You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 1, 2025. It is now read-only.
Copy file name to clipboardExpand all lines: Faq.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,25 +28,25 @@ When triggering a save (ctrl+s) or opening a KeePass database, the plugin will a
28
28
29
29
### With Microsoft Graph API support having been added in v2.0, should I switch my current OneDrive Personal / OneDrive for Business syncs to use that instead? ###
30
30
31
-
You don't need to. The OneDrive API will stay supported for the foreseeable future. You can though. There's no real reason to do so.
31
+
Yes, you should. The OneDrive for Business option on the Other tab will stop working on November 5, 2019 or soon thereafter. The OneDrive option on the Other tab will remain working for the foreseeable future but will be deprecated by Microsoft at some point. The Microosft Graph options are the way forward. With the addition of the device ID login in version 2.1.0.0 there should be no reason anymore not to use the Microsoft Graph options.
32
32
33
33
### I want to switch from using the OneDrive API to using the Graph API, how do I do this? ###
34
34
35
-
Just go into the KeePass -> Tools -> OneDriveSync Options and delete the line(s) of the KeePass databases you wish to reconnect to a cloud storage provider. Once you open the database again and save it (CTRL+S), the wizard will pop up again allowing you to set up the syncrhonization. Just choose Graph API and follow the steps.
35
+
Just go into the KeePass -> Tools -> OneDriveSync Options and delete the line(s) of the KeePass databases you wish to reconnect to a cloud storage provider. Once you open the database again and save it (CTRL+S), the wizard will pop up again allowing you to set up the synchronization. Just choose one of the two Microsoft Graph API options on the OneDrive tab and follow the steps.
36
36
37
37
### I reset my OneDrive password and now my KeePass sync fails, how do I fix this? ###
38
38
39
39
It is by design that when you reset your OneDrive (Microsoft Account) password, all active refresh tokens will be invalidated. This is a security measure as the reason for changing the password could be that somebody gained access to it. In this scenario your KeePass sync will stop working. You can easily resolve this by going Tools -> OneDriveSync Options -> delete the entry with the database you're having problems with. This will not delete the KeePass file, just the configuration for the plugin for it. Now if you save your KeePass database again (ctrl+s) you will receive the wizard again to set up your sync. After going through this again all should work well again.
40
40
41
41
### KeePass doesn't detect the plugin ###
42
42
43
-
If you have downloaded the PLGX and placed it inside the KeePass/Plugins folder (typically C:\Program Files (x86)\KeePass Password Safe 2\Plugins) and it doesn't show its functionality, ensure that the PLGX file is not blocked. By default it will be. go to the Plugins folder, right click the KeeOneDriveSync.plgx file and go to its properties. If it shows an option to Unblock it at the bottom right of the General tab, check the box and hit OK. Restart KeePass. It should now properly load the plugin.
43
+
If you have downloaded the PLGX and placed it inside the KeePass/Plugins folder (typically C:\Program Files (x86)\KeePass Password Safe 2\Plugins) and it doesn't show its functionality, ensure that the PLGX file is not blocked. By default it will be. Go to the Plugins folder, right click the KeeOneDriveSync.plgx file and go to its properties. If it shows an option to Unblock it at the bottom right of the General tab, check the box and hit OK. Restart KeePass. It should now properly load the plugin.
44
44
45
45
### Is there any (KeePass) data that flows through any of your environments? ###
46
46
47
47
No. There is no data that flows in any way to or through any service I host or own for this plugin. All communication goes directly between the KeePass client and the cloud provider where the data is hosted, such as Microsoft OneDrive for Business. The traffic between KeePass and Microsoft is encrypted through HTTPS encryption. The refresh token which could give access to the storage provider, such as OneDrive for Business, is stored to prevent having to authenticate over and over again on each synchronization. This token is stored either in the KeePass database, thus encrypted and secured in the same ways as everything else in your KeePass database is, or on your local file system in the user profile folder:
48
48
49
-
C:\Users<username>\AppData\Roaming\KeePass
49
+
`C:\Users<username>\AppData\Roaming\KeePass`
50
50
51
51
The token in this config file is encrypted using built-in Windows encryption and only can be decrypted if you are logged on to Windows with the same user as under which this data is stored.
52
52
@@ -62,9 +62,9 @@ I recommend you to read up on the oAuth flow which will show you that all commun
### How does the experimental Microsoft Graph Device Code Flow work? ###
65
+
### How does the Microsoft Graph Any browser option work? ###
66
66
67
-
If you want the deep technical details on this, [read up here](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code).
67
+
It utilizes the Microsoft Graph oAuth Device Code Flow. If you want the deep technical details on this, [read up here](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code).
68
68
69
69
If you just want to understand the basic idea, it works as follows. When you choose this option when setting up the synchronization of your KeePass database with your OneDrive Consumer or OneDrive for Business site, the KeePass plugin will connect to the Microsoft Graph API to request a device login session. This will return a short unique identifier which will be shown to you by this plugin in your KeePass. You then open any internet browser you would like and navigate to the internet address shown in the KeePass dialog, which will typically be https://microsoft.com/devicelogin. You can even do this from any other device such as your tablet or phone. Enter the ID that is shown to you by the plugin in KeePass and go through the normal authentication process for your OneDrive Consumer or OneDrive for Business site. This process has full support for multi factor authentication and other identity providers you or your school or organization may have put in place such as AD FS, Ping Federate or one of the many others. Once authenticated, it may ask you to confirm granting the permission to access your files without you having to log on again to my plugin which will identify itself as "Koen Zomers OneDrive Sync v2". Once you grant it these rights, depending on how you have set up your account, it can be that you get a push notification on your phone, a text message on your phone and/or an e-mail stating that a new logon has just taken place under your account to the application "Koen Zomers OneDrive Sync v2". From here on the sync process works exactly like before.
0 commit comments