Microsoft Azure OAuth2 refresh token not working - token expires after 1 hour

Questions
1

Hi,

I’m experiencing an issue with Microsoft Azure OAuth2 credentials. The access token expires after approximately 1 hour and is not being refreshed automatically.

Environment:

  • n8n Cloud (version 1.121.3)
  • Microsoft Azure OAuth2 API credential

Azure AD App Settings:

  • API Permissions:
    • Microsoft Graph: offline_access :white_check_mark: (Admin consent granted)
    • Microsoft Graph: User.Read :white_check_mark:
    • Power BI Service: Dataset.ReadWrite.All :white_check_mark:

n8n Credential Settings:

  • Scope: https://analysis.windows.net/powerbi/api/.default offline_access
  • Auth URI Query Parameters: access_type=offline

Test Results:

  • After Reconnect: API call succeeds :white_check_mark:
  • After 30 minutes: API call succeeds :white_check_mark:
  • After 60 minutes: API call fails with 401 “Access token has expired” :cross_mark:

The refresh token should automatically renew the access token, but it seems n8n is not using it. I’ve confirmed all settings are correct on both Azure and n8n sides.

Has anyone experienced this issue? Any suggestions would be appreciated.

Thanks!ft Azure OAuth2 refresh token not working - token expires after 1 hour

2

Hi @Hidefumi_Hosogai

This is expected behavior with Azure OAuth2, not a bug in n8n.

The issue is caused by using .default scopes together with offline_access:

https://analysis.windows.net/powerbi/api/.default offline_access

When .default is used, Azure does not reliably issue a usable refresh token, even if offline_access is present. As a result, the access token expires after ~1 hour and is not refreshed.

Fix:

  • Do not use .default
  • Use explicit scopes, for example:
offline_access
https://analysis.windows.net/powerbi/api/Dataset.ReadWrite.All
  • Remove access_type=offline (Google-specific, ignored by Azure)
  • Use the v2.0 endpoints

After this, Azure will issue a refresh token and n8n will refresh the access token automatically.

1 Like
3

Thank you for your quick response!

I applied your suggestions:

  • Changed Scope to: offline_access https://analysis.windows.net/powerbi/api/Dataset.ReadWrite.All
  • Removed access_type=offline from Auth URI Query Parameters
  • Confirmed v2.0 endpoints are already in use

Results improved but still failing:

Time Elapsed Result
09:50 0 min :white_check_mark: Success
10:30 40 min :white_check_mark: Success
11:00 1h 10min :white_check_mark: Success
11:30 1h 40min :cross_mark: Failed (token expired)

Previously it failed after exactly 1 hour, now it lasts about 1h 40min.
Progress, but still not refreshing properly.

Any additional suggestions? Thanks!