OAuth2 UpWork Failing The Next Day

Describe the problem/error/question

We used OAuth2 Authorization Code grant type for UpWork.com for a client.

The UpWork OAuth connection worked fine for the first 24hr. We came back to working on the flow today to see a bizarre error. Nothing has changed since then.

I have tried to do as much research as I can, and saw both on GitHub and in the forums here of similar issues in the past that either were “fixed” or never responded to / resolved (many of these).

My ultimate question:
Is this a misunderstanding of OAuth, my setup, or is this really a bug with n8n? I am fine with manually doing the oauth refresh requests etc but that seems overkill if n8n should handle this already…

What is the error message (if any)?

Toast Error:

Problem in node ‘UpWork Fetch Business Info‘
The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.

Stack Trace:

NodeApiError: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. at ExecuteContext.execute (/usr/local/lib/node_modules/n8n/node_modules/n8n-nodes-base/dist/nodes/HttpRequest/V3/HttpRequestV3.node.js:525:33) at processTicksAndRejections (node:internal/process/task_queues:95:5) at Workflow.runNode (/usr/local/lib/node_modules/n8n/node_modules/n8n-workflow/dist/Workflow.js:741:19) at /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/WorkflowExecute.js:724:51 at /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/WorkflowExecute.js:1155:20

Please share your workflow

Screenshot 2024-12-20 at 7.24.07 PM853×623 33.1 KB

Screenshot 2024-12-20 at 7.24.15 PM856×467 14.2 KB

Share the output returned by the last node

Information on your n8n setup

• n8n version: 1.71.3 (Cloud)
• Database (default: SQLite): default
• n8n EXECUTIONS_PROCESS setting (default: own, main): default
• Running n8n via (Docker, npm, n8n cloud, desktop app): cloud
• Operating system: cloud

Hi @ThinkBot

I think your authentication is fine but looking at the error it’s probably related to what the API expects from your request body.

Doing a quick google search, it seems that it does expect a JSON, so you need to change that in your node config:

image1222×556 22.1 KB

Have a look at the official Upwork Docs to see what it’s expecting to receive
(You can see it’s expecting application/json):

                  curl --request POST \
                    --url https://api.upwork.com/graphql \
                    --header 'Authorization: bearer oauth2v2_f5*************************' \
                    --header 'Content-Type: application/json' \
                    --header 'X-Upwork-API-TenantId: 470*************' \
                    --data '{"query":"query { \
                        organization { \
                        id \
                        childOrganizations { \
                        id \
                        name \
                      } \
                    } \
                  }"}'

https://www.upwork.com/developer/documentation/graphql/api/docs/index.html

@ria

I very much appreciate anyone trying to help but what you proposed was, as I understand it, the same thing I already have with a different selection:

Screenshot 2024-12-27 at 11.44.36 AM1596×398 20.7 KB

UpWork API did not update within days of setup to usage, without issue, and then 2 days later it failed with what I believe is an incorrect error related to bad OAuth, as it so extremely general, and my UpWork API call was working and correct, including the client testing via curl.

I will most likely bump this once we are back in the office testing some other theories out with the client.

We will most likely just end up making manual oauth token refresh requests, but that seems so unnecessary.

@ria

just to confirm I wasn’t thinking weird. I in fact tested with your suggestion, and as expected, the same outcome, which I am confident is unrelated to the request and is related to the OAuth connection.

@ThinkBot why do you think this is related to OAuth?

Looking at the Upwork docs they suggest that X-Upwork-API-TenantId is a required header that you don’t appear to have set as well.

@Jon

UpWork’s documentation isn’t the greatest, despite the subheader being literally “Required X-Upwork-API-TenantId header”, it is not required as described later in the paragraph.

When the header is missing, the request will use the default organization of the user.

I did go ahead and double check, adding the header. But the same occurs. In the client’s internal documentation, they successfully use the api without the header, and works via classic curl.

For more context, the error code provided in the error output is of EAUTH, which leads me to believe its oauth related. Force googling the error provides various results about oauth implementation mistakes, so either its setup my end or a bug of n8n not respecting something with UpWorks oauth perhaps? Unsure, because via curl and for 24-48hr after client connected their account, it worked as expected within n8n, nothing changed our end (nor believe upwork’s) but time.

Is there any advice you could give on ability to investigate the oauth connection logs in more detail? (or even the request itself, as the console even provides nothing actionable)
This is on a paid cloud account. I can provide that info in DMs if something is possible your end, as thru the logs and data I can access, I do not see any clear indications. The error itself is very vague, stating (I understand this is most likely from UpWork’s end, rather than being a n8n error):

the request … missing a required parameter, … invalid parameter value, … parameter more than once, or is otherwise malformed

We can do manual refresh etc requests if needed, but would really prefer to use the default intended features.

Thank you so much so far.

