You provide the Microsoft OneDrive plugin with a code that you receive from Microsoft when you authenticate my plugin to access your account. This is a one-time use code that you provide the XBMC / KODI plugin, which is passed through Google using SSL where the server appends my client ID and client secret, and the responding authorization and refresh tokens is sent back to the XBMC / KODI plugin, where it is stored. At no time is the code, refresh or authorization tokens saved on Google using SSL. The one-time code immediately expires when it is used to redeem an authorization token.
When the authorization token expired (after 60 mins), a refresh token is passed by XBMC / KODI plugin is passed through Google using SSL where the server appends my client ID and client secret, and the responding authorization token is sent back to the XBMC / KODI plugin, where it is stored. At no time is the refresh or authorization tokens saved on Google.
Open in a web browser the following URL
Authorize the KODI OneDrive plugin. You will be presented with prompt to enter a username and passcode. These creditials you create are not your Microsoft Account, but credentials you create that you will share with the plugin so that it may retrieve the "code" displayed on screen. This will allow you authenticate the plugin without having to type a long OAUTH2 code
Go into the Add-on Settings for the plugin. Select the SSL Script under Login Type. Enter the username and passcode you entered in the previous step. Click OK.