How to make a PKCE connection in custom node

Describe the problem/error/question

Hello, I noticed you added PKCE support for custom connections:

I am developing a custom app and I would need to add a PKCE flow for authentication.

It is the same app as in this original post:

I updated my n8n version to 1.0.5. How exactly should I configure my credentials.ts in order to work with PKCE?

Thank you!

Information on your n8n setup

  • n8n version: 1.0.5
  • Running n8n via (Docker, npm, n8n cloud, desktop app): npm
  • Operating system: MAC

Hey @alexnemes,

Check out the Twitter Oauth2 credentials which use pkce :slight_smile: it should be a good example on how to use pkce.


Hi @Jon I tried to copy the setup to my custom node’s credentials, so I added this part:

			displayName: 'Grant Type',
			name: 'grantType',
			type: 'hidden',
			default: 'pkce',
			displayName: 'Auth URI Query Parameters',
			name: 'authQueryParameters',
			type: 'string',
			default: 'response_mode=query&response_type=code+id_token',
				'For some services additional query parameters have to be set which can be defined here. Example: access_type=offline'

I receive the following error when I try the connection:

Received following query parameters: {"error":"unauthorized_client","error_description":"Client is not configured to support given response_type","state":"eyJ0b2tlbiI6InVGbEVISndFLWFWYUtQWVhSWGNJbDN1amo0ZEFuQlZ0dEV5ayIsImNpZCI6Ijg4NVJLRFVFUk9UdVA4enIifQ=="}

I noticed the response_type set by n8n in query parameters is response_type=code but the service accepts response_type=code+id_token only.

Is it possible to somehow rewrite that response_type to “code+id_token”? Tried to include it in authQueryParameters but seems to have no effect.

Thank you!

Hey @alexnemes,

That is not something we support that I am aware of so you may need to get more creative. What service are you trying to interact with and do you happen to know if code+id_token is part of the pkce spec if it is we can get that added.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.