I am using OneDrive api to upload files in my Ruby on Rails application and OneDrive API started giving the unauthenticated error on uploading file using the endpoint /drive/root:/#{filename}:/content. The error is given below:
{"error"=>{"code"=>"unauthenticated", "message"=>"Must be authenticated to use '/drive' syntax"}}
Then I got a new refresh_token by following the OneDrive Docs using scope files.readwrite offline_access.
For OneDrive authentication, I am sending POST request to the endpoint https://login.microsoftonline.com/common/oauth2/v2.0/token to get access_token using the refresh_token with the following headers and body:
headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
body = {
'client_id' => "<Client ID>",
'grant_type' => "refresh_token",
'redirect_uri' => "<Redirect URI>",
'client_secret' => "<Client Secret>",
'refresh_token' => "<Refresh Token>",
}
Am I using the correct endpoint to get access_token from refresh_token?
The base uri I am using to upload files to OneDrive is https://api.onedrive.com/v1.0
Can anyone please help me why I am I getting unauthenticated error or how can I use '/drive' syntax for authentication?
Thanks in advance!
Solved:
In my case, I was using "Code flow" for the Authentication and using the following url to get code in parameter:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=CLIENT_ID&scope=files.readwrite offline_access&response_type=code&redirect_uri=REDIRECT_URI
Visiting the above url opened the redirect url with a long code parameter which I was using to get access_token and refresh_token but that access_token was not working on uploading files to OneDrive and retuning "unauthenticated" error mentioned in question.
After doing research, I found that the url I am using to get code for OneDrive authentication is for Microsoft Graph. The correct url for Microsoft Account is given below:
https://login.live.com/oauth20_authorize.srf?client_id=CLIENT_ID&scope=onedrive.readwrite offline_access&response_type=code&redirect_uri=REDIRECT_URI
Visiting the above url in browser redirected me to the page with code parameter as well but it was small code like K9vb4e786-afg6-1a3b-1234-12abc01234ca.
I used this code to get access_token and refresh_token using the below POST request:
body = {
client_id: "CLIENT_ID",
redirect_uri: "REDIRECT_URI",
client_secret: "CLIENT_SECRET",
code: "CODE",
grant_type: "authorization_code"
}
headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
r=HTTParty.post('https://login.live.com/oauth20_token.srf', headers: headers, body: body)
This request returned access_token and refresh_token in response. I used this refresh_token to get an access_token in each request and file uploaded successfully.
Conclusion: I was using Microsoft Graph authentication process ie, https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/graph-oauth which was incorrect. Then I followed Microsoft Account authentication ie, https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/msa-oauth which resolved the issue.
Update:
Later I used my Office-365 business account for OneDrive file uploading. For this account, OneDrive authentication process is different ie, https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/aad-oauth and it worked.