Semi-bumping for visibility, part for updates.

@Jon

We have gotten the client to reconnect their account via oauth, and as expected, all requests function, no changes were made.

I suspect the oauth connection is not refreshing the token in time as its TTL is 24hr, and it must not be correctly using its stored refresh (7 days TTL), since 24hr later it completely failed to work and presented the above errors when making requests.

Is there anyone on the team we can contact for faster support?

Would be appreciated. The client is on a paid account.

Thanks

@Jon @jan @marcus @aya @ria @mariana-na

It is exactly 24hr from client re-connecting, and it is now failing with that error.

I highly suspect it is an error with the OAuth connection. Given that the responses contain EAUTH error code. AND that all queries work 100% fine for the first 24hr after client re-grants his account into the n8n connection.

UpWork has a token TTL of 24hr and a refresh TTL of 7 days.

As they are not an UpWork Enterprise client, they only have access to Authorization Code grant.

UpWork does have an abnormal token and refresh format, which is my only idea on what the suspect of the issue is. Perhaps some pattern matching or bad escapes are being used to strip or find the word oauth.

They always are prefixed with “oauth2v2_” ie “oauth2v2_584006c0ef4f69fd8278c7769da6f…”

(not a real token)

We may just move to another platform at this point.

We typically prefer to push new clients to n8n for large scale work, as it has always been great and consistently functional before, but this is leaving a sour taste in my mouth.

I will also try to forward this to [email protected], but I am not sure what to expect.

I do apologize if I am being a bit on the edge of rude. This is semi urgent and the only thing needed to be investigated for us to continue with the client. Although I do understand holidays and new year and such.
I believe investigations into the logs of the OAuth connection are needed, which we cannot access.

Thank You

We are currently (could just use n8n global variables when client will upgrade) just having the client manually go to the url via Authorization Code grant, making a curl with the code, and storing the refresh and access token in sheets.

Then we have a secondary scenario that will run cron every 10hr using the previous refresh token to fetch a new active access token, and updating sheets with it.

This works perfectly and all requests function to UpWork as expected, but is really not the preferred way, when n8n should have a working oauth flow.

We would still appreciate an investigation, and this would probably solve other old oauth bugs as well.

Hey @ThinkBot,

You mentioned an EAUTH error but I can’t see that in the data you have provided us so far. If you can share the EAUTH error you are seeing as well that could be a massive help.

When it comes to token refreshing we don’t do it based on any time instead we try to auth with the token and if we get a 401 response back we then refresh the token.

It does sound like it could be an issue with the refresh are you using the correct refresh token url and does Upwork require a special url param to actually get a refresh token I know some services like Google have this extra step needed.

I am waiting for my ID verification to complete so I can actually test this but at the moment there isn’t much we can do without having access to the platform to test.

@Jon
Apologies for the potential rudeness. Just felt like I was being blown off (don’t blame y’all tho as holidays).

UpWork’s API is extremely restrictive. You will not be getting approve for a key. Our decently large/trusted profile still isn’t approved as “not enough UpWork experience”.
Our client, a major web development agency, has been thru the ringer with UW and finally was approved.

I am open to getting in a call to help debug with the our clients details we have access to (with their permission, of course).

Entirety of the error provided by n8n, no other details:

{
“errorMessage”: “The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.”,
“errorDetails”: {
“rawErrorMessage”: [
“The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.”
],
“httpCode”: “EAUTH”
},
“n8nDetails”: {
…
]
}
}

(n8nDetails is just stacktrace as provided prior)

Their flow seems very classical to me. No special params or headers needed to do it manually.

I am unsure if UpWork themselves literally replies with EAUTH http code or if thats parsed and replaced via n8n.

Auth URL to retrieve code → grant_type=authorization_code + id + secret + code + redirect_uri → grant_type=refresh_token + refresh token + secret + id

Hopefully once I can get access to the api I will be able to run n8n with then debugger attached and see what the response is.

Looks like they were not happy with my profile picture so I need to update that so they can verify my identity.

Well I do hope you get access, perhaps they will due to you being apart of n8n, but I’m not optimistic here.

My understanding is you need either 100k spend or 100k earned thru UpWork to grant API access. They want to see a lot of profile activity. They won’t tell you this but that’s what I’d guess thru our current experiences in trying to get access ourselves & other clients.

That sounds like a nightmare, Hopefully we can get in.

No dice?

[inserting text because char minimum]

Hi @ThinkBot ,
Have you been able to fix it? I am also struggling to have it working here.

Thanks

@Mazaharul hi! Very cool, another user looking to get this working. Apologies did not see your respoonse.

Sadly there was no official fix or response from the n8n team.

The easy, but not preferred, solution was to store the auth / refresh tokens in a database, and force refresh before every request (or using cron daily). The refresh tokens last 7 days, but the auth token’s themselves only persist 24hr.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.