I have an OAuth2 service where the access token expires after an hour and I have to reauthenticate on the credentials page. I believe this is because the service is not returning an HTTP error status, but a 200 response and the following JSON message:
[
{
"error": "Authentication failed"
}
]
Any flows using this credential cannot continue until I reconnect it at this point.
What’s the best way to get this to work?
Can I get it going with a custom credential type? not something I really want to get into, but if that’s the only way to get it working I will.
You are probably onto something there we expect a 401 status to know when to get a new token but if you were to create a node you would have an option to set the status code to look for which might not be ideal as any request would have a 200 status so it would refresh on every call
I am not really sure of a way around this without either making a custom node or credential with a preauthentication option on it to manually handle the refresh based on the response body.
Out of interest what service are you interacting with?
Looking at their docs they say they follow the OAuth2 specs and link to a page that contains the RFC for oauth and in there it has this: RFC 6749 - The OAuth 2.0 Authorization Framework which says they should return a 400 status code for an error including expired tokens… If they are returning a 200 response I would be raising that as an issue with them
For the Preauth you can find an example in the Metabase credential… Thinking about it though if we never detect it as an issue it might not trigger the preauth so the only other possible option would be to create a custom node.
OK, I’ve gone back in with Postman - it looks like I may have been on the wrong track. I’m getting a 401 back there, would that be supposed to work, or does it have to be specifically a 400?
That said, Postman is also having trouble refreshing the token so I should be able to do some more digging there and see what I can find out.
I’ve had some success with Postman - the request on the refresh post needed to include the client_id and client_secret which it didn’t seem to by default. Could it be a similar issue in n8n?
Well, I think I’ve got something working, between your advice, common sense and some reading other posts in the forum.
Rather than getting into development at this stage, I’ve added a scheduled workflow to export the credentials, use the refresh token and then re-import the credentials which at the moment seems to be working. I’ll have to give it an hour or two and see if everything keeps working, but initial tests are promising.
@TomSpidge that is probably it, I don’t think we include the client_id and client_secret on a refresh as it normally isn’t needed. That might be something you can do in a pre-authenticate part of a credential
