How to Sync Google Drive with OneDrive using rclone
I want to sync some folders in my Google Drive (primary cloud storage) with my Microsoft OneDrive so that I can have a backup of critical files. I will be using rclone for this as it is free and I am already using rclone for other sync operations. I am using Google Drive and OneDrive personal accounts, not business accounts.
My rclone is running on a headless Linux server, meaning that server has no web browser. This tutorial will cover how to get around it.
We will be setting up our own Microsoft and Google client IDs for security reasons. You can use rclone’s if you want; it will make setup so much easier. But if you are security conscious, need to transfer tons of files, or want to learn more about OAuth and Delegated permissions and all that, then create your own.
Lastly, always secure the device running rclone as it contains your client IDs and secrets, as well as OAuth tokens!
Important URLs
| OneDrive rclone setup | https://rclone.org/onedrive/ |
| Google Drive rclone setup | https://rclone.org/drive/ and https://rclone.org/drive/#making-your-own-client-id |
OneDrive Configuration
We will do the OneDrive configuration first, test it, and then do the Google Drive configuration. We will create our own client ID in Azure so that we don’t use the shared rclone client ID. Even though rclone’s ID has a high rate limit and shoud suffice, using our own client ID is more secure.
Step 1: Create an Azure App Registration
We need to set up an Azure App Registration in https://portal.azure.com (Azure Portal). You don’t have to provide a credit card or anything like that. If you dont have an Azure account, you will land on a page looking like this one. Just select Microsoft Entra ID.
Then select App Registrations in the left menu and click on New Registration.
Make sure to choose the options as per the below, otherwise once you need to authorize (way down below) you will get an error such as the below: “Description: No code returned by remote server: invalid_request: The request is not valid for the application’s ‘userAudience’ configuration. In order to use /common/ endpoint, the application must not be configured with ‘Consumer’ as the user audience. The userAudience should be configured with ‘All’ to use /common/ endpoint.”
Then click on Register at the bottom of the page.
One the App Registration is created, you can copy the Application ID (client ID) so long, and then click on “Certificates and Secrets”.
Create a new client secret and set the expiration to 24 months (or shorter if you want to). You will have to generate a new client secret every 24 months.
Once you save the config, the secret will be displayed. Copy it somewhere because it won’t be visible for long.
Step 2: Add permissions to this App Registration
Now that we have our App Registration, we need to add permissions to it so that it can read and write from OneDrive.
A new window will open to the left; select Microsoft Graph from this window. Microsoft Graph allows access to OneDrive, Sharepoint, etc.
Click Microsoft Graph and make sure to select “Delegated Permissions”.
What are Delegated Permissions?
When we later configure rclone and provide it with the Application (Client) ID and secret, it will ask you to sign in with your Outlook.com account. Here you must sign in with the account whose OneDrive you want to sync to.
Because the app is using delegated permissions, the App Registration itself does not have access to your OneDrive. Instead, once you sign in, the app receives a token that allows it to “do things as you”, but only within the limits of the permissions (scopes) we will be adding now and only for the user who signed in.
So if you sign in with [email protected], rclone can only access that account’s OneDrive, not anyone else’s.
What permissions should I add?
Right below Delegated Permissions as in the screenshot above, there is a textbox “Select permissions” where you can search for permissions. Make sure you have all these permissions selected.
Step 3: Rclone config
Enter “rclone config” and then follow the prompts in my screenshots.
When asked for a number, look for “Microsoft OneDrive” in the list and enter that number. The numbers might change, so always check the list.
Now enter your client ID and client secret. Select No for advanced config, and very important, select No for auto config.
Selecting No for auto config will give further instructions of what to do. Remember I don’t have a browser on this server, so I need to install rclone on a PC with a browser, and follow the instructions in the red block.
Once you’ve copied that “rclone authorize “onedrive” “TOKEN_HERE”” command into a terminal on a Windows or Linux machine with a browser, you will have to choose the Microsoft account you want to sign in with. You will see the permissions it is requesting as displayed below.
