OAuth Authorization Error in v0.170.0

Hello!
Saw a thread where this had been fixed in 0.168.0 but I have run into the issue on 0.170.0,

Having tested Gmail and Github I’ve gotten the same error:

OAuth Authorization Error

There was a problem generating the authorization URL
Cannot read property ‘globalRole’ of undefined

That pops up when pressing “connect now”

Envs:

            WEBHOOK_URL: "https://api.domain.com",
            N8N_HOST:"x.x.x.x",
            N8N_PORT:"5678",
            N8N_PROTOCOL:"https",
            N8N_EDITOR_BASE_URL:"https://n8n.domain.com",
            N8N_LISTEN_ADDRESS: "0.0.0.0",
            N8N_ENDPOINT_WEBHOOK: "api",
            N8N_ENDPOINT_WEBHOOK_TEST: "api-test",
            N8N_ENDPOINT_WEBHOOK_WAIT: "api-wait",
            N8N_METRICS:true,
            DB_TYPE:"postgresdb",
            DB_POSTGRESDB_DATABASE:"n8n", 
            DB_POSTGRESDB_HOST:"x.x.x.x",
            DB_POSTGRESDB_PORT:"5432",
            DB_POSTGRESDB_USER:"n8n", 
            DB_POSTGRESDB_PASSWORD:"#############", 
            NODE_FUNCTION_ALLOW_EXTERNAL:"uuid",
            QUEUE_BULL_REDIS_HOST:"xx.xx.x.xx",
            QUEUE_BULL_REDIS_PORT:"xxxx",
            QUEUE_BULL_REDIS_PASSWORD:"##########",
            EXECUTIONS_MODE:"queue",
            N8N_DISABLE_PRODUCTION_MAIN_PROCESS:"true",
            N8N_SKIP_WEBHOOK_DEREGISTRATION_SHUTDOWN:"true",
            N8N_EMAIL_MODE:"smtp",
            N8N_SMTP_HOST:"smtp.gmail.com",
            N8N_SMTP_USER:"[email protected]",
            N8N_SMTP_PASS:"############",
            N8N_SMTP_SENDER:"[email protected])",
            N8N_SMTP_PORT:"587",
            N8N_SMTP_SSL:false

I am also running scaling mode incase that makes a difference.

Information on your n8n setup

  • n8n version:0.170.0
  • Database you’re using (default: SQLite):Postgres
  • Running n8n with the execution process [own(default), main]:queue
  • Running n8n via [Docker, npm, n8n.cloud, desktop app]:npm
1 Like

Hi @Jaime_B, I am sorry to hear you’re having trouble here.

I tried reproducing this on my end, but was unfortunately unable to do so on a freshly created docker container using [email protected].

I wonder if this could possibly be related to your existing OAuth data. Could you double-check if this is problem also occurs for you when using a fresh database (to test this with SQLite you can simply remove the DB_TYPE and DB_POSTGRESDB... environment variables)?

Hi @MutedJam,
As it was a fairly fresh instance I just deleted the Postgres DB and re had n8n rebuild it.
Sadly no luck with that, do you have any idea what the error is actually implying?
I am a fan of debugging but sadly I’m not getting a lot to go off on this one, my basic guess of the issue is around n8n not being passed the user I’m logged in as?

I’ll give running it off a sqlite DB a go and will feedback if there is any luck.

A seperate related question, what is the process when I press connect account? Wonder if its not happy with my server setup/routing.

Hey @Jaime_B,

Out of interest are those the only environment options you have set?

@Jon Yep Thats straight from my pm2 ecosystem.config.js. I can get you the Envs for my Worker/Webhook servers too if you want them?

Hey @Jaime_B, just a quick update on this. After some further testing it seems this is related to the N8N_ENDPOINT_WEBHOOK variable. I have reported this bug internally, but just to double-check, would you be able to (temporarily) remove this variable and confirm whether this is indeed what’s causing the trouble for you here?

1 Like

Hi @MutedJam
Sorry took me a while to get back to you, I can confirm changing the N8N_ENDPOINT_WEBHOOK did fix the problem but a side effect of that is that my instance no longer recognises any of my old credentials, very odd.
Edit: The Not recognising credentials was a seperate issue with them not being added to the shared credential table as they were created after reverting to an old version and then re upgrading (fixed by adding the association to the table)

1 Like

Thanks so much for confirming! @krynble took a quick look into this the other day and has raised a PR to fix this (this one I think), so hopefully this should work again soon.

