Reply to post: Re: Moving keys from source to a server won't fix the problem

Amazon Drive bans rclone storage client

Stephen W Harris

Re: Moving keys from source to a server won't fix the problem

The typical way the authentication service works is that the _service_ makes a call to the Amazon API and retrieves a token; that token is passed back to the client. The client uses the token to talk to the API. When the token expires (1 hour later) the client talks, again, to the authentication service and requests a refreshed token.

In this way the client API ID and secret are never exposed to the end user... but it means there are some risks:

1) @ncw doesn't abuse the authentication service and steals tokens :-)

2) Someone else doesn't compromise the service and steals tokens

3) @ncw has to commit to keeping the service running forever and ever (once the authentication service goes down then rclone will no longer work).

The alternative approach of passing the ID/secret to the client at "first run" prevents these risks _but_ effectively means they are no longer secret (as mentioned; add a print statement) and will be leaked, and Amazon will eventually ban them again.

As @ncw says, the google approach of allowing each user to generate and use their own ID/secret is much better.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon