Microsoft Graph Security OAuth2 API

Hi,
i’m trying to connect to my Sharepoint through “Microsoft Graph Security OAuth2 API”. I want to download to an excel file so i can import data to mysql. But i can’t authorize. I’m using the “Microsoft Graph Security OAuth2 API” for several other applications such as an Plugin for WP or our virus scanner. This all works fine, but when i try to connect with th n8n credentials. I will always get an error.

error message

"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).

what i did

I added the credentials and made the app registration on microsoft azure.

n8n screenshots




n8n setup

  • n8n version: 0.201.0
  • Database you’re using (default: SQLite): SQLite
  • Running n8n with the execution process [own(default), main]:
  • Running n8n via [Docker, npm, n8n.cloud, desktop app]: npm

regards,
Frank

1 Like

Hi @Frank_Loeffler, welcome to the community :tada:

I am sorry to hear you’re having trouble. I just gave this a go on my end with a newly registered app in the Azure portal and didn’t run into any trouble here with the authorization. My settings look very similar to yours:

Seeing n8n doesn’t seem to understand the response coming from MS in your case, could you double-check your application settings? When going through the registration process, did you pick the third option and provide a valid redirect URL for your n8n instnace?

Also, could you double-check your client ID? Microsoft uses multiple different GUIDs to identify clients, so it’s important to pick the right one:

1 Like

@Frank_Loeffler - Did you ever get this resolved ? I was having the same issue under 0.201.0 … and have just upgraded my ‘wild’ new build environment to 0.204.0 and now get the same black screen but with ‘unknown error’ - I’ve got a feeling I’m going to get asked to open up a new question about this but since I was getting the same original message as you it could be connected.

Under 0.201.0 and 0.202.1 I was getting this message:
image

Now under 0.204.0 I’m getting this:

1 Like

Hi,

Got the same issue on my side from a Docker base instance on my Synology.
I check logs (verbose on) and n8n report auth phase as success :thinking:

"message":"OAuth2 authentication successful for new credential"

However when I tried to use a node with this credential it fails

Did you find anything on your side?

Yep in the n8n log of the container I see the same:

So there’s clearly something not quite right ?

Hi all, getting the “credentials not connected” message suggests the tokens received during the OAuth 2.0 dance have not been persisted to n8n’s database.

I am afraid I do not have a Synology device here, so don’t quite know what might cause this. If you can also reproduce this problem with our latest standard docker image outside of Synology, could you please share a step by step description for doing so? Thank you!

Hi @MutedJam

For me - my configuration isn’t on a synology but on a x86_64 redhat os 7.9 release, with docker 1.13.1-209 (“supported” docker version by RH).

Other credentials (slack api token) are being stored ok and working ok but I’ll try and see if I can connect to a different OAuth2 service…

container image ends in 886d77ebb551:

REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
docker.io/n8nio/n8n     0.204.0             886d77ebb551        10 days ago         561 MB
docker.io/n8nio/n8n     latest              886d77ebb551        10 days ago         561 MB
docker.io/traefik       2.9.5               d3cd2c35d32c        2 weeks ago         135 MB
docker.io/traefik       latest              d3cd2c35d32c        2 weeks ago         135 MB

I’ve now just upgraded to 0.205.0 build from 3 days ago… and now I get a different response from Microsoft. This time complaining about scopes missing.

and again in the n8n.log file…

Docker images:

REPOSITORY              TAG                 IMAGE ID            CREATED             SIZE
docker.io/n8nio/n8n     0.205.0             40bda9452162        3 days ago          561 MB
docker.io/n8nio/n8n     latest              40bda9452162        3 days ago          561 MB
docker.io/n8nio/n8n     0.204.0             886d77ebb551        10 days ago         561 MB
docker.io/traefik       2.9.5               d3cd2c35d32c        2 weeks ago         135 MB

Ok …well this is interesting … I went to go look at the credentials that I used … and found that the ‘scopes’ to that last screenshot have now been cleared .

and so I’m now re-populating the scopes from my ‘working’ 0.198.2 container MS Graphi API OAuth2 credential…

I put the scopes in to the 0.205.0 empty scope box … … Save

Open the credential up again … scopes are still there

Click connect to my account… and again I get the message about scopes

image

…I can’t click save credential so I have to click the ‘X’

Screenshot 2022-12-05 12.45.55

I get the message about … Close without connecting

image

I click ‘close’

… open up the credential… and again the scope populated field is now empty.

Very strange.

Thanks for confirming @0101binary0101! This is super helpful, I can reproduce this on [email protected] and shall add this to our engineering backlog for a fix.

1 Like

Got released with [email protected]

2 Likes

@jan - Confirmed, I’ve updated my wild version to 0.206.1 - Scopes issue is resolved… and now I’m just back to the issue (as reported in this posting) of the account connection failure from the UI/MS but N8N logging shows it’s Successfully connected but still an workflow attempting to do anything with the credential is just rejected from MS.

and

n8n logging.

@Jon do you by any chance know if this problem could be related to the fix you mentioned over here? I suppose it won’t fix our lack of logging for this “Unknown error”, but I wonder if it would still improve things (just in case it’s not just the two settings from my next post).

@0101binary0101 I am sorry you are still having issues here.

Could you try switching the Authentication setting from your screenshot to Body and add response_mode=query to the Auth URI Query Parameters field?

These were the settings I used when authenticating with MS and it’s also what n8n’s pre-defined credentials would use.

It doesn’t look related to me but it looks like you have nailed it with the response type.

1 Like

Still looks the same… on 0.206.1

Just updated to 0.207.1 and now I get a different message…

but again in the n8n log file I see:

{"level":"verbose","message":"Credential updated","metadata":{"credentialId":"1","file":"credentials.controller.js","timestamp":"2022-12-16T11:54:31.983Z"}}
{"level":"verbose","message":"OAuth2 authentication successful for new credential","metadata":{"credentialId":"1","file":"oauth2Credential.api.js","timestamp":"2022-12-16T11:54:32.055Z","userId":"a2bcf347-392e-4114-a12a-1e2674c92cee"}}

Just to show what it looks like with a ‘pre-filled’ scope/authentication MS credential I tried it with a MS Teams OAuth2 Api … again using the latest 0.207.1

That is odd, Are all Microsoft OAuth connections failing? I have just tried Drive, Todo and Outlook on my 207.1 install and it is working as expected.

Quick update… I can reproduce the same issue if I use the wrong client secret, Just to confirm did you use the secret before it was hidden or the value next to the secret?

Ok - I’ll re-do the client secret.

It’s unfortunate that the guy who admins the MS side is off now. So it’ll be a while till I get him to check his side again … only my 0.198.2 docker image is working which is using a different callback/clientid and secret…

The client secret is the one masked in the image below, If you use Secret ID there it will fail.

1 Like

Thanks @Jon - the secret value in the n8n credential wasn’t the one matching the application.

I noticed I couldn’t ‘edit/update’ the ‘Expression’ text of the credential… I had to click on ‘fixed’ and then paste in the client secret and then double checked the secret value by clicking on expression.

It’s all connected now.

Seems like we had a number of issues going on - misleading messages, default settings for the authentication and client secret mismatch

2 Likes