N8N 0Auth2 Error? Self hosting coolify, potential edge case bug?

Quantum_Jake · December 20, 2025, 5:47am

Describe the problem/error/question

What is the error message (if any)?

Error 400:Invalid Request. I’m hosting on coolify using docker, and through cloudflare and oracle. 0Auth2 worked fine with the earlier versions. However, google did an update requiring the https:// In front of the 0Auth Redirect so when I paste my URL it doesn’t work anymore. I tried hard coding the URL with an https:// in front and no dice, I also hardcoded it all into my coolify server, no dice. Anyone know how to resolve this? It’s urgent!!

Please share your workflow

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)
{
  "nodes": [
    {
      "parameters": {
        "operation": "download",
        "fileId": {
          "__rl": true,
          "mode": "id",
          "value": "={{ $json['Submit your resume (PDF file(s) only)'].split(\"id=\")[1] }}"
        },
        "options": {}
      },
      "type": "n8n-nodes-base.googleDrive",
      "typeVersion": 3,
      "position": [
        656,
        16
      ],
      "id": "bcc4e735-af5c-40ea-a5ad-c8f6c57b6f93",
      "name": "Download file",
      "credentials": {
        "googleDriveOAuth2Api": {
          "id": "DKkTjAJ6lWf8oFip",
          "name": "Google Drive account 2"
        }
      }
    }
  ],
  "connections": {
    "Download file": {
      "main": [
        []
      ]
    }
  },
  "pinData": {},
  "meta": {
    "templateCredsSetupCompleted": true,
    "instanceId": "3be427478230a405d97257ba8d4c5f0f4433bfe74dd40483941f07deb72a3c6f"
  }
}

Share the output returned by the last node

Here’s the full error code URL: https://accounts.google.com/signin/oauth/error?authError=Cg9pbnZhbGlkX3JlcXVlc3QS3gEKWW91IGNhbid0IHNpZ24gaW4gdG8gdGhpcyBhcHAgYmVjYXVzZSBpdCBkb2Vzbid0IGNvbXBseSB3aXRoIEdvb2dsZSdzIE9BdXRoIDIuMCBwb2xpY3kgZm9yIGtlZXBpbmcgYXBwcyBzZWN1cmUuCgpZb3UgY2FuIGxldCB0aGUgYXBwIGRldmVsb3BlciBrbm93IHRoYXQgdGhpcyBhcHAgZG9lc24ndCBjb21wbHkgd2l0aCBvbmUgb3IgbW9yZSBHb29nbGUgdmFsaWRhdGlvbiBydWxlcy4KICAaWWh0dHBzOi8vZGV2ZWxvcGVycy5nb29nbGUuY29tL2lkZW50aXR5L3Byb3RvY29scy9vYXV0aDIvcG9saWNpZXMjc2VjdXJlLXJlc3BvbnNlLWhhbmRsaW5nIJADKkgKDHJlZGlyZWN0X3VyaRI4bjhuLTEwMC5teXF1YW50dW1mbG93LmFpL3Jlc3Qvb2F1dGgyLWNyZWRlbnRpYWwvY2FsbGJhY2s%3D&client_id=432222681988-l0c3u8fjr3sf15sk1m6fglvuuk3c92lc.apps.googleusercontent.com&flowName=GeneralOAuthFlow

Information on your n8n setup

n8n version: Current as of 12/19
Database (default: SQLite): Oracle and cloudflare
n8n EXECUTIONS_PROCESS setting (default: own, main): default
Running n8n via (Docker, npm, n8n cloud, desktop app): Coolify Docker
Operating system: Windows 10

shaurya_goel · December 20, 2025, 6:52pm

Quantum_Jake:

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)
{
  "nodes": [
    {
      "parameters": {
        "operation": "download",
        "fileId": {
          "__rl": true,
          "mode": "id",
          "value": "={{ $json['Submit your resume (PDF file(s) only)'].split(\"id=\")[1] }}"
        },
        "options": {}
      },
      "type": "n8n-nodes-base.googleDrive",
      "typeVersion": 3,
      "position": [
        656,
        16
      ],
      "id": "bcc4e735-af5c-40ea-a5ad-c8f6c57b6f93",
      "name": "Download file",
      "credentials": {
        "googleDriveOAuth2Api": {
          "id": "DKkTjAJ6lWf8oFip",
          "name": "Google Drive account 2"
        }
      }
    }
  ],
  "connections": {
    "Download file": {
      "main": [
        []
      ]
    }
  },
  "pinData": {},
  "meta": {
    "templateCredsSetupCompleted": true,
    "instanceId": "3be427478230a405d97257ba8d4c5f0f4433bfe74dd40483941f07deb72a3c6f"
  }
}
Share the output returned by the last node

