Node - Oauth2 API [GOT CREATED]

Hi! can’t find this branch

Hey @bundinho. Welcome to the community. This is the branch https://github.com/n8n-io/n8n/tree/oauth-support however, what you might want is the docker image here https://hub.docker.com/layers/n8nio/n8n/0.67.3-oauth-beta/images/sha256-0846615309fc52ae6998807c131fbf4d72724096b6e8273dcdc0e7190c8eb6b9?context=explore

1 Like

Was this merged into the 0.67.3 release? :crossed_fingers:

No that is a totally separate branch in GitHub. It includes everything in version 0.67.3 + the OAuth code and its integrations. The code of that branch got published as the above docker-image to allow people to test it before we merge it into master.
Currently are still waiting for feedback from the community to make sure everything is working fine. Before I do not receive it will hold on merging to avoid problems.

Using the image restarts my n8n container constantly with the following error:

>> docker logs -f n8n

The command "-c" is not known!

n8n Workflow Automation Tool

VERSION
  n8n/0.67.3 linux-x64 node-v12.16.1

USAGE
  $ n8n [COMMAND]

COMMANDS
  execute
  start    Starts n8n. Makes Web-UI available and starts active workflows

ln: /home/node/.n8n: File exists

The command "-c" is not known!

n8n Workflow Automation Tool

VERSION
  n8n/0.67.3 linux-x64 node-v12.16.1

USAGE
  $ n8n [COMMAND]

COMMANDS
  execute
  start    Starts n8n. Makes Web-UI available and starts active workflows

I use the docker-compose file from the repo:

n8n:
  image: n8nio/n8n:0.67.3-oauth-beta
  restart: always
  environment:
    - DB_TYPE=mongodb
    - DB_MONGODB_CONNECTION_URL=mongodb://${MONGO_NON_ROOT_USERNAME}:${MONGO_NON_ROOT_PASSWORD}@mongo:27017/${MONGO_INITDB_DATABASE}
    - N8N_BASIC_AUTH_ACTIVE=true
    - N8N_BASIC_AUTH_USER
    - N8N_BASIC_AUTH_PASSWORD
  ports:
    - 5678:5678
  links:
    - mongo
  volumes:
    - ~/.n8n:/root/.n8n
  command: /bin/sh -c "sleep 5; n8n start"

Ah yes that specific command did currently not work as the build/installation is done totally different.

So testing is possible just like with the regular image like this:

docker run -it --rm \
  --name n8n \
  -p 5678:5678 \
  -v ~/.n8n:/root/.n8n \
  n8nio/n8n:0.67.3-oauth-beta \
  n8n start --tunnel

Additionally did I now improve the image that also executing with “/bin/sh” is possible. So for it to work the image has to get pulled again, to get the latest version with the fix:
docker pull n8nio/n8n:0.67.3-oauth-beta

And then does the line with the command in the docker-compose.yml has to get changed to this:

  command: /bin/sh -c "sleep 5; ./packages/cli/bin/n8n start"
1 Like

Some feedback:

  • callback url needs to be editable since internal docker url does not have to be the same as external (internet facing) url
  • disable connection test button before form was not saved

My test setup and the problems/config quirks:

Thanks a lot for your feedback!

callback url needs to be editable since internal docker url does not have to be the same as external (internet facing) url
It uses the same base as the webhook and can so be set via the environment variable WEBHOOK_TUNNEL_URL

disable connection test button before form was not saved
It should actually work as it checks if the form got saved already. If the credentials are new it creates them first and if they got changed it updates them first. Did you have problems? Maybe there is still a bug. If so can you please describe what you are doing.

Authorization URL & Access Token URL
That would be the URLs supplied by the service you are authenticating with. So both would be external URLs.

1 Like

With WEBHOOK_TUNNEL_URL N8N shows me the correct callback URL. However after authentication the redirect to N8N ends with a 502 (Bad gateway) status.

