401 Error when creating Microsoft SharePoint OAuth2 API credentials

Questions
, ,
1

Describe the problem/error/question

I can successfully log in via the Microsoft popup. However, upon being redirected back to n8n, I receive the following JSON error: {“status”:“error”,“message”:“Unauthorized”}.

What is the error message?

grafik
grafik611×232 10.2 KB

grafik
grafik397×159 4.42 KB

Microsoft Azure Permissions (for Sharepoint)

offline_access (delegate)
openid (delegate)
User.Read (delegate)
Sites.ReadWrite.All (delegate)
Files.ReadWrite.All (delegate)

Miscellaneous

I tried:

  • correcting Server Time/Timezone (it was off by 2h, now synced).
  • Added Sites.ReadWrite.All and Files.ReadWrite.All
  • Tested in Incognito Mode/Firefox.
  • Using Tenant ID instead of “common” in the URIs
    Other Microsoft nodes (Outlook, Teams) are working fine with the same App Registration. Any ideas why SharePoint specifically fails?

Information on your n8n setup

  • n8n version: 2.15.0
  • Database: default: SQLite
  • n8n EXECUTIONS_PROCESS setting: default: own, main
  • Running n8n via docker
  • Operating system: Linux Server Ubuntu 24.04.4 LTS (GNU/Linux 6.8.0-106-generic x86_64)
  • Access: WebUI via SSH Tunnellocalhost:5678
  • Variables set: WEBHOOK_URL=http://localhost:5678/, N8N_PORT=5678, N8N_HOST=0.0.0.0
  • Redirect URI: http://localhost:5678/rest/oauth2-credential/callback
3

The permissions have been granted by an admin. I deleted and recreated the sharepoint credentials but the issue still persists

4

This usually isn’t a SharePoint permission issue. It looks like an n8n OAuth callback/base-URL issue.

What fixed it for most similar cases:

  1. Don’t use the generic OAuth2 API credential for SharePoint. Use Microsoft SharePoint or Microsoft Graph credential in n8n.

  2. Don’t keep WEBHOOK_URL=http://localhost:5678/ for this. Set a real public/editor URL and make both match:

    • N8N_EDITOR_BASE_URL=https://your-domain

    • WEBHOOK_URL=https://your-domain/

    • N8N_PROXY_HOPS=1

  3. In Azure App Registration, set Redirect URI to exactly:

    • https://your-domain/rest/oauth2-credential/callback

  4. Restart n8n, delete the old credential, and create a fresh one.

Reason: the Microsoft popup can succeed, but n8n returns {"status":"error","message":"Unauthorized"} when the callback URL/editor session doesn’t match what n8n expects.

If you’re only accessing n8n via SSH tunnel on localhost:5678, that is very likely the root cause.

2 Likes
5

Hi @Mingggggggggggggg Welcome!
Try installing NGROK, once done get yourself a URL live at LOCALHOST:5678 and once that is live run n8n if you are using NPM else configure your webhook URL to the given NGROK URL, and when you will start n8n you will get yourself a LIVE publicly available URL which you can enter in the redirect URL and work with it, as localHost is not reachable for their i mean sharepoint’s end. Follow this:


6

I already used the Microsoft Sharepoint OAuth2 API and it didnt seem to be the issue but in general I think you were right. Authentification through an SSH Tunnel to localhost seems to be the culprit might as well be the lack of HTTPS but I am not sure.
I got to fix it by setting up Caddy as a reverse proxy and enabling https in n8n.

7

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.