I have setup M365 integrations, and they authenticate fine initially. However, it seems that the oauth is not renewing as expected. As a test I have a simple 5m schedule to get a single group from Entra, and it worked for ~1hr. Then it throws;
“error”: “Authorization failed - please check your credentials”
However it claims it’s connected.
Clicking ‘Reconnect’ and re authenticating fixes it for a short time.
Anyone else run into this? Any ideas?
@Midnigh7 Benjamin’s right about offline_access but honestly the fastest fix is just forcing a token refresh via HTTP Request instead of the built-in node — the native M365 nodes have a known quirk where they don’t always trigger the refresh flow properly.
swap to HTTP Request node with your same Entra creds, the generic OAuth2 path handles refresh tokens way more reliably than the dedicated Entra node does. are you self-hosted or cloud btw?
achamm’s diagnosis is right — the native M365 nodes handle OAuth refresh inconsistently, especially when the Azure app was registered without `offline_access` from the start. A few things to check in order:
1. Azure Portal → App registrations → API permissions: confirm `offline_access` is in the *granted* scopes, not just requested. If it was added after the n8n credential was created, delete the credential and reconnect fresh — n8n caches the original scope set.
2. 1-hour expiry is exactly the access_token lifetime. If refresh works, n8n should get a new token silently. Check n8n logs around the 1-hour mark for “failed to refresh token” — tells you whether it’s refresh failure vs token not persisting.
3. Benjamin’s suggestion to use generic OAuth2 + HTTP Request also gives you the bonus of one credential shared across Outlook, Graph, SharePoint instead of three separate node-specific credentials.
If you end up with many M365 workflows, pulling the OAuth dance out of n8n entirely and into a gateway (n8n just does `Authorization: Bearer` against a local endpoint) has been worth it. We open-sourced ours — github.com/ChronoAIProject/NyxID .
I am using the latest build, self hosted.
Thanks for the suggestions. I’ll start using the native web requests I guess.
I created a keep-alive flow that runs every 5 minutes with the http request node. That refreshes the creds and the native nodes now work.
cheers 
!
