HTTP Request Node OAuth2 Token Missing Scopes – Issue Persists Despite Correct Setup

Ian3 · January 9, 2026, 7:41am

Hey community. I’m experiencing a persistent issue when making HTTP requests through n8n.I’m trying to call Microsoft Graph APIs using the HTTP Request node in n8n, but I keep encountering the following error:

Despite granting admin consent and ensuring that all the required API permissions are correctly configured, I continue to receive the following error:
(HTTP Node)403 - AccessDenied: You cannot perform the requested operation, required scopes are missing in the token.
Steps I’ve already taken:
Granted admin consent for the application in Azure.
Verified that the required permissions are present.
Created new credentials and re-authenticated.
Confirmed that the token is being generated successfully.
Despite these efforts, the error persists, and I’m unable to proceed. Could you please advise on what might be causing this issue or if there’s any additional configuration required on the n8n side?

Describe the problem/error/question

What is the error message (if any)?

Please share your workflow

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)

Share the output returned by the last node

Information on your n8n setup

n8n version:
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:

vestrgaard · January 16, 2026, 2:39pm

Hi Ian

Saw your question, and have been in the same situation - so i thought i might be able to help

Azure API’s can be very fiddly to authenticate depending on what service you are wanting to use.

What scope are you using in your credentials? And what service are you trying to authenticate too?

What credential type have you setup in N8N?

Best
Rasmus

Ian3 · January 18, 2026, 10:38am

In n8n, I set up a Microsoft OAuth2 credential, using:

Client ID (from Entra App Registration)
Client Secret
Tenant ID
Token URL:

https://login.microsoftonline.com//oauth2/v2.0/token

Auth URL:

https://login.microsoftonline.com//oauth2/v2.0/authorize

I’m currently authenticating only to Microsoft Entra ID to get an OAuth2 token using the Client Credentials flow

I’m using the .default scope for my Entra ID app registration, specifically:
https://graph.microsoft.com/.default

vestrgaard · January 18, 2026, 9:45pm

Hi Ian

Sounds good, what endpoint are you trying to call?

Also, if you check your Entra App registration manifest, what is the accessTokenAcceptedVersion null, 1 or 2?

Ian3 · January 19, 2026, 6:18am

At the moment I’m not calling any specific service endpoint yet. I’m only validating the OAuth2 client credential flow against the Microsoft identity platform to ensure the app registration can successfully issue tokens before I tie it into the rest of my workflow.

The accessTokenVersion is null.

vestrgaard · January 19, 2026, 7:26am

Hi Ian

Take a backup of your manifest, and then try changing the accessTokenVersion to 2, this fixed the issue for me.

Reason is, that even though you’re calling v2 token endpoint, Microsoft is returning a v1 Bearer.
You can verify this by decoding your bearers on jwt.ms: Welcome!

Let me know if this helps

Ian3 · January 19, 2026, 10:18am

Thanks for this vestrgaard.
I will give you feedback on it.