrete to diagnose.

At the moment, the most likely possibilities are:

• you are using a Personal account and expecting device auth to work, when Microsoft does not allow that
• you have multiple installed binaries
• you are running an older or distro-packaged build rather than the intended client version
• your browser or an extension is interfering with the redirect URL capture during interactive authentication

Please provide the requested output and state clearly whether the account is Personal or Business.

[alexsokolek2]

I m using a personal account. As such, device authorization will not work. I can accept that. I am left with the redirect URI not being emitted.

alex@alex-noble:~$ sudo find / -xdev -type f -name 'onedrive' -executable 2>/dev/null -print0 \
| while IFS= read -r -d '' f; do
    echo "=== $f ==="
    "$f" --version 2>&1
    echo
done
[sudo] password for alex: 
=== /home/alex/Documents/onedrive/onedrive ===
onedrive v2.5.10

=== /home/alex/onedrive/onedrive ===
onedrive v2.5.10

=== /home/alex/.local/bin/onedrive ===
onedrive v2.5.10

alex@alex-noble:~$ onedrive --version
onedrive --display-config
which onedrive
type -a onedrive
onedrive v2.5.10

WARNING: Your cURL/libcurl version (8.5.0) has known HTTP/2 bugs that impact the use of this client.
         Please report this to your distribution, requesting an update to a newer cURL version, or consider upgrading it yourself for optimal stability.
         Downgrading all client operations to use HTTP/1.1 to ensure maximum operational stability.
         Please read https://github.com/abraunegg/onedrive/blob/master/docs/usage.md#compatibility-with-curl for more information.

Application version                          = onedrive v2.5.10
Compiled with                                = LDC 2106
Curl version                                 = libcurl/8.5.0 OpenSSL/3.0.13 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.2 (+libidn2/2.3.7) libssh/0.10.6/openssl/zlib nghttp2/1.59.0 librtmp/2.3 OpenLDAP/2.6.10
User Application Config path                 = /home/alex/.config/onedrive
System Application Config path               = /etc/onedrive
Applicable Application 'config' location     = /home/alex/.config/onedrive/config
Configuration file found in config location  = false - using application defaults
Applicable 'sync_list' location              = /home/alex/.config/onedrive/sync_list
Applicable 'items.sqlite3' location          = /home/alex/.config/onedrive/items.sqlite3
Config option 'drive_id'                     = 
Config option 'sync_dir'                     = ~/OneDrive
Config option 'use_intune_sso'               = false
Config option 'use_device_auth'              = false
Config option 'enable_logging'               = false
Config option 'log_dir'                      = /var/log/onedrive
Config option 'disable_notifications'        = false
Config option 'skip_dir'                     = 
Config option 'skip_dir_strict_match'        = false
Config option 'skip_file'                    = ~*|.~*|*.tmp|*.swp|*.partial
Config option 'skip_dotfiles'                = false
Config option 'skip_symlinks'                = false
Config option 'skip_size'                    = 0
Config option 'monitor_interval'             = 300
Config option 'monitor_log_frequency'        = 12
Config option 'monitor_fullscan_frequency'   = 12
Config option 'disable_websocket_support'    = false
Config option 'read_only_auth_scope'         = false
Config option 'dry_run'                      = false
Config option 'upload_only'                  = false
Config option 'download_only'                = false
Config option 'local_first'                  = false
Config option 'check_nosync'                 = false
Config option 'check_nomount'                = false
Config option 'resync'                       = false
Config option 'resync_auth'                  = false
Config option 'cleanup_local_files'          = false
Config option 'disable_permission_set'       = false
Config option 'transfer_order'               = default
Config option 'delay_inotify_processing'     = false
Config option 'inotify_delay'                = 5
Config option 'display_transfer_metrics'     = false
Config option 'force_session_upload'         = false
Config option 'file_fragment_size'           = 10
Config option 'classify_as_big_delete'       = 1000
Config option 'disable_upload_validation'    = false
Config option 'disable_download_validation'  = false
Config option 'bypass_data_preservation'     = false
Config option 'no_remote_delete'             = false
Config option 'remove_source_files'          = false
Config option 'sync_dir_permissions'         = 700
Config option 'sync_file_permissions'        = 600
Config option 'space_reservation'            = 52428800
Config option 'permanent_delete'             = false
Config option 'write_xattr_data'             = false
Config option 'create_new_file_version'      = false
Config option 'application_id'               = d50ca740-c83f-4d1b-b616-12c519384f0c
Config option 'azure_ad_endpoint'            = 
Config option 'azure_tenant_id'              = 
Config option 'user_agent'                   = ISV|abraunegg|OneDrive Client for Linux/v2.5.10
Config option 'force_http_11'                = true
Config option 'debug_https'                  = false
Config option 'rate_limit'                   = 0
Config option 'operation_timeout'            = 0
Config option 'dns_timeout'                  = 60
Config option 'connect_timeout'              = 10
Config option 'data_timeout'                 = 60
Config option 'ip_protocol_version'          = 0
Config option 'threads'                      = 8
Config option 'max_curl_idle'                = 120
Compile time option --enable-notifications   = false
Config option 'use_recycle_bin'              = false
Config option 'recycle_bin_path'             = /home/alex/.local/share/Trash/

Selective sync 'sync_list' configured        = false

Config option 'sync_business_shared_items'   = false

Config option 'webhook_enabled'              = false
/home/alex/.local/bin/onedrive
onedrive is /home/alex/.local/bin/onedrive

[abraunegg]

@alexsokolek2

Why do you have 3 copies of the client installed?