Here’s the full error code URL: https://accounts.google.com/signin/oauth/error?authError=Cg9pbnZhbGlkX3JlcXVlc3QS3gEKWW91IGNhbid0IHNpZ24gaW4gdG8gdGhpcyBhcHAgYmVjYXVzZSBpdCBkb2Vzbid0IGNvbXBseSB3aXRoIEdvb2dsZSdzIE9BdXRoIDIuMCBwb2xpY3kgZm9yIGtlZXBpbmcgYXBwcyBzZWN1cmUuCgpZb3UgY2FuIGxldCB0aGUgYXBwIGRldmVsb3BlciBrbm93IHRoYXQgdGhpcyBhcHAgZG9lc24ndCBjb21wbHkgd2l0aCBvbmUgb3IgbW9yZSBHb29nbGUgdmFsaWRhdGlvbiBydWxlcy4KICAaWWh0dHBzOi8vZGV2ZWxvcGVycy5nb29nbGUuY29tL2lkZW50aXR5L3Byb3RvY29scy9vYXV0aDIvcG9saWNpZXMjc2VjdXJlLXJlc3BvbnNlLWhhbmRsaW5nIJADKkgKDHJlZGlyZWN0X3VyaRI4bjhuLTEwMC5teXF1YW50dW1mbG93LmFpL3Jlc3Qvb2F1dGgyLWNyZWRlbnRpYWwvY2FsbGJhY2s%3D&client_id=432222681988-l0c3u8fjr3sf15sk1m6fglvuuk3c92lc.apps.googleusercontent.com&flowName=GeneralOAuthFlow

Information on your n8n setup

n8n version: Current as of 12/19

Database (default: SQLite): Oracle and cloudflare

n8n EXECUTIONS_PROCESS setting (default: own, main): default

Running n8n via (Docker, npm, n8n cloud, desktop app): Coolify Docker

Operating system: Windows 10

This isn’t a Drive node problem and it’s not Coolify specifically either. Google is now blocking the OAuth flow because your app fails the “secure response handling” checks, not just because of https://.

That long error URL you pasted is the key.

What Google is actually rejecting

This part matters:

“doesn’t comply with Google’s OAuth 2.0 policy for keeping apps secure”
secure-response-handling

This happens when Google thinks the OAuth redirect can be intercepted or downgraded, which is very common with:

Cloudflare in front
Docker behind a proxy
n8n not fully aware it’s HTTPS end-to-end

Even if the URL looks HTTPS to you.

Why it suddenly broke

Google tightened enforcement recently. Older setups that “sort of worked” are now blocked.

Before: warning
Now: hard fail (400 Invalid Request)

The real fix (this is the important part)

You already tried adding https:// — that’s not enough anymore.

You need all of these to be true at the same time:

n8n must believe it is running on HTTPS

In Coolify → Environment Variables:

N8N_HOST=n8n-100.myquantumflow.ai
N8N_PROTOCOL=https
WEBHOOK_URL=https://n8n-100.myquantumflow.ai

Then restart the container (not just redeploy).

Cloudflare must NOT use Flexible SSL

This is critical.

Cloudflare SSL mode must be:

Full
or
Full (strict)

Flexible will break OAuth now, guaranteed.

Reason: Google detects that the final OAuth response may travel over HTTP internally.

Google OAuth app must be set correctly

In Google Cloud Console → OAuth consent screen:

App type: External
Publishing status:
- Either In testing (with your email added as test user)
- Or Published
Scopes: only what you actually use (Drive)

Then in Credentials → OAuth Client:

Authorized redirect URI must be copied directly from n8n
Do not manually edit it

After you restart n8n, open the credential in n8n and copy the redirect URL fresh.

Why hardcoding didn’t work (important)

Even if you hardcode https://:

n8n still internally thinks it’s HTTP if the proxy headers aren’t right
Google validates the entire OAuth exchange, not just the visible URL

So Google sees:

“User entered HTTPS, but backend response isn’t guaranteed secure”

→ blocked.

One more Cloudflare gotcha (very common)

If this still fails, check Cloudflare → Rules / Transform Rules:

Make sure headers are passed through:

X-Forwarded-Proto: https
X-Forwarded-Host

If those are stripped, n8n can’t infer HTTPS correctly.

Why your Drive node JSON is fine

The workflow you pasted is valid.
The failure happens before the Drive node runs — during OAuth.

