Microsoft Entra App registration

I have built a workflow in n8n that creates a folder in Microsoft Sharepoint. I use credentials of the type OAuth2 API for this:

image1159×1262 51 KB

I have registered an app in Microsoft Entra. I give it the appropriate write permissions for Sharepoint.
When I press connect in the n8n credentials, I get a Microsoft user query:

The n8n workflow should not connect to Entra as a user but as an application. Otherwise it does not get the rights assigned to the application but those of the user.
What else am I doing wrong?

Information on your n8n setup

• n8n version: 1.64.2
• Database (default: SQLite): cloud
• n8n EXECUTIONS_PROCESS setting (default: own, main): -
• Running n8n via (Docker, npm, n8n cloud, desktop app): cloud
• Operating system: -

Could this be related to this feature request here? M365 Nodes ( Teams ) without impersonation of a real user

That could also be an interesting possibility. However, I would actually like to achieve app-only access (access without a user).
This is described here, for example: App-Only Access
Or specifically here: Controlling app access on a specific SharePoint site

Perhaps this microsoft link is even more meaningful: Get access without a user
I do not want to register as a user at entra, but as an application.
Is this supported by n8n?

I’m encountering the same issue. Initially, I connected using a Microsoft User account before setting up credentials with Basic OAuth2. When switching to Basic OAuth2, the user profile login screen didn’t appear, so I assumed it connected directly to the app I created in Entra for posting messages in Teams. The messages still appear as though they’re posted by the user account, not the app.

I’m also having troubles with token refreshing, despite configuring the scope in Entra. @peter_s are you experiencing this too?

During my first attempts, I had selected ‘Authorisation Code’ as the grant type in the OAUTH2 API credentials and got the Microsoft login window for user selection. This may have been the wrong way.
Now I am testing the grant type ‘Client Credentials’. Now I don’t get the user selection window (great!). However, the error message ‘Access token is empty.’ now appears in my workflow. Is this the same error as yours @timon?
If I test the same credentials with Postman, it works as desired!

Does the token query have to be built manually within the workflow in n8n?

All I know is that it worked for a while, but then an issue arose where the access token was not refreshed. I had to manually reconnect each time, and then it would work again temporarily. I’ve tried everything in the scope settings, including enabling offline access, but nothing has resolved it.

I can’t say for certain if we’re experiencing the exact same issue.

@timon: Which grant type do you use, Client Credentials? My first attempts with ‘Authorisation Code’ were probably wrong.

In the meantime I have managed to connect successfully, but without using the credentials section in n8n. Instead, I build the token request manually in the workflow, with HTTP Request.

Nevertheless, I would like to know how the OAUTH2 credentials are used correctly with client credentials so that a token can be requested in the workflow. I would be grateful for any help.

I’m sorry that I can’t be of more help @peter_s , but I honestly can’t quite remember if I used Authorization Code or Client Credentials in the end.

I ended up moving away from Microsoft Teams. Slack worked much better for us out of the box with n8n and offers more functionality.

Hope you get it sorted!

I think there might be a better way for us to move 500 users to Slack

Thanks @timon for your help!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.