Your first action is to remove all of those and install the client in the correct manner for your platform.

If you are using Debian or Ubuntu or any distribution based on those you must install the client following these instructions: https://github.com/abraunegg/onedrive/blob/master/docs/ubuntu-package-install.md

All documentation is very clear on this.

Please take this corrective action immediately.

[alexsokolek2]

I don't have multiple copies of onedrive. Rather, I have build artifacts and a wrapper to attempt to resolve the http//1.0 issue. I built the client from source using the github repo. I think I'm OK there. Please continue with the troubleshooting of the failure to emit the redirect URI. (If you want me to blow away the current copies and reinstall, I can do that but I don't think it is necessary.)

[abraunegg]

I built the client from source using the github repo. I think I'm OK there.

I strongly advise you to use distribution provided packages, or if you are using Debian | Ubuntu use the OpenSuSE Build Service packages.

There is zero reason for you to manually build the client unless you have a bug that needs a bugfix before the next release.

You also have a 'curl' issue .. you must upgrade curl on your platform ... or use a better distribution. If you are using Debian, install curl and libcurl from Debian Backports. This is not possible for Ubuntu or those distributions based on Ubuntu.

[abraunegg]

@alexsokolek2
Once you have performed the following actions:

1. Installed the client in the correct manner for your platform
2. Updated 'curl' and 'libcurl' in the correct manner for your platform

please perform the following to assist you. For each command please provide the output.

Display any existing configuration

cat /home/alex/.config/onedrive/config

Force a logout

onedrive --display-running-config --logout

Force a re-authentication of the client

onedrive --display-running-config --reauth

When you run this command, your application output should be similar to the following:

Reading configuration file: /home/alex/.config/onedrive/config
Configuration file successfully loaded
WARNING: D-Bus message bus daemon is not available; GUI notifications are disabled
--------------- Application Runtime Configuration ---------------
Application version                          = onedrive v2.5.10-14-gd07fa1f
Compiled with                                = DMD 2091
Curl version                                 = libcurl/8.6.0 OpenSSL/3.2.4 zlib/1.2.11 brotli/1.1.0 libidn2/2.3.8 libpsl/0.21.5 libssh/0.10.6/openssl/zlib nghttp2/1.59.0 OpenLDAP/2.6.9
User Application Config path                 = /home/alex/.config/onedrive
System Application Config path               = /etc/onedrive
Applicable Application 'config' location     = /home/alex/.config/onedrive/config
Configuration file found in config location  = true - using 'config' file values to override application defaults
Applicable 'sync_list' location              = /home/alex/.config/onedrive/sync_list
Applicable 'items.sqlite3' location          = /home/alex/.config/onedrive/items.sqlite3
Config option 'drive_id'                     = 
Config option 'sync_dir'                     = ~/OneDrive
Config option 'use_intune_sso'               = false
Config option 'use_device_auth'              = false
Config option 'enable_logging'               = false
Config option 'log_dir'                      = /var/log/onedrive
Config option 'disable_notifications'        = false
Config option 'skip_dir'                     = 
Config option 'skip_dir_strict_match'        = false
Config option 'skip_file'                    = ~*|.~*|*.tmp|*.swp|*.partial
Config option 'skip_dotfiles'                = false
Config option 'skip_symlinks'                = false
Config option 'skip_size'                    = 0
Config option 'monitor_interval'             = 300
Config option 'monitor_log_frequency'        = 12
Config option 'monitor_fullscan_frequency'   = 12
Config option 'disable_websocket_support'    = false
Config option 'read_only_auth_scope'         = false
Config option 'dry_run'                      = false
Config option 'upload_only'                  = false
Config option 'download_only'                = false
Config option 'local_first'                  = false
Config option 'check_nosync'                 = false
Config option 'check_nomount'                = false
Config option 'resync'                       = false
Config option 'resync_auth'                  = false
Config option 'cleanup_local_files'          = false
Config option 'disable_permission_set'       = false
Config option 'transfer_order'               = default
Config option 'delay_inotify_processing'     = false
Config option 'inotify_delay'                = 5
Config option 'display_transfer_metrics'     = false
Config option 'force_session_upload'         = false
Config option 'file_fragment_size'           = 10
Config option 'classify_as_big_delete'       = 1000
Config option 'disable_upload_validation'    = false
Config option 'disable_download_validation'  = false
Config option 'bypass_data_preservation'     = false
Config option 'no_remote_delete'             = false
Config option 'remove_source_files'          = false
Config option 'sync_dir_permissions'         = 700
Config option 'sync_file_permissions'        = 600
Config option 'space_reservation'            = 52428800
Config option 'permanent_delete'             = false
Config option 'write_xattr_data'             = false
Config option 'create_new_file_version'      = false
Config option 'application_id'               = d50ca740-c83f-4d1b-b616-12c519384f0c
Config option 'azure_ad_endpoint'            = 
Config option 'azure_tenant_id'              = 
Config option 'user_agent'                   = ISV|abraunegg|OneDrive Client for Linux/v2.5.10-14-gd07fa1f
Config option 'force_http_11'                = false
Config option 'debug_https'                  = false
Config option 'rate_limit'                   = 0
Config option 'operation_timeout'            = 0
Config option 'dns_timeout'                  = 60
Config option 'connect_timeout'              = 10
Config option 'data_timeout'                 = 60
Config option 'ip_protocol_version'          = 0
Config option 'threads'                      = 2
Config option 'max_curl_idle'                = 120
Environment var 'XDG_RUNTIME_DIR'            = true
Environment var 'DBUS_SESSION_BUS_ADDRESS'   = true
Config option 'notify_file_actions'          = false
Config option 'use_recycle_bin'              = false
Config option 'recycle_bin_path'             = /home/alex/.local/share/Trash/

