Oauth and encoding

Fragen
1

Hi, I am trying to connect to an Oauth2 API and I am currently struggling with the configuration.

Describe the issue/error/question

In their documentation, they wrote that the client ID and Secret needs to be encoded in base64.
How would I go about this in the Oauth credentials configuration?

(I am not sure you will be able to access this, so pasting an extract below after)
https://developer-portal.cvent.com/documentation#section/Getting-Started/Authentication

Obtain an Access Token

curl -X POST {hostName}/{version}/oauth2/token \
-H 'Authorization: Basic [Base64 encoded (client_id:client_secret)]' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=[client_id]&scope=[scope1] [scope2]'

This endpoint supports the following headers:

Header Description
Authorization Required. Encode <client_id>:<client_secret> with Base64 and specify it with Basic scheme
Content-Type Required. Set to application/x-www-form-urlencoded

This endpoint supports the following parameters:

Header Description
grant_type Required. Set to client_credentials to use Client Credentials Grant
scope Optional. The scopes you wish to use. Set to a list of space-delimited scopes. If no scopes are specified, the scopes assigned to the client will also be assigned to the access token.

Successful Response

The authorization server returns a JSON-formatted response when your request succeeds.

{
    "access_token": "{accessToken}",
    "expires_in": 3600,
    "token_type": "Bearer"
}

This endpoint’s responses include the following fields:

Header Description
access_token An access token. Set this token as a Bearer token in the Authorization header when you make requests to Cvent APIs.
expires_in The lifetime in seconds of the access token; e.g., 3600 (seconds)
token_type The type of the access token, i.e. Bearer

Share the output returned by the last node

I get a popup window with the following error message: Forbidden

Information on your n8n setup

  • **n8n version:0.160.0
  • Database you’re using (default: SQLite):
  • Running n8n with the execution process [own(default), main]:
  • **Running n8n via [Docker, npm, n8n.cloud, desktop app]:npm

Thank you!

2

What you might be able to do is create an HTTP node with basic auth of your clientId and secret, then submit the “obtain token” request with your clientId and scopes. This will give you an access token you can use in subsequent requests.

However ideally we’ll get client credentials grant type supported by the inbuilt OAuth2 credential type, if you’d like to see that go ahead and vote on this issue here Add client_credentials grant type feature for oauth2

3

According to the docs, you can also use the authorization code grant type. Did you try that? If there is a reason why you want to avoid the grant type, then check what @pemontto suggested.

What happens it’s you are trying to fit the client credentials grant in the n8n authorization code grant.

image
image1812×890 102 KB

4

Thank you both, I am not entirely sure how to achieve this for the recommended approach from @pemontto.

Here is what I tried so far (see screenshot, blurred credentials) in the Oauth2 credentials configuration, and the browser response in the pop-up above.

image
image1671×1121 140 KB

I am fairly new to Oauth as well (currently reading a book about it to better understand it) but it’s blowing my mind a bit.

I have a support call with their integration team later this week but I wish to figure out if my credentials are invalid or if I am missing something in the configuration. I haven’t got really far, I recreated an app on their dev portal with full access permissions and a new set of credentials with the same outcome.