[Self-hosted] Salesforce oAuth2 yielding an OAUTH_APPROVAL_ERROR_GENERIC error

Hi all,

Following the n8n doc for a self-hosted version of n8n, I attempted to connect a Salesforce instance using the Salesforce OAuth2 API credentials but getting an “OAUTH_APPROVAL_ERROR_GENERIC” in the Salesforce auth flow.

The SFDC connected app even has full permissions in its oAuth scope:

Has anybody encountered - and solved :slight_smile: - a similar issue or has any idea where this could come from?

Thanks a lot!

Hi @ccome, first of all welcome to the community :smiley:

I am just setting up a Salesforce dev account myself to give this a go on my own (might be tomorrow though). Could you confirm whether your callback URL would be some “special” hostname (like localhost or an internal hostname in your network or something like this) so I can try reproducing this as accurately as possible?

Also, just to double-check, are you by any chance restricting the IP range (that’s just something that has been suggested on oauth2 - OAUth Issue: OAuth_Approval_Error_Generic - Salesforce Stack Exchange when googling this error)?

And last but not least, which version of n8n are you currently self hosting?

Many thanks!

Hey @MutedJam thanks for the welcome & your help, big fan of n8n here :slight_smile:

To your points:

  • callback URL => yes we host our n8n on an internal subdomain in the following format “app.company.domain”
  • we aren’t restricting IP range for the connected app, the parameter is set to “Relax IP restrictions” in the Salesforce app policies
  • n8n version: 0.142.0

we also don’t authorize login via login.salesforce.com, only through our custom domain salesforce URL if that is of interest

thank you very much for your help, let me know if you need anything else :pray:

1 Like

Hi @ccome, so I just gave this a go with the settings you have provided and did not run into the problem you have described (my own Salesforce login domain would also be something like foo.my.salesforce.com here). I was also using a local domain for n8n only configured in my host file which is not reachable from the outside.

One noticeable difference was that for me it never said just “Full access (full)” in the “Selected OAuth Scopes” field. Salesforce instead listed all of them for me:


So maybe you could try manually adding all scopes (instead of picking just Full access (full)) for the app, just to double-check if this changes the behavior?

On a side note, Salesforce said Changes can take up to 10 minutes to take effect. whenever I updated the configuration or created a new app in its Manage Connected Apps screen. In reality it was much more than 10 minutes for me and I got a lot of different errors during the wait (form redirect_uri_mismatch to very generic errors).


Hey @MutedJam – wow the issue disappeared when adding all permissions indeed :exploding_head:

Looks like an SFDC quirk, unrelated to n8n… hope this can help other people who stumble upon the same.

Thanks for looking into it, very helpful!

1 Like