Backup to Google Drive in FreeNAS with OAuth

UPDATE:

As of 11.3U1, this appears to be unnecessary as FreeNAS now has it’s own public-facing API that it uses. This is an added convenience, but they will have to do a lot to keep up with requesting API limit increases or performance and reliability will suffer greatly.

I’ll leave this for posterity. If you are using rclone manually, you’ll still want to follow the API OAuth procedure.


Most of the instructions I’ve seen on how to do this are not explicit enough, and I’ve found that it is easy to get lost in the Google API interface. Here is my step-by-step for creating OAuth credentials so FreeNAS can reliably sync to Google Drive.

Note that this is necessary for rclone (the underlying tool that syncs to cloud accounts) to sync reliably. Without it, rclone can quietly fail to copy all files.

This process will also work if you are using rclone manually.

Create a Project

Navigate to https://console.developers.google.com/

Click Select a Project (if you already have projects, this will be the name of one of your projects)

Click New Project

Type unique name under Project name

Click Create

Enable Google Drive API

Click + ENABLE APIS AND SERVICES

Type drive in Search for APIs & Services

Click Google Drive API

Click ENABLE

Generate OAuth Credentials

Navigate back to API home page by clicking Google APIs (top left)

Click Credentials (left)

Click CONFIGURE CONSENT SCREEN

Select Internal

Click Create

Type rclone under Application name (or whatever you want)

Set Support email to your address (or whatever you want)

Click Save

Click Create credentials

Click OAuth client ID

Click Other

Type rclone under Name (or whatever you want)

Save your client ID to your password manager

Save your client secret to your password manager

Add Credentials to FreeNAS

Navigate to your FreeNAS web UI

Navigate to System > Cloud Credentials

Type a descriptive name under Name

Select Google Drive under Provider

Paste your client ID under OAuth client ID

Paste your client secret under OAuth Client Secret

Click Authenticate

A popup window should appear

Click Proceed

Select your account (if prompted)

Click Allow

Access Token should populate automatically

Click Save

Next Steps

You can now configure cloud backups under Tasks > Cloud Sync Tasks

To monitor Traffic, Errors and Latency, navigate to https://console.developers.google.com

Select your project in the dropdown menu to the right of Google APIs (top left)

4 Likes

First…thank you for taking the time to post this level of detail. It’s what I needed.

Secondly, I was hoping I could use my own custom credentials as I’m getting rate limited already - either by placing them in the FreeNAS GUI (doesn’t appear to be possible with 11.3U2) or by SSH’ing into the server and manually editing a file.

Is that possible? If so, where would it be saving the configuration to and would it survive a reboot?

Thanks

1 Like

They took it away and now it only uses their API credentials. It’s definitely a bummer.

I don’t think you can manually edit the rclone config.

Changes: I had some token expirity problems, but figured what the problem was - here is the workaround

I was able to use rclone with OAuth with the following instructions
(remove the * if there are in the Links):

1. Change project-access to internal

  1. Sign-in to “Google Cloud Console”: *(https://console.cloud.google.com)
  2. Select the project ID: RClone (id: <>)
  3. Go to OAuth Consent Screen under APIs & Services
  4. Go to User Type
  5. Select Make Internal
  6. Click Save

You also need to associate your project with your organization by following the steps below:

  1. Create an Organization by following the “Quickstart Using Organizations” instructions:
    (https://cloud.google*.com/resource-manager/docs/quickstart-organizations)
  2. Migrate the project into the organization you created as shown in “Migrating Existing Projects into the Organization”:
    (https://cloud.google*.com/resource-manager/docs/migrating-projects-billing).

Users in your organization can now use the app to directly access “OAuth scopes”:
(https://developers.google*.com/identity/protocols/googlescopes)
without any verification steps.

2. Login into Free-/TrueNAS

  1. Klick on LOGIN TO PROVIDER and fill in your Credentials as normal
  2. Now fill in the OAuth Client ID and OAuth Client Secret fields from your Project but let the token as it is!

3. Verify and Save

Click on VERIFY CREDENTIAL and confirm with SAVE.

(successfully tested on TrueNAS-12.0-U3)