The redirect of our system is a GET request with the following format:
https://n8n.central.nightlybuild.dev/rest/oauth2-credential/callback?code=ee5....&state=eyJ0b2....

Any idea what could be the problem?

Edit:
Another issue - maybe related? I can’t delete credentials. Pressing F5 restores them:

Thanks a lot. Will check it out.

@jwillmer I spend now a lot of time trying to reproduce the issues you are having but I am sadly totally unable to do so. Also with authentication activated (like you have) and executing it in the main process, it always works fine for me.
I can always connect to the service I am testing with (in this case Github) and deleted credentials are always deleted, no matter how often I refresh. Do you have the same issues if you simply start it like described here:

If it does work fine there, what setting you are using does break it? Because if I can not reproduce the bug I sadly do not know how to fix it.

Thanks a lot for your help!

I was able to connect with GitHub. So now I will look into our application. However the delete credentials issue still persists. I let you know if it also happens on a stable image as soon as I have tested it.

1 Like

Great, thanks a lot @jwillmer !

We can’t figure it out. We would need some kind of logging output from N8N to investigate further.

The workflow at the moment is that after a successful login the redirect to N8N times out. We also saw in the logs of our user mgm that N8N wasn’t requesting the Access Token URL.

About your comment:

image

The access token url will be called internally by N8N and not via the user (browser). That means that in our setup the URL needs to have the internal DNS name of the user mgm:

Thanks a lot @jwillmer!

Does the delete issues happen for you on other images?

Ah yes sorry. With “external URL” I did not mean that it has to be really on another server. I meant “external” of n8n. Looks then correct with what you have.

I can however still not understand why it would not work for your internal OAuth2 service. For all the other OAuth2 services we already build integrations for, it works perfectly fine. I saw that your “Authorization URL” uses https. Is it using a valid certificate or is it something self-signed? Because that is the only thing I can come up with right now.

I am using OAuth2 to connect Google Dialogflow API. Most of the things work fine and I can authenticate my client and get the JSON response from Dialogflow as well. However, it seems that the refresh token from the initial response was not saved and it produced the following error when the access token got expired after 3600 seconds.

ERROR: No refresh token

Error: No refresh token
    at ClientOAuth2Token.refresh (/data/node_modules/client-oauth2/src/client-oauth2.js:367:27)
    at /data/packages/core/src/NodeExecuteFunctions.ts:149:34
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at Object.execute (/data/packages/nodes-base/nodes/HttpRequest.node.ts:804:17)
    at /data/packages/core/src/WorkflowExecute.ts:597:26

Here is my HTTP Node’s OAuth settings:

Untitled

Any ideas what could be this problem?

Many thanks!

I can however still not understand why it would not work for your internal OAuth2 service. For all the other OAuth2 services we already build integrations for, it works perfectly fine. I saw that your “Authorization URL” uses https. Is it using a valid certificate or is it something self-signed? Because that is the only thing I can come up with right now.

Do you have an idea how I could debug n8n to monitor the oauth process end find out the issue?

@vanting Sorry to hear that you have problems. Are you using the latest code from Github or the Docker image? Because there should actually always just overwrite the supplied data. So if with the first authentication request the refresh_token gets returned and with the second one not, it should not overwrite it:

Are you sure it got returned? Because the refresh_token does not get returned by default by all services. The most time access_type=offline has to be supplied as query parameter.

@jwillmer the only way to do that is to pull the n8n code locally, add debug messages to the OAuth REST endpoints like this one:


and build it.

1 Like

I am using the docker image n8nio/n8n:0.67.3-oauth-beta. Does it matter?

I did provide the query parameter access_type=offline as you may see it from my screenshot of the OAuth configuration. I tested the whole authentication process with Google’s OAuth Playground and am sure that it will reply with the refresh_token from the first response.

However, I do not know how can I log the response of the HTTP node for debugging. I am very new to n8n. Sorry for my dumb questions.