Access saved credentials from "expressions"

Using credentials in expressions would be great. I work mostly on telegram bots using n8n - sometimes I use features not included in n8n telegram node like copying message or dynamically creating reply keyboard (depending on user data). Because of that I need to store the credentials in secure way on my prod machine (stored as an env variable in the container). I would be really nice feature to use credentials in the expressions.

1 Like

It does not need to because we add it behind the scenes. Each service works with either header or body but not both, so it does not make sense to have them pick which one to use when we know what the service uses (See in the MicrosoftOAuth2Api credential type below how we set it to the body for all Microsoft services). The generic one is different because we do not know the service you want to connect to; hence we cannot set the field for you.

import { ICredentialType, INodeProperties } from 'n8n-workflow';

export class MicrosoftOAuth2Api implements ICredentialType {
	name = 'microsoftOAuth2Api';
	extends = ['oAuth2Api'];
	icon = 'file:Microsoft.svg';
	displayName = 'Microsoft OAuth2 API';
	documentationUrl = 'microsoft';
	properties: INodeProperties[] = [
		{
			displayName: 'Grant Type',
			name: 'grantType',
			type: 'hidden',
			default: 'authorizationCode',
		},
		//info about the tenantID
		//https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints
		{
			displayName: 'Authorization URL',
			name: 'authUrl',
			type: 'string',
			default: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
		},
		{
			displayName: 'Access Token URL',
			name: 'accessTokenUrl',
			type: 'string',
			default: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
		},
		{
			displayName: 'Auth URI Query Parameters',
			name: 'authQueryParameters',
			type: 'hidden',
			default: 'response_mode=query',
		},
		{
			displayName: 'Authentication',
			name: 'authentication',
			type: 'hidden',
			default: 'body',
		},
	];
}

Thanks that makes sense - but there are cases in Microsoft where we sometimes need to choose between sending in the header or the body, such as when requesting an Auth token. I will go back and test again, but I just wanted to share that with you.

EDIT: @RicardoE105 I’d like to add to this: We should be able to specify custom Body parameters in the credentials, not just the http request.

Here is a perfect example of something I can’t do right now using either the Microsoft credential or the Generic Oauth2 credential:

The Refresh Token in this case should not be stored in the node in plain text, but there is no way for me to specify it in the Body of the Oauth2 credential.

In addition, the grant_type can not be specified in the Oauth2 credential either.

So my suggestion / request is to allow adding of additional, masked+encrypted “body” parameters in the Generic Oauth2 creds.

1 Like

Hey @RicardoE105, Following this message from Nov 22. We are running n8n 0.203.1, however we do not see the option to pass the credentials in the body.
Can you explain how to do that?

Yes, but not straightforward.

  1. Create HTTP Request node to localhost with required credentials (set Continue on fail)
  2. in next nodes just read credentials from this node’s error response

@jan what would be a secure way to make API calls in the JavaScript node without exposing API Keys?

We tend to utilize the JS node when we run into limitations with the HTTP Node, but this results in API Keys being exposed in the workflow or execution history.

Hey @Eden,

The quickest option would be to not enable workflow logging for those flows.

Do you have an example of the limitations you are seeing with the http request node?

Hey @Jon , I have a different use case that I think (?) applies to the underlying intent of this request.

Suppose I have 2 or more OpenAI credentials defined and stored ahead of time in n8n:

I would like to have the workflow programmatically select which one of the 2 or more credentials to use based on an expression defined by an earlier node in the workflow.

Right now, because credentials are essentially hardcoded to a given workflow, I’m being forced to duplicate the workflow for each set of unique credentials I want to use.

Instead, I’d rather have a single workflow defined that can handle N number of credentials (all of the same type).

Let me know if you have further question about this request. Thanks!

2 Likes

@dkindlund that is the same reason I would like a similar request, rather than access a credentials details using an expression I want to be able to set a credential in a node using an expression.

2 Likes

@dkindlund @Jon this is the feature request you’re looking for - Select credentials via expression. Sling it a vote :+1:

1 Like

Thanks for the pointer, @pemontto !