Generic OAuth2 - 400 Error

Hello there,

I am trying to setup a generic OAuth Integration - it is working until the last step. I authenticate the service and get the callback but it returns an error (see below):

Callback URL (taken from the interface):

It is calling this url

Error Message:
{"code":0,"message":"HTTP status 400","hint":"","stack":"Error: HTTP status 400\n at /app/node_modules/client-oauth2/src/client-oauth2.js:283:25\n at processTicksAndRejections (internal/process/task_queues.js:95:5)\n at async /app/node_modules/n8n/dist/src/Server.js:1000:36"}

I tried to dig around a little - I tested the github oauth - this is working. If I call the callback endpoint it is asking for more parameters (which indicates it is working).

I am running on 0.133.0 inside docker on an ARM build.

Would be great if someone can share more insights into this and help me out.

Hey @Manuel,

How are you doing?

Are you creating your own node? If yes, can you point out the service you’re adding OAuth for? Different services expect different parameters, and also return the data in different formats. You may want to check their docs for that.


thanks for answering.
I am trying to auth against Bondora - their API is described here: Intro

Their example states:

curl -X GET "
Response Redirect Url:

If I compare the Response Redirect URL - it looks good. I assumed that the error I am seeing is an internal N8N error - given that I am doing something wrong.


Thank you for sharing the details. Can you update n8n to the latest version? We have changed the request library. This is not the solution to your problem, but hopefully, it should return a better error message and make your node compatible with the newer versions.

Do you have the code available on GitHub? If not, can you share the code you’re using here?

Hello there,

sorry, it took me a while to get n8n updated.
Right now I am running on 0.144.0 but the error message still appears the same:

{"code":0,"message":"HTTP status 400","hint":"","stack":"Error: HTTP status 400\n    at /usr/local/lib/node_modules/n8n/node_modules/client-oauth2/src/client-oauth2.js:283:25\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async /usr/local/lib/node_modules/n8n/dist/src/Server.js:1083:36"}

I am still not sure where it goes wrong since I do not fully understand what the “node” does - maybe someone who has a deeper insight can help out?

Hey @Manuel,

I am still not sure if you’re creating your own node, or if you’re using the HTTP Request node. Can you please let us know? Since it’s a 400 error, it means that the data wasn’t sent in the correct format.

The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

From MDN

Hello @harshil1712 ,

I am not currently trying to create my own node (I will probably try it later) - currently I am trying to use the “OAUTH2” node from the credential set.

It looks like it is using the HTTP Request command set (as you indicated). What I do not understand is - what does the “/app/node_modules/client-oauth2/src/client-oauth2.js” expect as proper input?

If I understand correctly - n8n/package.json at 10aa00ee3b72928db2e94303594e048d94eb30ad · n8n-io/n8n · GitHub indicates that it is using - client-oauth2 - npm.
I think what I am trying to use is - client-oauth2 - npm

According to the documentation, the first request will return - which is exactly what I am seeing in the URL.
It looks like that this is exactly where it is throwing the error - the next call should be

curl -X POST \
    -F grant_type=authorization_code \
    -F client_id=1cc7aa4ebd4b493eb72471632a85938d \
    -F client_secret=yttsYFcsFzXQNXNoDfPTIX3RIoh1RtMLLU02y0aAlA6lCZ4d \
    -F code=JvvF6ofRZFdzUIzqtGC8bFeuxjioSs8t0kjKnHDglgCK5vTs \
    -F redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

where it takes the “code” hash and uses it against the endpoint to receive the access token. I tried it by using postman but it looks like their API is broken - at least it states that the media type is not supported.
Luckily - they support token generation within their “apps” which I will use for now to access the data.

1 Like