Connecting to Sharepoint

Hi,

I’m trying to connect to Sharepoint from a local instance of n8n and I’m having some difficulties. The Sharepoint in question is part of a 3rd party Microsoft 365 tenancy, and as such I am not able to get hold of a client ID / secret and would therefore the only way I can connect is if I go through the Microsoft pop-up login process (i.e. only seems to be supported in n8n cloud).

Any advice?

Regards
Scott

Hey @scottjscott,

Is there a Sharepoint node or are you making one?

I’m not creating a Sharepoint node, I’m just falling at the first hurdle of trying to create a Microsoft OAuth authentication, so I guess my question in the first instance is really about being able to create an OAuth connection via the open source n8n when I need to using login credentials rather than API credentials.

If I understood correctly, you are probably going to need both. Check the link below for instructions to get the API credentials.

Is it not possible to use the Onedrive node to manipulate data in Sharepoint? they work together according to what I read. They even seem to have the same endpoints. I would give it a try.

Thanks Ricardo. I’ve already read the connectivity documentation, and it doesn’t help me in my situation. Here’s a longer explanation:

  1. I have the community edition of n8n installed on my computer
  2. When creating n8n connection credentials for Microsoft (Microsoft OAuth2 API, Microsoft Drive OAuth2 API, etc…), it requires me to specify a Client ID & Secret.
  3. I am not able to get a Client ID & Secret because the Microsoft tenancy I’m trying to connect to is provided by a 3rd party who is not able to issue me with API credentials (e.g. they do not have the expertise to register an application in Azure, and I don’t think their infosec policies will allow this).

So I’m stuck and I just wondered whether anybody had any creative suggestions.

I also tried n8n cloud because the documentation says it supports an approach to Microsoft OAUTH that allows me to go through a login and authentication flow, thus bypassing the need to register an application in the Azure portal to get API credentials. I’ve tried this too, and I go through the login flow when adding the credentials to n8n and I get an error message “Something went wrong. Please try again!” as per the screenshot:

So I can’t progress with n8n cloud either.

So I’m double stuck!

One final question - will the change to OAUTH approach in n8n cloud find its way into the community edition or is this going to be a point of differentiation?

Thanks
Scott

So this bit here could be your problem.

(e.g. they do not have the expertise to register an application in Azure, and I don’t think their infosec policies will allow this).

Could they also have a policy in place stopping you from adding third party applications? I have seen a few companies with other products attempt similar things but they have Microsoft 365 locked down to only a small amount of third party apps and they have a process to add others to the list.

It may be worth chatting to the company that manage your tenancy and find out what policies they have in place as it may never work without them setting something up.

It’s a UK public sector organisation so it is highly likely that it is locked down, which may explain the n8n cloud connectivity issue.

Thanks for your help so far. Before closing this thread down I’d quite like to know whether the community edition of n8n is going to support the cloud style approach to Microsoft OAUTH.

Cheers
Scott

That could be it, It was that same area that I have seen issues before. The Cloud style approach to OAUTH is an interesting one, It looks like the n8n team have registered an app that everyone can use and add to their instances which is great when it is coming from one server but I suspect using the same application for hundreds of installs may not work out too well.

I am sure @RicardoE105 will have an answer when he comes back later

This is the problem. However, I would try creating a Microsoft Azure app with your personal’s credential. That would give you the Client ID and Secret and then use your company’s credentials during the OAuth2 flow. Their Microsoft account might block it, but it is worth a try. If you want to be completely sure, you have to ask the company to provide the credentials as @Jon suggested.

Yes, not sure what the requirements are, but it’s always a struggle to create verified apps with big companies. For example, with Google, it took us months to get an approved Google app, and we did not get approved for all the services. Some of them, like Gmail, require a security audit that it’s worth three digits. Going to ask internally to see if this is something that we are currently working on.

Some context on what we’re doing on cloud:

  • Cloud is using same flavour of n8n as self-hosted version
  • For certain OAuth connection types on n8n.cloud, we’ve registered an app with the 3rd party (like Microsoft) and are syncing the Client ID and Secret with your instance. When n8n detects that these have been injected, it hides these parameters in the credential so users can’t see them but can utilize them (i.e. the big orange “connect” button)
  • I don’t forsee us being able to mimic this functionality on self-hosted (providing ID and Secret) - since they have to remain private to be secure. If we were to register for these and release them publicly, they would in all likelihood be disabled by the 3rd party like Microsoft very quickly (beyond also being a bad security practice). So if you need OAuth on self-hosted, you will have to register your own apps.
  • This point won’t help in your specific case but might help other users: the good news is the application process for many services is usually easier if it’s just for internal purposes. As @RicardoE105 mentioned, getting a public-facing Google OAuth for Drive or Gmail is a expensive and arduous process, however I believe it’s free and relatively easy if it’s just for internal - where all parties have same email domain.

Hi Ricardo - I’ve tried this and it allowed me to get the credentials setup and working (a very useful learning exercise for me). However, as you anticipated, when I try to connect to their Sharepoint I’m rejected.

I’m being offered an SFTP option so I’m going to take them up on that :slight_smile:

2 Likes

Thanks to everybody for their help. Definitely not a failing of n8n that I couldn’t get this to work properly - more an illogicality in the setup with my client, which could be overcome if they issued me with different credentials rather than simply inviting my own Microsoft account into their tenancy as a guest.

3 Likes