Microsoft Graph and Oauth2

Hi everyone,

Issue

I’m having some troubles with the Oauth2 method in a HTTP Node, used to connect to Microsoft Graph API. The issue is that n8n is apparently not requesting to renew the token when the old one has expired. I need to reconnect manually about every hour… I have tried everything, to no avail, including adding the access_type=offline parameter in the query.

Error message

Error: “code”: “InvalidAuthenticationToken”,
“message”: “Access token has expired or is not yet valid.”

Please share the workflow

Information on your n8n setup

  • n8n version: 0.176.0
  • Database you’re using (default: SQLite): POSTGRES
  • Running n8n with the execution process [own(default), main]: own
  • Running n8n via [Docker, npm, n8n.cloud, desktop app]: Docker

Hi @tomfer, welcome to the community!

I think the Microsoft API you are referring to requires a separate scope rather than a specific query parameter to issue a refresh token: Microsoft identity platform scopes, permissions, & consent - Microsoft identity platform | Microsoft Docs

Hi @MutedJam,

Glad to use n8n!

I believe I’ve set everything properly, within AAD and n8n.

Here’s a screenshot of my n8n credentials’ configuration:

And here’s a screenshot of my Microsoft’s scope configuration:

Still, it doesn’t work. I’ve also tried using the “https://graph.microsoft.com/” prefix, with no joy.

I’m at a point where I want to take a node such as the one for Onedrive, discontruct it and adapt it for the Microsoft Graph API.

So I couldn’t make it work with the embedded Oauth2 authorization from N8N. But i’ve managed to build my own Oauth2 authorization workflow and it’s working pretty well.

2 Likes

Hey @tomfer, glad to hear you managed to get it working, thanks a lot for confirming! Perhaps you could share your workflow in case someone else encounters a similar problem?

Sure, for security reasons I’m just disclosing the HTTP node that makes the OAuth refresh token request. But the principle is the following:

  1. Retrieve the access token and the refresh token previously stored on a datastore (local file, database, etc., this is up to you and your standards)
  2. Make the HTTP request to Microsoft’s token endpoint with the correct scopes
  3. Replace the newly received tokens on your datastore
  4. Return the HTTP response to the master workflow with the new tokens

**Please note that this only adresses the refresh token issue. For the initial authorization code request, you will need to do it on your own in order to 1/ redeem the authorization code and then 2/ to redeem your very first access token as described on the Microsoft’s documentation.

1 Like

Thanks so much @tomfer!

Hello, i am jumping in to the topic, cause i am having some trouble to connect my account:
Error:
The requested scope is invalid, unknown, or malformed.

Please open a new topic and explain what you are doing and what your setup is.

Hello @BramKn , thanks for answer me.
I guess this topic is perfect for my issue, but if there is no problem I can create a new one.
My main issue is to understand how to config http request with oauth2 credentials

It is better to open a new topic and maybe refer an old topic.
It is especially important to explain your case and let us know what you setup is like.
In 6 months a lot can change, and you give no information on the actual problem just the error, which doesn’t tell us a lot about what is going on.
If you want a quick and good answer, you always need to provide as much info as needed, screenshots also help. :slight_smile:

1 Like

Thanks for your suggestion,
this is the new topic

1 Like