Oauth2 Client credentials Microsoft Graph

Describe the problem/error/question

Hey community,

I am trying to read info through Microsoft Graph. I have the Azure app setup with Application permissions for the scopes I need, but I am struggling to get the credentials working in n8n.

I think I have everything according to the documentation:

n8n Oauth Credential settings:

Scopes for the Azure App

HTTP request for risky users - requires IdentityRiskyUsers scope:

According to the error it seems like a problem with scopes, but according to the docs https://graph.microsoft.com/.default should give it all the scopes from the app.

I tried the same credentials via python and it all works fine.

Anyone could help (for example @pemontto according to a different post have it working), I am lost at this point.


What is the error message (if any)?

Please share your workflow

Share the output returned by the last node

"403 - "{\"error\":{\"code\":\"AccessDenied\",\"message\":\"You cannot perform the requested operation, required scopes are missing in the token.\",\"innerError\":{\"date\":\"2023-09-07T16:06:12\",\"request-id\":\"fee1a26b-0e05-4d89-86f8-393e5b483798\",\"client-request-id\":\"fee1a26b-0e05-4d89-86f8-393e5b483798\"}}}""

Information on your n8n setup

  • n8n version: Cloud 1.4.1
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:

Hey @tkey,

Looking at that Microsoft is unhappy with the scopes so there is not really a lot we can do, depending on when you created the app and granted the permissions though it might be worth deleting the credential in n8n and adding it again to make sure a new token is fetched.

It could be worth reaching out to the Azure dev community to see if they have any thoughts anyway, I can’t remember if Azure logs reasons for errors in the admin side but could also be worth looking for that.

1 Like

Hey Jon,

thanks for the message, deleting and recreating the credentials from the scratch did the work and it works now.

Lesson learned - if you are doing changes to the creds, make rather a new one :wink:



Ahh that’s a trick I’ve run into a few times before. n8n will hold on to the current token until it’s near due to expire and only then use the refresh token.

I know previously while testing I’ve had to grab the credential from the DB, decrypt it, remove the token value, re-encrypt, and update the DB. Would be nice to have a force refresh token button :stuck_out_tongue:

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.