OneDrive grants an “access token” which is valid for one hour. The refresh token is then sent to OneDrive together with the “app secret”. When a backup starts, Duplicati sends the authid token to the service, which decrypts the refresh token in-memory. Duplicati then generates a random authid token, which is used to encrypt the refresh token and CID inside the service. When Duplicati sends the “app secret” to OneDrive, it responds with a unique numeric Windows Live user id (CID), and a “refresh token”. This means, putting the app secret into the Duplicati application is a no-go. Leaking this “app secret” would allow an attacker to impersonate Duplicati. This secret cannot be shared with anyone, so it stays entirely in the Duplicati service. That is why OneDrive needs an “app secret” that identifies the application. The token grants Duplicati access for a limited amount of time.įurthermore, OneDrive allows users to block an application entirely. When this happens, an exchange is performed in the background where Duplicati and OneDrive exchange tokens. The users accept this and they are redirected back to the Duplicati page. After the users log in, OneDrive displays the desired access and the application name. There users find a link which redirects to the OneDrive login page. With OAuth, the users start on a Duplicati page to set up a new connection. It is a bit difficult to explain how the service is working in details. This service does neither store your OneDrive username nor your password. The service handles the requirements for the OAuth login, and then uses this service to grant Duplicati access to the stored data. To remedy this, we provide a service for Duplicati 2.0 users. This is not well suited for background services such as Duplicati which require to get access permissions regularly without the users being prompted to login. OAuth is designed to grant access for a limited amount of time after users have authenticated correctly. Unfortunately, OneDrive and other services are designed to work with OAuth. This gets even more important when the command line interface is used to run backup scripts automatically and unattended. This usually means that there is no way to prompt users for input easily. Please note when restoring the data you will want to remove :ro on the source volume otherwise it will be read only.Duplicati is a backup tool running in the background. If errors do occur this is probably due to file permissions. Press Run now and hope it runs without errors. You are safe to save this and finish the setup. Once a day is recommended but feel free to adjust this. The source directory should contain the data you want to backup. Select the storage type and enter your credentials. Set a password for the WebUI, to prevent unauthorised access.Ĭonfigure a Name and Encryption Password (Make sure you save this) for your backup. Please change the volume locations and potentially the IP. Sudo nano docker-compose.yaml version: "2.1" Use the following docker compose template:.Make a duplicati directory to place the docker-compose file within:.This will be using Ubuntu 20.04 with Docker Compose but it should work on other distributions without issues. Duplicati is an Open Source backup client that can run encrypted incremental backups to local storage or offsite with support for a large array of different file transfer protocols.
0 Comments
Leave a Reply. |