googleOAuth2Api Credentials overwrites doesn't work

Madriax · October 20, 2021, 10:14am

Hello,

When I try to overwrite my credentials for googleOAuth2Api using the environment variable, it doesn’t work. But when I try to overwrite credentials for a single Google tool such as googleSheetsOAuth2Api using the same technique, it’s working.

Here’s the value I set for the environment variable:
CREDENTIALS_OVERWRITE_DATA='{"googleOAuth2Api":{"clientId":"xxx","clientSecret":"xxx"}}'

N8N Version: 0.144.0

harshil1712 · October 20, 2021, 11:28am

Hey @Madriax,

This is expected behavior. Each Google node has its own scopes that are required for authentication. They use different credentials for authentication. You can these files here: n8n/packages/nodes-base/credentials at master · n8n-io/n8n · GitHub

Madriax · October 20, 2021, 11:37am

Hi @harshil1712

Here is what it is said in the documentation

There are cases when credentials are based on others. For example, the googleSheetsOAuth2Api extends the googleOAuth2Api. In this case, you can set parameters on the parent credentials (googleOAuth2Api) which will be used by all child-credentials (googleSheetsOAuth2Api).

That’s why I tried to overwrite credentials for googleOAuth2Api instead of each Google Nodes separately.

jan · October 21, 2021, 1:57am

There was a bug. It did not work for child types when overwritten via environment variables, it only worked correctly when it got set via API. I assume we never realized that as nobody normally uses the overwrite via an environment variable. Anyway, It got now fixed and will be released with the next version.

That said do we VERY strongly discourage using an environment variable as documented because literally, every user can easily read that value inside of n8n via $env.CREDENTIALS_OVERWRITE_DATA. So unless that is not a problem (as you for some reason do not mind if the credentials do get leaked) set the overwrites via API.

Madriax · October 21, 2021, 8:25am

Hello @jan

I knew it was possible to access env variable but I didn’t thought it was that easy !
I finally managed to modify my Kubernetes Deployment to set the credentials via the API so I won’t use the environment variables anymore.

Thank you for your explanation !

jan · October 21, 2021, 12:27pm

Glad to hear that it was helpful. Have fun!

jan · October 22, 2021, 2:10am

fyi the above mentioned fix got released with [email protected]