OAuth Server
This page describes the OAuth login used by some providers
Last updated
Was this helpful?
This page describes the OAuth login used by some providers
Last updated
Was this helpful?
that allows applications to securely admit third-party access from legitimate users without exposing details, such as real name, passwords, etc.
Many large providers only allow access with OAuth, requiring the user to authenticate that Duplicati may access their resources on their behalf. This generally works by initiating a login request, then redirecting the web browser to the login page, and then delivering a secure access token to Duplicati.
For web-based applications, this is a very smooth process, but for a tool such as Duplicati that needs to run, even when there is no browser or UI available, it is not an ideal solution. The workaround developed for Duplicati is to pre-authenticate with a long-lived token from a place where there is a browser available. Once the token is created, it is returned to the user in the form of an AuthID
string.
This AuthID can then be used by Duplicati to access resources on the users behalf, acting as a kind of API key. Further details on how the OAuth server works is described in the .
Duplicati has a hosted service that can be used to get access to a variety of different storage providers. It is hosted on and the .
This service is the default as it is the most convenient for most users. To generate a token, simply visit:
Click the button for your prefered provider, complete the login, and obtain the AuthID, that you can then use on another machine as needed.
If you are using the UI, you can click the AuthID
label/link to start the process. Once you complete it, the UI will automatically fill in the ID, no interaction required.
If you want to remove access, you can either revoke a specific AuthID at the same place where you created it, using the . You can also go to the provider, say Dropbox or OneDrive, and remove the authorization for Duplicati, which will immediately revoke all tokens issued for your account.
If you prefer to manage the full cycle and not send tokens into a provider not under your control, you can use the . The server is Docker enabled and also available as a .
Refer to the for how to configure it. Before you can use the server, you need to obtain a Client ID and Client Secret for the provider you want to support. Refer to the default providers file to see the links to each service, or consult your service provider for details on how to obtain these values.
After you have set up the server, use the option --oauth-url=<local server url>
to configure Duplicati to use another server to authenticate with.