In our SaaS platform, users grant permission to connect their Gmail accounts for automation tasks. We obtain and securely store their OAuth credentials (client ID, client secret, access token, and refresh token) in our database. The goal is to use these stored credentials within n8n to access each user’s inbox, retrieve emails, process automation, and return results—without requiring users to directly authorize within n8n.
How can we configure n8n to dynamically use stored OAuth tokens from our database for multiple users? Can n8n handle OAuth token refresh for different users without requiring re-authorization? Is it even possible to achieve this setup within n8n, or are there limitations that prevent handling OAuth authentication this way?
Since you already have the initial OAuth interaction running in an external service, you could potentially call back to that service for a current token, using an HTTP Request node, prior to making the authorized API request with a normal HTTP Authorization header.
You might also be able to implement the OAuth2 token refresh logic using a series of HTTP Request nodes in a workflow.
The limitation would be that nodes with custom credential-types would need to also support ordinary request headers. It seems like not many of them do support that, so you’d probably end up re-implementing those in HTTP Request nodes.
As you mentioned, you’re not really inviting users to be “tenants” in, and share your instance of n8n, so maybe that means you wouldn’t need an Embed License, but it might be worthwhile to discuss that with them to be sure.
There is a Feature Request for choosing credentials based on expressions, but I’m not sure if there is anything in that which would address what you’re describing, which sounds like maybe a “generic” OAuth2 node that would dynamically stand in for a credentials item.