mirror of
https://github.com/abraunegg/onedrive
synced 2024-05-07 16:26:40 +02:00
Allow config to specify a tenant id for non-multi-tenant applications (#1085)
* Allow config to specify a tenant id for non-multi-tenant applications * Add instructions on how to find your O365 tenant identifier for National Cloud deployments. Co-authored-by: Ryan Brown <ryan.brown@avarint.com> Co-authored-by: abraunegg <alex.braunegg@gmail.com>
This commit is contained in:
parent
098d6c44e2
commit
2f35a33f4f
1
config
1
config
|
@ -38,4 +38,5 @@
|
||||||
# resync = "false"
|
# resync = "false"
|
||||||
# bypass_data_preservation = "false"
|
# bypass_data_preservation = "false"
|
||||||
# azure_ad_endpoint = ""
|
# azure_ad_endpoint = ""
|
||||||
|
# azure_tenant_id = "common"
|
||||||
# sync_business_shared_folders = "false"
|
# sync_business_shared_folders = "false"
|
||||||
|
|
|
@ -298,6 +298,7 @@ The default configuration file is listed below:
|
||||||
# resync = "false"
|
# resync = "false"
|
||||||
# bypass_data_preservation = "false"
|
# bypass_data_preservation = "false"
|
||||||
# azure_ad_endpoint = ""
|
# azure_ad_endpoint = ""
|
||||||
|
# azure_tenant_id = "common"
|
||||||
# sync_business_shared_folders = "false"
|
# sync_business_shared_folders = "false"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -51,6 +51,11 @@ A valid entry for the response URI should be one of:
|
||||||
* https://login.microsoftonline.de/common/oauth2/nativeclient (Microsoft Cloud Germany)
|
* https://login.microsoftonline.de/common/oauth2/nativeclient (Microsoft Cloud Germany)
|
||||||
* https://login.chinacloudapi.cn/common/oauth2/nativeclient (Azure and Office 365 operated by 21Vianet in China)
|
* https://login.chinacloudapi.cn/common/oauth2/nativeclient (Azure and Office 365 operated by 21Vianet in China)
|
||||||
|
|
||||||
|
For a single-tenant application, it may be necessary to use your specific tenant id instead of "common":
|
||||||
|
* https://login.microsoftonline.us/example.onmicrosoft.us/oauth2/nativeclient (Microsoft Cloud for US Government)
|
||||||
|
* https://login.microsoftonline.de/example.onmicrosoft.de/oauth2/nativeclient (Microsoft Cloud Germany)
|
||||||
|
* https://login.chinacloudapi.cn/example.onmicrosoft.cn/oauth2/nativeclient (Azure and Office 365 operated by 21Vianet in China)
|
||||||
|
|
||||||
## Step 4: Configure the onedrive client to use new application registration
|
## Step 4: Configure the onedrive client to use new application registration
|
||||||
Update to your 'onedrive' configuration file (`~/.config/onedrive/config`) the following:
|
Update to your 'onedrive' configuration file (`~/.config/onedrive/config`) the following:
|
||||||
```text
|
```text
|
||||||
|
@ -64,7 +69,7 @@ This will reconfigure the client to use the new application registration you hav
|
||||||
application_id = "22c49a0d-d21c-4792-aed1-8f163c982546"
|
application_id = "22c49a0d-d21c-4792-aed1-8f163c982546"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Step 5: Confgure the onedrive client to use the specific Microsoft Azure deployment
|
## Step 5: Configure the onedrive client to use the specific Microsoft Azure deployment
|
||||||
Update to your 'onedrive' configuration file (`~/.config/onedrive/config`) the following:
|
Update to your 'onedrive' configuration file (`~/.config/onedrive/config`) the following:
|
||||||
```text
|
```text
|
||||||
azure_ad_endpoint = "insert valid entry here"
|
azure_ad_endpoint = "insert valid entry here"
|
||||||
|
@ -83,6 +88,23 @@ This will configure your client to use the correct Azure AD and Graph endpoints
|
||||||
azure_ad_endpoint = "USL4"
|
azure_ad_endpoint = "USL4"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If the Microsoft Azure deployment does not support multi-tenant applications, update to your 'onedrive' configuration file (`~/.config/onedrive/config`) the following:
|
||||||
|
```text
|
||||||
|
azure_tenant_id = "insert valid entry here"
|
||||||
|
```
|
||||||
|
|
||||||
|
This will configure your client to use the specified tenant id in its Azure AD and Graph endpoint URIs, instead of "common".
|
||||||
|
The tenant id may be the GUID Directory ID (formatted "00000000-0000-0000-0000-000000000000"), or the fully qualified tenant name (e.g. "example.onmicrosoft.us").