@MutedJam Fantastic stuff! Will provide an update once this is out.

Fix got released with [email protected]

1 Like

@MutedJam The latest release has now fixed that issue, But OAuth is still not working.

I can go through the OAuth set up now but once I hit connect and the redirect happens I’m faced with a lovely plain text Unauthorized. See image: Screenshot - cdb7dfde1c6ecd4bdcce234b8127e3b8 - Gyazo

Tested on GMail, Hubspot and Github all with the same results.

I would assume this is an issue around the new user management, any insight would be great.

Hey @Jaime_B, I also gave this another go on my end after upgrading to 0.171.1 but didn’t run into any problem with authenticating.

I have used the below docker-compose.yml file to reproduce the problem, but ended up with connected to my Google account:

docker-compose.yml
version: '2'

services:
  postgres:
    image: postgres:13
    restart: unless-stopped
    environment:
      - POSTGRES_USER=n8n
      - POSTGRES_PASSWORD=foo

  n8n:
    image: n8nio/n8n:0.171.1
    restart: unless-stopped
    ports:
      - 5678:5678
    environment:
      - WEBHOOK_URL=http://localhost:5678
      - N8N_HOST=localhost
      - N8N_PORT=5678
      - N8N_PROTOCOL=http
      - N8N_EDITOR_BASE_URL=http://localhost:5678
      - N8N_LISTEN_ADDRESS=0.0.0.0
      - N8N_ENDPOINT_WEBHOOK=api
      - N8N_ENDPOINT_WEBHOOK_TEST=api-test
      - N8N_ENDPOINT_WEBHOOK_WAIT=api-wait
      - N8N_METRICS=true
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_DATABASE=n8n
      - DB_POSTGRESDB_HOST=postgres
      - DB_POSTGRESDB_PORT=5432
      - DB_POSTGRESDB_USER=n8n
      - DB_POSTGRESDB_PASSWORD=foo
      - NODE_FUNCTION_ALLOW_EXTERNAL=uuid
      - QUEUE_BULL_REDIS_HOST=redis
      - QUEUE_BULL_REDIS_PORT=6379
      # - QUEUE_BULL_REDIS_PASSWORD=
      - EXECUTIONS_MODE=queue
      - N8N_DISABLE_PRODUCTION_MAIN_PROCESS=true
      - N8N_SKIP_WEBHOOK_DEREGISTRATION_SHUTDOWN=true
      - N8N_EMAIL_MODE=smtp
      - N8N_SMTP_HOST=smtp.gmail.com
      - [email protected]
      - N8N_SMTP_PASS=############
      - [email protected])
      - N8N_SMTP_PORT=587
      - N8N_SMTP_SSL:false
    depends_on:
      - postgres

  redis:
    image: redis
    restart: unless-stopped
    ports:
      - 6379:6379

I’ve also tested the upgrade on my actual server running a similar configuration (with https/TLS set up) using [email protected] and didn’t have trouble here either.

Would you be able to provide the steps required reproduce the problem from scratch?

Hi @MutedJam,
Thats very odd…
I’m struggling to figure out what exactly is causing the issue,
The steps are
npm install n8n -g
set envs in pm2 ecosystem file (also tested setting the envs in cmd line)
run n8n either through pm2 or via n8n start
Both give same results of a 401 error but only for rest/oauth2-credential/callback
I have traefik managing the reverse proxy but having tested on 0.167.0 and being able to set up oauth I know its working correctly. (Unless its somehow interfering with the auth?)
If I tested setting N8N_AUTH_EXCLUDE_ENDPOINTS to true and that removed the unauthorised (obviously) But gave the global role error when oauthing.
I also deleted the database and remade it but that kept the error.

Any ideas let me know.

@MutedJam I’ve found the issue,
I’m using a different subdomain for my ui and endpoints!
So WEBHOOK_URL = api.domain.com
but the UI is accessible on n8n.domain.com
That difference seems to upset the user auth (I assume because its specific to the subdomain you log in on?)
Anyway its an easy fix for the time being of just having the endpoints and ui share a subdomain but I guess a usecase that needs to be considered :slight_smile:

2 Likes

Thanks so much for these additional details @Jaime_B! I did indeed set both variables to identical values on my end which is why it’s working for me.

On first thought I wonder if n8n is using the wrong redirect URL in that scenario. When manually opening the redirect URL showing “unauthorized” and replacing api.domain.com with n8n.domain.com, the connection actually succeeds:

image

I’ll make sure to add this to our internal bug tracker and will report back once I get an update.