Oauth2 Apps setup for org

mje · October 24, 2025, 12:20pm

Describe the problem/error/question

We’re testing n8n self-hosted as a company with business plan. Several people just want to start now and integrate Slack and Google. Sadly, it requires for them to create own apps and oauth credentials individually.

What is the error message (if any)?

I’ve created a GMail Oauth and shared that with an other user. The user was able to use that credentials, but as I signed in there, he got access to my inbox.

Information on your n8n setup

n8n version: Version 1.112.6
Database (default: SQLite): default
n8n EXECUTIONS_PROCESS setting (default: own, main): default
Running n8n via (Docker, npm, n8n cloud, desktop app): docker
Operating system: debian

Is there a way to prevent on the one hand that every user has to setup own oauth creds and on the other hand to enable people w/o permissions or knowledge to need to create such credentials - so integrate an app once for the entire workspace.

Best,
Matthias

mje · October 31, 2025, 9:45am

Finally, I found the solution. Keywords are credential overwrites. I had to add the following two lines to my compose.yaml:

environment:
      - CREDENTIALS_OVERWRITE_ENDPOINT=send-credentials
      - CREDENTIALS_OVERWRITE_ENDPOINT_AUTH_TOKEN=<token>

This creates an api endpoint n8n will use to look up for credentials. The creds it-self are stored as oauth-credentials.json in the same directory.

Example:

{
    "slackOAuth2Api": {
        "clientId": "<clientID>",
        "clientSecret": "<client secret>"
    },
    "googleOAuth2Api": {
        "clientId": "<client id>.apps.googleusercontent.com",
        "clientSecret": "<client secret>",
        "scope": "https://www.googleapis.com/auth/gmail.labels https://www.googleapis.com/auth/gmail.addons.current.action.compose https://www.googleapis.com/auth/gmail.addons.current.message.action https://mail.google.com/ https://www.googleapis.com/auth/gmail.modify https://www.googleapis.com/auth/gmail.compose https://www.googleapis.com/auth/documents https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.appdata https://www.googleapis.com/auth/drive.photos.readonly https://www.googleapis.com/auth/spreadsheets https://www.googleapis.com/auth/presentations https://www.googleapis.com/auth/tasks https://www.googleapis.com/auth/cloud-translation"
    },
    "gmailOAuth2": {
        "clientId": "<client-id>.apps.googleusercontent.com",
        "clientSecret": "<client secret>
    }
}

When a user now wants to create a new credential for Slack or Gmail/Google, the credential and secret fieldds are not available, only the Sign in Buttons

To get the correct identifier, check out github repo of n8n. Example:

export class SlackOAuth2Api implements ICredentialType {
	name = 'slackOAuth2Api';

	extends = ['oAuth2Api'];

	displayName = 'Slack OAuth2 API';

	documentationUrl = 'slack';

name = identifier

I hope that helps others as well.

Best,
Matthias

system · November 7, 2025, 9:46am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.