Selective sync 'sync_list' configured        = false

Config option 'sync_business_shared_items'   = false

Config option 'webhook_enabled'              = false

--------------------DEVELOPER_OPTIONS----------------------------
Config option 'force_children_scan'          = false
Config option 'monitor_max_loop'             = 0
Config option 'display_memory'               = false
Config option 'display_sync_options'         = false
Config option 'display_processing_time'      = false
-----------------------------------------------------------------

Deleting the saved authentication status ... re-authentication requested
Using IPv4 and IPv6 (if configured) for all network operations
Attempting to contact the Microsoft OneDrive Service
Successfully reached the Microsoft OneDrive Service
Configuring Global Azure AD Endpoints

Please authorise this application by visiting the following URL:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=d50ca740-c83f-4d1b-b616-12c519384f0c&scope=Files.ReadWrite%20Files.ReadWrite.All%20Sites.ReadWrite.All%20offline_access&response_type=code&prompt=login&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient

After completing the authorisation in your browser, copy the full redirect URI (from the address bar) and paste it below.

Paste redirect URI here:

Take the whole URL:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=d50ca740-c83f-4d1b-b616-12c519384f0c&scope=Files.ReadWrite%20Files.ReadWrite.All%20Sites.ReadWrite.All%20offline_access&response_type=code&prompt=login&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient

Paste this in a web browser. Follow the illustrations as documented here: https://github.com/abraunegg/onedrive/blob/master/docs/usage.md#interactive-authentication-using-oauth2-and-a-redirect-uri

When the redirect URI is returned, due to a Microsoft change, you have 3 seconds to copy this before pasting this back to the client prompt. This is all explained here: #3558

[alexsokolek2]

I am sorry, but I have decided to scrap the OneDrive Client for Linux project in favor of a different paradigm. I am now using rclone/onedrive as my cloud solution. There were several reasons for this decision, but the most visisble reasons were the instability of the client (OAuth/redirect) and your insistence on me using one method of building the client (package/backport). I spent quite a lot of time working on this project and I like to think that I had things well in hand building from source.

In fact, your implication that libcurl was the problem was particularly annoying as I was quite confident that I had a stable build system in place. You assumed that I did not know what I was doing, and, as a result, you missed the point that I had done quite a bit of troubleshooting in an effort to remidiate the problems.

Right now, I am very pleased with rclone/onedrive, and I anticipate a long term relationship with that system. I wish you well in your efforts.

Alex Sokolek

[abraunegg]

Thanks for the update, and no problem – if rclone is meeting your needs, that’s a perfectly reasonable choice.

Just to clarify for anyone else reading this thread:

• Both this client and rclone use the same Microsoft OAuth 2.0 endpoints. The difference is how the redirect is handled locally:
  • this client uses a manual copy/paste of the final redirect URL
  • rclone typically runs a local loopback listener (127.0.0.1) to capture the redirect automatically. As such, issues with the redirect step are usually influenced by the browser environment (extensions, URL handling, timing), rather than differences in the underlying authentication flow
• Device authentication is configuration-driven and depends on the account type (personal vs work/school), as Microsoft restricts which flows are permitted
• When features appear to be “missing”, this is almost always due to multiple installed binaries or an unexpected build/runtime mismatch

The reason I was asking for specific diagnostics (binary discovery, version output, config) and recommending known-good packaging is simply to reduce variables and make issues reproducible. Without that, it’s very difficult to isolate whether a problem is in the client, the build, or the surrounding environment.

That said, if you decide to revisit this in the future, feel free to open a new discussion with the requested diagnostic output and I’m happy to help work through it.

All the best with your setup.