So don’t debug expressions or file IDs yet. They’re not the problem.

Quantum_Jake · December 22, 2025, 12:15am

Thank you for your thoughtful response. I implemented all of this, and no dice. Some of these things weren’t updated, so I think I’m getting closer. The deeper I look at it, I’m almost positive it has to do with the image I’ve pasted here. Where my 0Auth Redirect URL is “n8n-100.myquantumflow.ai/rest/oauth2-credntial/callback”. It does not start with the “https://” Then if I hard code it in the google oauth it still pulls from what I just gave here, as the error code reflects. Any other ideas of why this is happening and how to fix? I’ve been talking with chatgpt for hours and we cannot get it solved haha.

jason_n · December 25, 2025, 3:49pm

tried to self host n8n using Linux Mint, NPM, and ngrok and having the same issue.

mohamed3nan · December 25, 2025, 3:58pm

Hi @Quantum_Jake and all friends,

This issue has already been solved in several topics here,

Please take a look:

Quantum_Jake · December 25, 2025, 5:06pm

Hi Mohamed,

Thank you for your response. I read all of these, including this one :Need help with Xero <> N8N connection

I had already tried these measure, but just for good measure I tried them again. None of this worked for me. Here’s my env variables:
ERVICE_FQDN_N8N=n8n-100.myquantumflow.ai
SERVICE_FQDN_N8N_5678=n8n-100.myquantumflow.ai:5678
SERVICE_URL_N8N=https://n8n-100.myquantumflow.ai
SERVICE_URL_N8N_5678=https://n8n-100.myquantumflow.ai:5678
GENERIC_TIMEZONE=America/Phoenix
N8N_EDITOR_BASE_URL=${SERVICE_URL_N8N}
N8N_HOST=${SERVICE_URL_N8N}
N8N_PROTOCOL=https
N8N_PUBLIC_API_URL=https://n8n-100.myquantumflow.ai
N8N_SECURE_COOKIE=true
N8N_TRUST_PROXY=true
N8N_URL=https://n8n-100.myquantumflow.ai
TZ=America/Phoenix
WEBHOOK_URL=${SERVICE_URL_N8N}

I run by using an SSH key with Oracle, Cloduflare, and then coolify. I’ve been struggling with this issue for a few weeks now, came out of no where with I believe either googles or N8N update. Should I just change to a different hosting provider like CapRover?

Quantum_Jake · December 25, 2025, 5:10pm

I’m working on migrating to caprover rn to see if it fixes it.

mohamed3nan · December 25, 2025, 5:11pm

And what does your Docker Compose look like?

Quantum_Jake · December 25, 2025, 5:55pm

n8n:

image: 'docker.n8n.io/n8nio/n8n:next'

environment:

  - SERVICE_FQDN_N8N_5678

  - 'N8N_EDITOR_BASE_URL=${SERVICE_FQDN_N8N}'

  - 'WEBHOOK_URL=${SERVICE_FQDN_N8N}'

  - 'N8N_HOST=${SERVICE_URL_N8N}'

  - 'GENERIC_TIMEZONE=${GENERIC_TIMEZONE:-Europe/Berlin}'

  - 'TZ=${TZ:-Europe/Berlin}'

volumes:

  - 'n8n-data:/home/node/.n8n'

healthcheck:

  test:

    - CMD-SHELL

    - 'wget -qO- http://127.0.0.1:5678/'

  interval: 5s

  timeout: 20s

  retries: 10

This should be everything In compose I beleive. I’m not the most experienced with this.

Quantum_Jake · December 25, 2025, 6:08pm

Also there is “Service:” above the “n8n:” It didn’t paste in

mohamed3nan · December 25, 2025, 6:17pm

Ok, you need to change ${SERVICE_FQDN_N8N} to ${SERVICE_URL_N8N}.
You can use this directly:

environment:
  - SERVICE_FQDN_N8N_5678

  - 'N8N_EDITOR_BASE_URL=${SERVICE_URL_N8N}'

  - 'WEBHOOK_URL=${SERVICE_URL_N8N}'

  - 'N8N_HOST=${SERVICE_URL_N8N}'

  - 'GENERIC_TIMEZONE=${GENERIC_TIMEZONE:-Europe/Berlin}'

  - 'TZ=${TZ:-Europe/Berlin}'

Also in Google, don’t forget to always include the https:// with your n8n instance domain,

This should be all you need @Quantum_Jake Let me know if this works..

Quantum_Jake · December 25, 2025, 6:21pm

SOLVED! Thanks man!