Note the green box, that is why we chose “offline access” when we added the API permissions so that rclone can continue to work even through we are not signed in with this outlook account.
Once you Accept the access, the rclone terminal on your PC with the browser will display this long token.
Note the green arrow below, that is the Redirect URI we provided to our App Registration.
Once you’ve pasted that long token into your headless rclone terminal, just select “OneDrive Personal or Business” every time it asks you.
Step 4: Test the rclone remote
To test your remote, enter the command “rclone ls “remote-onedrive:/test“
If the /test folder exists, it will show all the files in that folder.
Take note if you try to run “rclone ls “remote-onedrive”” (listing all files in the root of your OneDrive) you might get an error about access to the the “Personal Vault” being denied. Just ignore that error.
To copy a file from local to your onedrive remote, use this command:
rclone copy somefile "remote-onedrive:/testfile"This will create a folder called “testfile” and put the file “somefile” in there.
Google Drive Configuration
Now we will do the Google Drive configuration, test it, and then string both configs together. We will again create our own client ID just like we did for OneDrive.
Step 1: Create a Google Drive Project and App
Go to https://console.developers.google.com/
Create a new project by checking the screenshot below.
Now select your new project and click on “Enable APIs and Services”.
And select Google Drive API and enable it when asked.
Now click on Credentials.
Click the Configure Consent Screen button.
Now follow the prompts as per the below. You can use our own Gmail account as support and contact emails when asked.
Go through the rest of the options and click save.
Step 2: Add permissions (scopes)
Now that our app is created, lets add scopes (permissions) to it.
Add these scopes (and be sure to tick the tickbox) then click on Update:
- https://www.googleapis.com/auth/docs
- https://www.googleapis.com/auth/drive
- https://www.googleapis.com/auth/drive.metadata.readonly
Your scopes must look like this when you are done. Click on Save.
Under Audience, add your own email address as a test user.
Step 3: Create Client ID
Now click on Credentials on the left side again and add an OAuth Client ID.
Select Desktop App and give it a name.
When you click on Create a new window will pop up with the Client ID and Client Secret. But you can get these details again under the Credentials tab and the OAuth 2.0 Client IDs.
Now go back to Audience and Publish your App. You dont have to submit it to Google for verification. You will get a weird security message when you use this app without submitting it for verification, but you can ignore that.
Keeping your app in Testing mode will most likely expire your grants after a week which is annoying.
Step 4: Rclone Config
We are now ready to set up rclone. Just run “rclone config” again and follow exactly the same prompts as we did for OneDrive. Make sure to select the “Google Drive” storage option. Mine was number 22.
Rclone will ask you for your client ID and client Secret. When rclone asks you for a “service account” file, don’t provide anything.
Select option 1 when asked about scopes.
Remember to select “N” here so that rclone can provide you with the “rclone authorize” command that you can run on your PC that has a browser.
You will see this error message because we have not verified our app yet. But just ignore it, we are the only ones that will be using our app.
Once you’ve given permission, rclone on your PC with the browser will give you a token again. Paste it on your remote Linux server again, just like we did for OneDrive.
Step 5: Test rclone remote
Now run some commands to see if any files are returned:
rclone ls "remote-google-drive-personal:"And see if you can copy a file to your Google Drive:
rclone copy testfile "remote-google-drive-personal:"
Full rclone command
rclone sync "remote-google-drive-personal:rsync test" \
"remote-onedrive-personal:Personal Google Drive Sync/rsync test" \
--transfers 2 \
--tpslimit 10 \
--low-level-retries 3 \
--retries 2 \
--retries-sleep 2m \
--progressRemember that rclone won’t sync the folder AND contents from source, it syncs ONLY the folder contents. So if yo want to preseve the folder name on the destination, you need to explicity add it (the text in red).
Here is what the arguments mean:
- –low-level-retries: how many times to retry the underlying API call.
- –retries: how many times to retry the entire sync operation.
- –tpslimit: the transactions per second limit.
- –transfers: the number of simultaneous transfers. You can make this 1 if you are worried about rate limiting.
- –progress: shows you what files it is transferring, how far it is, etc.
