Oauth2 credentials missing urldecode

Luca_Bartoli · August 9, 2022, 8:24am

Describe the issue/error/question

In OAuth2 authorization code flow, I receive a code which contains an urlencoded slash.
As the procedure sends the code, I think it doesn’t urldecode the code, resulting in an error obtaining the token.
I succesfully tried the same OAuth flow manually and there are no issues.

What is the error message (if any)?

Failing final step of oauth2 with:
{“code”:0,“message”:“There was an error decoding the token.”,“hint”:“”}

Received redirect

https://myinstance/rest/oauth2-credential/callback?code=c%2FeyXXXXX.YYYYYYY.ZZZZ&state=null
(state is not relevant for the token call)

Manual call

{
  "grant_type": "authorization_code",
  "client_id": "MY_CLIENT_ID",
  "client_secret": "MY_CLIENT_SECRET",
  "redirect_uri": "https://myinstance/rest/oauth2-credential/callback",
  "code": "c/eyXXXXX.YYYYYYY.ZZZZ"
}

This works with the following response:

{
    "token_type": "bearer",
    "access_token": "a/eyZZZZZ",
    "refresh_token": "r/eyRRRRRR",
    "expires_in": 86400
}

Information on your n8n setup

**n8n version: any (tried 0.189.1 also)
**Database you’re using: SQLite
**Running n8n with the execution process: main
**Running n8n via: docker

MutedJam · August 9, 2022, 9:38am

Hi @Luca_Bartoli, welcome to the community

I’ve converted your question into a feature request so a decode option for OAuth2 redirects can be considered in future product releases.

Make sure to vote on it so our team knows about your interest in having this functionality added.

Luca_Bartoli · August 9, 2022, 11:35am

To me it seems more a bug than a feature.
Code is always in a query parameter in oauth2 flow, so it is always urlencoded. Shouldn’t the response parameters always being urldecoded (which includes code param)?