|
||||||
|
The GUID Directory ID may be located in the Azure administation page as per [https://docs.microsoft.com/en-us/onedrive/find-your-office-365-tenant-id](https://docs.microsoft.com/en-us/onedrive/find-your-office-365-tenant-id). Note that you may need to go to your national-deployment-specific administration page, rather than following the links within that document.
|
||||||
|
The tenant name may be obtained by following the PowerShell instructions on [https://docs.microsoft.com/en-us/onedrive/find-your-office-365-tenant-id](https://docs.microsoft.com/en-us/onedrive/find-your-office-365-tenant-id); it is shown as the "TenantDomain" upon completion of the "Connect-AzureAD" command.
|
||||||
|
|
||||||
|
**Example:**
|
||||||
|
```text
|
||||||
|
azure_tenant_id = "example.onmicrosoft.us"
|
||||||
|
# or
|
||||||
|
azure_tenant_id = "0c4be462-a1ab-499b-99e0-da08ce52a2cc"
|
||||||
|
```
|
||||||
|
|
||||||
## Step 6: Authenticate the client
|
## Step 6: Authenticate the client
|
||||||
Run the application without any additional command switches.
|
Run the application without any additional command switches.
|
||||||
|
|
||||||
|
|
|
@ -102,6 +102,8 @@ final class Config
|
||||||
// AD Endpoint: https://login.chinacloudapi.cn
|
// AD Endpoint: https://login.chinacloudapi.cn
|
||||||
// Graph Endpoint: https://microsoftgraph.chinacloudapi.cn
|
// Graph Endpoint: https://microsoftgraph.chinacloudapi.cn
|
||||||
stringValues["azure_ad_endpoint"] = "";
|
stringValues["azure_ad_endpoint"] = "";
|
||||||
|
// Support single-tenant applications that are not able to use the "common" multiplexer
|
||||||
|
stringValues["azure_tenant_id"] = "common";
|
||||||
// Allow enable / disable of the syncing of OneDrive Business Shared Folders via configuration file
|
// Allow enable / disable of the syncing of OneDrive Business Shared Folders via configuration file
|
||||||
boolValues["sync_business_shared_folders"] = false;
|
boolValues["sync_business_shared_folders"] = false;
|
||||||
|
|
||||||
|
|
|
@ -138,6 +138,14 @@ final class OneDriveApi
|
||||||
.debugResponse = true;
|
.debugResponse = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Configure tenant id value, if 'azure_tenant_id' is configured,
|
||||||
|
// otherwise use the "common" multiplexer
|
||||||
|
string tenantId = "common";
|
||||||
|
if (cfg.getValueString("azure_tenant_id") != "") {
|
||||||
|
// Use the value entered by the user
|
||||||
|
tenantId = cfg.getValueString("azure_tenant_id");
|
||||||
|
}
|
||||||
|
|
||||||
// Configure Azure AD endpoints if 'azure_ad_endpoint' is configured
|
// Configure Azure AD endpoints if 'azure_ad_endpoint' is configured
|
||||||
string azureConfigValue = cfg.getValueString("azure_ad_endpoint");
|
string azureConfigValue = cfg.getValueString("azure_ad_endpoint");
|
||||||
switch(azureConfigValue) {
|
switch(azureConfigValue) {
|
||||||
|
@ -147,9 +155,9 @@ final class OneDriveApi
|
||||||
case "USL4":
|
case "USL4":
|
||||||
log.log("Configuring Azure AD for US Government Endpoints");
|
log.log("Configuring Azure AD for US Government Endpoints");
|
||||||
// Authentication
|
// Authentication
|
||||||
authUrl = usl4AuthEndpoint ~ "/common/oauth2/v2.0/authorize";
|
authUrl = usl4AuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/v2.0/authorize";
|
||||||
redirectUrl = usl4AuthEndpoint ~ "/common/oauth2/nativeclient";
|
redirectUrl = usl4AuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/nativeclient";
|
||||||
tokenUrl = usl4AuthEndpoint ~ "/common/oauth2/v2.0/token";
|
tokenUrl = usl4AuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/v2.0/token";
|
||||||
// Drive Queries
|
// Drive Queries
|
||||||
driveUrl = usl4GraphEndpoint ~ "/v1.0/me/drive";
|
driveUrl = usl4GraphEndpoint ~ "/v1.0/me/drive";
|
||||||
driveByIdUrl = usl4GraphEndpoint ~ "/v1.0/drives/";
|
driveByIdUrl = usl4GraphEndpoint ~ "/v1.0/drives/";
|
||||||
|
@ -165,9 +173,9 @@ final class OneDriveApi
|
||||||
case "USL5":
|
case "USL5":
|
||||||
