Send extra field in Body OAuth 2 Credentials

Questions
,
1

Describe the problem/error/question

I’m developing a node and I was just going through cleaning up all the code according to the linting warnings and now I’m running into some problems with 401 errors: unauthorised via OAuth2 credentials. I’ve tried reverting back to the old code that I wrote and that still doesn’t work, so I’m starting to think Microsoft has changed the authentication mechanism a little.

What is the error message (if any)?

Troubleshooting with webhooks I can see that the API only returns the correct bearer token if the following fields are sent in the body:

  • client_id
  • client_secret
  • resource
  • grant_type

For example, the body of the request should look like:
client_id=token&grant_type=client_credentials&client_secret=secrettoken&resource=https%3A%2F%2Fapi.securitycenter.microsoft.com

I’m able to successfully use an HTTP request node with all these fields filled out correctly and have it return a valid token. However, I’m unable to get the generic OAuth2 or my custom node to return a valid session token.

I think I’ve narrowed it down to the fact that the API endpoint expects the “resource” body parameter to be populated, however, I can’t add that as a parameter in my credentials and have it sent to the body of the request.

Here’s my existing code for my credentials. How can I configure the newly added “resource” property to be sent in the body of the request for getting the token?

import {
	IAuthenticateGeneric,
	ICredentialType,
	INodeProperties,
} from 'n8n-workflow';

export class MicrosoftDefenderOAuth2Api implements ICredentialType {
	name = 'microsoftDefenderOAuth2Api';
	displayName = 'Microsoft Defender OAuth2 API';
	extends = ['oAuth2Api'];
	documentationUrl = 'https://docs.n8n.io/integrations/creating-nodes/build/declarative-style-node/';
	properties: INodeProperties[] = [
		{
			displayName: 'Grant Type',
			name: 'grantType',
			type: 'hidden',
			default: 'clientCredentials',
		},
		{
			displayName: 'Access Token URL',
			name: 'accessTokenUrl',
			type: 'string',
			default: '',
			required: true,
		},
		{
			displayName: 'resource',
			name: 'resource',
			type: 'string',
			default: 'https://api.securitycenter.microsoft.com',
		},
		{
			displayName: 'Scope',
			name: 'scope',
			type: 'hidden',
			default: 'https://securitycenter.onmicrosoft.com/windowsatpservice/.default',
		},
		{
			displayName: 'Authentication',
			name: 'authentication',
			type: 'hidden',
			default: 'body',
		},
	];
}

Information on your n8n setup

  • n8n version: 0.236.2
  • Running n8n via (Docker, npm, n8n cloud, desktop app): npm
  • Operating system: Mac OS
3

Tbh, I am not sure if this is supported when extending the default OAuth2 credentials, but perhaps our chief node builder @marcus can help out here?

1 Like
4

Hi @Faintiz,
I am not aware of an easy way to add body parameters to OAuth2 authentication requests. You said that your earlier versions of your node credentials was working before refactoring. Are you sure reverting to your previous version doesn’t fix the issue? It seems unusual that Microsoft would make changes to their OAuth authentication.

Are you also aware of all the Microsoft OAuth2 credentials n8n already provides here, like MicrosoftOAuth2Api.credentials.ts that is extended by lot’s of other credentials?

5

Hey @marcus,

Thanks for getting back to me. I’ve given it a go and reverted my code back to what it looked like when it was working and still no luck sadly. I do agree, it seems very odd that Microsoft would make a change in their OAuth. I’ve even tried using the generic HTTP requests node and generic OAuth options and still am not able to get it working. The only times it works is if I use Postman or Curl and include the “resource” within the body of the token request.

Is my only really other option to create a generic credential referring back to something like this link? My main question is if I do this, will it generate a new token for every time the node is executed? I’m a little concerned that I may run into rate-limiting issues with token requests.

Do I have any other options here at all?

6

Have you considered messing around with these fields when using HTTP request OAuth2 generic credential type? Maybe adding resource=https%3A%2F%2Fapi.securitycenter.microsoft.com to this field works? I am not entirely sure though, and you may have attempted this already.

image
image1239×1322 68 KB

7

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.