Microsoft Defender OAuth Credentials Problems

Hi all, I am trying to develop a declarative style for Microsoft Defender however, I am running into a few issues with the OAuth Authentication when trying to use the Oauth2 n8n credentials.

Describe the issue/error/question

Following the Microsoft guide here I can get the auth token using some PowerShell code like the following:

# This script acquires the App Context Token and stores it in the variable $token for later use in the script.
# Paste your Tenant ID, App ID, and App Secret (App key) into the indicated quotes below.

$tenantId = '' ### Paste your tenant ID here
$appId = '' ### Paste your Application ID here
$appSecret = '' ### Paste your Application key here

$resourceAppIdUri = ''
$oAuthUri = "$TenantId/oauth2/token"
$authBody = [Ordered] @{
    resource = "$resourceAppIdUri"
    client_id = "$appId"
    client_secret = "$appSecret"
    grant_type = 'client_credentials'
$authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop
$token = $authResponse.access_token

This is easily replicated using the n8n HTTPS request node with the following:

What is the error message (if any)?

When I try and replicate this using a credential node, I always get a token that returns “Unauthorized”

Currently, this is what my credentials look like. Any help would be greatly appreciated.

export class MicrosoftDefenderApi implements ICredentialType {
	name = 'MicrosoftDefenderApi';
	extends = ['oAuth2Api'];
	icon = 'file:Microsoft.svg';
	displayName = 'Microsoft Defender OAuth2 API';
	documentationUrl = 'microsoft';
	properties: INodeProperties[] = [
			displayName: 'Grant Type',
			name: 'grantType',
			type: 'hidden',
			default: 'clientCredentials',
			displayName: 'Access Token URL',
			name: 'accessTokenUrl',
			type: 'string',
			default: '$TenantId/oauth2/token',
			displayName: 'Authentication',
			name: 'authentication',
			type: 'hidden',
			default: 'body',
			displayName: 'Resource',
			name: 'resource',
			type: 'hidden',
			default: '',

Information on your n8n setup

  • n8n version: 0.190.0
  • Running n8n via [Docker, npm,, desktop app]: NPM

Hi @Faintiz,

I can’t really help you, but a couple of things are noticeable. The authorization URL still contains $token instead of the TENANT_ID.

Furthermore, I’m not sure: do you want to program a new auth method for n8n or do you want to authorize via a workflow? The URL error ($token) is included in both cases (workflow/code).

If you want to do the authorization via workflow: The page you linked also lists the cURL notation. For whatever reason, this differs from the notation of PowerShell. For n8n/js the cURL notation should be used.

And I assume that the HTTP node was built by you only rudimentarily - the notation for variables will not work like this in the production system.

Maybe these approaches will help you.

PS: The Microsoft API and documentation is a nightmare. The errors that Microsoft returns simply cannot be trusted. That means: If Microsoft says “Unauthorized” (or others), it doesn’t necessarily mean that this is REALLY the error. But these are just my experiences - they don’t have to agree with the professional users here in the forum. :wink:

1 Like