Connecting to Microsoft Teams OAuth2 API with tunnel

Describe the problem/error/question

Trying to connect to Microsoft Teams in an n8n sandbox where we utilize the --tunnel option. All seems to be set up correctly in both n8n and the application portal. However, I’m getting the below error.

MS seems to have an old/different value stored. I have already granted access for my whole organization as an admin for the app, so I am past that step, but the mismatched URIs is keeping me from connecting.

I won’t be using the tunnel option in production, but I am using it in my sandbox environment and would like to connect to Teams for several workflows. Microsoft won’t accept dynamic URIs and I can’t realistically keep changing the urls for all of my developers.

Anyone have any advice or ideas? Is the only answer to use a static tunnel from Cloudflare/ngrok service for each of my developers? I imagine this may come up with future connections, too.

Again, don’t expect this to be an issue in production, but would like it working in sandbox, too.

Thank you!

What is the error message (if any)?

When I try to connect, I’m warned that the redirect URI doesn’t match. I don’t know where that URI in the error message is coming from, but it is not configured that way in the application portal.

Information on your n8n setup

  • n8n version: 0.221.2
  • Database (default: SQLite): SQLite
  • n8n EXECUTIONS_PROCESS setting (default: own, main): own
  • Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
  • Operating system:

A few more data points:

I decided to just delete the app registration and create it anew. This time I registered my current tunnel address as the redirect URI and got a different error.

I was signed into Office 365 as an admin, and was prompted to and consented to allow the connection for all my users. I then got this…


So weird, but I then just clicked the reconnect button again and it worked. Microsoft…

Anyways, I am still expecting this to fail the next time I restart n8n and get a different tunnel url, or one of my users does. Perhaps it will not need reauthenticating for a long while (I set the key to 24 months expiry) but would like to have a better setup if possible.

Hey @hndmn,

We don’t recommend using the tunnel option for production because of this kind of issue.

If you wanted to have a fixed url the best solution would be to configure n8n to use your own domain by setting the WEBHOOK_URL option.

Thanks @Jon - for sure, we won’t use a tunnel in production. My question is about the best way to manage this for separate sandbox environments with multiple developers. Each need their own webhook urls for testing, but having them dynamically-generated seems like it may lead to issues with certain oauth connections that don’t make switching urls easy.

Hey @hndmn,

Most services will allow you to use localhost for oauth as the redirection happens on the client side. It can get tricky if there is more than just oauth and you need to use webhooks from online services.

As an alternative you can use things like ngrok which can provide a fixed address but if you have multiple developments you will have multiple addresses.

With my test environment I use my own domain as well which points to a reverse proxy to direct it to the correct internal IP, this same approach could also work for you.

1 Like

Thank you. I think I’m heading down the ngrok or reverse proxy routes. Unfortunately some of the services I am connecting to are rejecting locahost urls.

There is no real reason to block localhost I think it is one of those odd things that the odd site might do with oauth.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.