Oauth2 Client credentials Microsoft Graph

Questions
1

Describe the problem/error/question

Hey community,

I am trying to read info through Microsoft Graph. I have the Azure app setup with Application permissions for the scopes I need, but I am struggling to get the credentials working in n8n.

I think I have everything according to the documentation:

n8n Oauth Credential settings:

Screenshot 2023-09-07 at 18.08.16
Screenshot 2023-09-07 at 18.08.161760×1688 165 KB

Scopes for the Azure App
Screenshot 2023-09-07 at 18.09.55
Screenshot 2023-09-07 at 18.09.552118×750 113 KB

HTTP request for risky users - requires IdentityRiskyUsers scope:
Screenshot 2023-09-07 at 18.27.13
Screenshot 2023-09-07 at 18.27.133562×1768 376 KB

According to the error it seems like a problem with scopes, but according to the docs https://graph.microsoft.com/.default should give it all the scopes from the app.

I tried the same credentials via python and it all works fine.

Anyone could help (for example @pemontto according to a different post have it working), I am lost at this point.

Thanks

What is the error message (if any)?

Please share your workflow

Share the output returned by the last node

"403 - "{\"error\":{\"code\":\"AccessDenied\",\"message\":\"You cannot perform the requested operation, required scopes are missing in the token.\",\"innerError\":{\"date\":\"2023-09-07T16:06:12\",\"request-id\":\"fee1a26b-0e05-4d89-86f8-393e5b483798\",\"client-request-id\":\"fee1a26b-0e05-4d89-86f8-393e5b483798\"}}}""

Information on your n8n setup

  • n8n version: Cloud 1.4.1
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:
2

Hey @tkey,

Looking at that Microsoft is unhappy with the scopes so there is not really a lot we can do, depending on when you created the app and granted the permissions though it might be worth deleting the credential in n8n and adding it again to make sure a new token is fetched.

It could be worth reaching out to the Azure dev community to see if they have any thoughts anyway, I can’t remember if Azure logs reasons for errors in the admin side but could also be worth looking for that.

1 Like
3

Hey Jon,

thanks for the message, deleting and recreating the credentials from the scratch did the work and it works now.

Lesson learned - if you are doing changes to the creds, make rather a new one :wink:

Thanks

3 Likes
4

Ahh that’s a trick I’ve run into a few times before. n8n will hold on to the current token until it’s near due to expire and only then use the refresh token.

I know previously while testing I’ve had to grab the credential from the DB, decrypt it, remove the token value, re-encrypt, and update the DB. Would be nice to have a force refresh token button :stuck_out_tongue:

1 Like
5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.