log.log("Configuring Azure AD for US Government Endpoints (DOD)");
|
log.log("Configuring Azure AD for US Government Endpoints (DOD)");
|
||||||
// Authentication
|
// Authentication
|
||||||
authUrl = usl5AuthEndpoint ~ "/common/oauth2/v2.0/authorize";
|
authUrl = usl5AuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/v2.0/authorize";
|
||||||
redirectUrl = usl5AuthEndpoint ~ "/common/oauth2/nativeclient";
|
redirectUrl = usl5AuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/nativeclient";
|
||||||
tokenUrl = usl5AuthEndpoint ~ "/common/oauth2/v2.0/token";
|
tokenUrl = usl5AuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/v2.0/token";
|
||||||
// Drive Queries
|
// Drive Queries
|
||||||
driveUrl = usl5GraphEndpoint ~ "/v1.0/me/drive";
|
driveUrl = usl5GraphEndpoint ~ "/v1.0/me/drive";
|
||||||
driveByIdUrl = usl5GraphEndpoint ~ "/v1.0/drives/";
|
driveByIdUrl = usl5GraphEndpoint ~ "/v1.0/drives/";
|
||||||
|
@ -183,9 +191,9 @@ final class OneDriveApi
|
||||||
case "DE":
|
case "DE":
|
||||||
log.log("Configuring Azure AD Germany");
|
log.log("Configuring Azure AD Germany");
|
||||||
// Authentication
|
// Authentication
|
||||||
authUrl = deAuthEndpoint ~ "/common/oauth2/v2.0/authorize";
|
authUrl = deAuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/v2.0/authorize";
|
||||||
redirectUrl = deAuthEndpoint ~ "/common/oauth2/nativeclient";
|
redirectUrl = deAuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/nativeclient";
|
||||||
tokenUrl = deAuthEndpoint ~ "/common/oauth2/v2.0/token";
|
tokenUrl = deAuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/v2.0/token";
|
||||||
// Drive Queries
|
// Drive Queries
|
||||||
driveUrl = deGraphEndpoint ~ "/v1.0/me/drive";
|
driveUrl = deGraphEndpoint ~ "/v1.0/me/drive";
|
||||||
driveByIdUrl = deGraphEndpoint ~ "/v1.0/drives/";
|
driveByIdUrl = deGraphEndpoint ~ "/v1.0/drives/";
|
||||||
|
@ -201,9 +209,9 @@ final class OneDriveApi
|
||||||
case "CN":
|
case "CN":
|
||||||
log.log("Configuring AD China operated by 21Vianet");
|
log.log("Configuring AD China operated by 21Vianet");
|
||||||
// Authentication
|
// Authentication
|
||||||
authUrl = cnAuthEndpoint ~ "/common/oauth2/v2.0/authorize";
|
authUrl = cnAuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/v2.0/authorize";
|
||||||
redirectUrl = cnAuthEndpoint ~ "/common/oauth2/nativeclient";
|
redirectUrl = cnAuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/nativeclient";
|
||||||
tokenUrl = cnAuthEndpoint ~ "/common/oauth2/v2.0/token";
|
tokenUrl = cnAuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/v2.0/token";
|
||||||
// Drive Queries
|
// Drive Queries
|
||||||
driveUrl = cnGraphEndpoint ~ "/v1.0/me/drive";
|
driveUrl = cnGraphEndpoint ~ "/v1.0/me/drive";
|
||||||
driveByIdUrl = cnGraphEndpoint ~ "/v1.0/drives/";
|
driveByIdUrl = cnGraphEndpoint ~ "/v1.0/drives/";
|
||||||
|
|
|
@ -1245,7 +1245,7 @@ final class SyncEngine
|
||||||
long deltaChanges = 0;
|
long deltaChanges = 0;
|
||||||
|
|
||||||
// What query do we use?
|
// What query do we use?
|
||||||
// National Cloud Deployments (US and DE) do not support /delta as a query
|
// Some National Cloud Deployments (US and DE) do not support /delta as a query
|
||||||
// https://docs.microsoft.com/en-us/graph/deployments#supported-features
|
// https://docs.microsoft.com/en-us/graph/deployments#supported-features
|
||||||
// Are we running against a National Cloud Deployments that does not support /delta
|
// Are we running against a National Cloud Deployments that does not support /delta
|
||||||
if ((nationalCloudDeployment) || ((driveId!= defaultDriveId) && (syncBusinessFolders))) {
|
if ((nationalCloudDeployment) || ((driveId!= defaultDriveId) && (syncBusinessFolders))) {
|
||||||
|
@ -5914,4 +5914,4 @@ final class SyncEngine
|
||||||
log.error("ERROR: onedrive.getSharedWithMe call returned an invalid JSON Object");
|
log.error("ERROR: onedrive.getSharedWithMe call returned an invalid JSON Object");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue