New OAuth2 access token is not saved

freddie · May 13, 2021, 8:17am

Hello,

I’m using the Exact Online API with OAuth2 (support).

The OAuth2 flow is working, until a token needs to be refreshed. As you can see in this image I do multiple requests to the Exact API, authorised with OAuth2:

https://drive.google.com/file/d/18eZB0AJs7DqxJKgg3_MbyxrJs3YhBNwr/view?usp=sharing

When an access token is expired, it successfully refreshes the token in the first request. But in the second request, I get this error:

{
    "status": "rejected",
    "reason": {
        "body": {
            "error": "unauthorized_client",
            "error_description": "Old refresh token used."
        },
        "code": "EAUTH"
    }
}

It looks like it is trying to refresh the token for a second time, so it seems like the new access token received in the first refresh request is not saved properly yet before the second request starts.
After I restart the workflow it successfully runs the whole workflow.

This behaviour makes it impossible to run the workflow as a cron job.

Can you please help me resolve this?

Thanks a lot!

jan · May 13, 2021, 2:33pm

Are the requests happening on one node or on two different ones?

freddie · May 14, 2021, 6:11am

Hi @jan ,

The requests are happening in two different nodes. If you look at this screenshot, in the green circled one the refresh token is successfully requested, the red circled one throws the error: https://drive.google.com/file/d/1Wga9ZQJV9ehDeSgQjD5i16g204Lm0SjU/view?usp=sharing

jan · May 14, 2021, 7:56pm

Ah OK, then it sadly makes sense. That is a known issue. A fix got already implemented here:

github.com/n8n-io/n8n

Load credentials from the database

n8n-io:master ← n8n-io:load-creds-db

opened 04:17PM - 05 May 21 UTC

krynble

+450 -481

This pull request relates to issue https://github.com/n8n-io/n8n/issues/1695 …We changed the way n8n uses credentials for nodes by loading them from database on demand always. This change was made because OAuth access tokens expire eventually and by keeping tokens in memory n8n refreshes tokens too many times. Tests that were done to certify nothing broke: - Trigger, webhook and poll nodes - Main, own and queue modes - OAuth2 app connection (had side effect from the changes) Please feel free to share ideas for other tests that should be done.

It does however require a change in literally every node. This PR does that but there are sadly also a lot of other nodes of other people out there. So before we make this breaking change did we want to see if we can bundle some breaking changes together to not having to break things multiple times. For that reason do I have currently sadly no ETA on when it will be merged.

Do you run n8n via Docker? Because then you could easily build an own image with that fix included.

jan · May 14, 2021, 10:33pm

Build very fast a docker-image from that branch: n8nio/n8n:load-creds-db

You can see if that fixes your problem. This image is however currently untested and will not be updated.

freddie · June 24, 2021, 7:06am

This fixed the issues for now, I hope the PR is merged soon!

jan · June 24, 2021, 7:27am

Glad to hear that it works. As it is a breaking change (on the code side) are we currently waiting on getting also another feature ready with another breaking change to not cause to many problems for users with custom nodes. Once that is ready will we release them together.

laurens-novyx · July 26, 2021, 9:19am

We are unfortunately running into the same issue, also with the Exact Online API.

Is there already a time window for the release of this fix?
It would be especially important for use in the authentication part of the ‘HTTP Request’ node.

jan · August 22, 2021, 1:50pm

Fix got released with 0.135.0

freddie · December 8, 2021, 10:11am

I am using version 0.151.0, and the issue occurs again with the exact same error message:

{"status":"rejected","reason":{"body":{"error":"unauthorized_client","error_description":"Old refresh token used."},"code":"EAUTH"}}

theveloped · June 7, 2022, 12:03pm

Hi @freddie, very curious if you have been able to solve your issue and if you have any advice on connecting to exact online. As far as I can tell on my end the OAuth2 credentials are picked up by n8n correctly but running any request using the credentials will simply get hang on “executing node”.

RicardoE105 · June 7, 2022, 12:21pm

Welcome to the community @theveloped

What version of n8n are you using?

freddie · June 7, 2022, 12:31pm

Hi @theveloped, this sounds to me like another issue.
Mine is still not resolved though, tokens are not refreshed correctly it seems.

RicardoE105 · June 7, 2022, 2:15pm

Are you still using 0.151.0? Because we made a change to OAuth2 in [email protected]

https://docs.n8n.io/reference/release-notes/#core-functionality_5

freddie · June 7, 2022, 2:25pm

I am currently on 0.173.1

RicardoE105 · June 7, 2022, 4:27pm

Then if it does not refresh it, Exact Online might be expecting something non-standard when refreshing the token. It isn’t easy to have an OAuth2 flow so generic that it covers all possible cases. Even though it’s a standard, some companies choose to add a minor tweak to it. This issue might solve by creating an Exact Online node because, in the node, we can use variables that change the refresh token behavior, unlike with the HTTP node. The other option would be to make the OAuth2 flow credentials more extensible to cover non-standard user cases. The latter will take a considerable amount of work.

freddie · June 10, 2022, 10:12am

Thanks, what would be a good starting point for me to develop the Exact node?