OAuth2 token refreshing


I’m trying to access the Withings API using the HTTPRequest node. I managed to workaround their broken access_token system (Using a Webhook workflow conditioning the body of the message to have a conforming format). Now I’m struggling with token refreshing: I reliably get an access- and refresh token, but according to my workaround-webhook execution history, the token is never refreshed (the workaround is apparently only called once: when initially getting the access_token).
Do n8n OAuth2 credentials actually refresh the access_token or is something broken?

Welcome to the community @M3gaFr3ak!

When you are using the HTTP Request node and select under “Authentication” -> “OAuth2” and configure everything correctly it will refresh the token automatically as soon as a request gets made that returns that the used token is not valid anymore.
If you build your own OAuth “process” with Webhook and HTTP Request nodes, then you would also have to take care of the refresh yourself.

I only intercept the get token URL. I guess that withings also implemented the “access token invalid message” incorrectly. I will investigate this.

Does the HTTPRequest make a request, refresh the token if invalid and then makes the request again?

You can see the logic here:

It makes a request and if “401” gets returned (which means “Unauthorized” and that the access token is not valid anymore) it uses the refresh-token to refresh the access token. That new token gets then used to repeat the request.

This is the output of the HTTPRequest when the token is invalid:

    "status": 401,
    "body": {
    "error": "XRequestID: Not provided invalid_token: The access token provided is invalid"

Executing it again doesn’t change the fact, it seems to keep using the invalid token

Do you use the OAuth2 feature of the node? Else it will not retry as described above.

I’m using OAuth2 in the authorization field. Is the “status” in this json the status of the request or part of the returned json?

That should be the actual response code. The “returned json” should be under “body”. So should work.

Is there anything you can send me via private message that we can reproduce that?

I could give you full access to everything as it’s my private server and my account (could also do a dummy account). How do I send a PM on this forum?


Click the username, click message, and then type the message as a private message.

Additionally, could you maybe also create another account that does not contain any data (not sure if possible in that software).

I can’t find the message button, maybe it’s a permissions issue?

@jan I’m pretty flexible. If you want, we could do a video call where I demonstrate it, I can also give you full access to my n8n instance. The withings account can be recreated or I can give you my data. There’s apparently also a “dummy” parameter one can use when requesting a token.