Hi, I’m a product manager with Asana.
We recently released scopes for our OAuth and I’d like to provide a way for n8n users to register and use scopes as part of their n8n credentials here:
I’m not too familiar with n8n. Can scopes be entered as part of any OAuth credential configuration or does there need to be a code change to collect them and request them at authorize.
If you have any examples of configuration docs that collect scopes, that would be helpful.
You don’t normally add scopes manually, they are chosen and set within the process of configuring OAuth itself
But they need to be specified at authorize time for Asana. We don’t assume that you want certain scopes at the moment.
Nothing should really change on the n8n side though, right? It is still a redirect url from n8n which you take from n8n to asana and client id and client secret from you take from asana to n8n, the rest is either statically set in asana or dynamically configured within the authorization process.
Although I see that the scopes are now mandatory, which means that existing integrations will probably fail. I didn’t have an account before… well just now, without setting scopes the Auth process does fail. After enabling full or adding specific scopes on the Asana side, the process is no different in n8n from what it used to be.
Tried “getting” my test project, all works fine.
Scopes aren’t mandatory. A lot of n8n users are opting out which is why I’m here. To see how we could get n8n working with scoped access for the security benefits.
There might be a misunderstanding because that’s not how our OAuth implementation works. Currently, you need to specify scopes at authorize time or scopes access. I don’t think that’s uncommon. Definitely supported by the spec.
Outside of changing Asana’s OAuth implementation, is there no precedent for setting scopes to request in n8n? Examples to point to?
Pinging again to see if anyone has examples to share. I don’t have an n8n instance running at the moment.
Hey @John_Baldo_Asana !
N8n simplifies the OAuth2 credentials creation with its built in tooling. When user takes Asana node into use they’re guided through credentials creation, which on cloud by default suggests the user to create OAuth credential with a view looking like this on the cloud version:
On self-hosted the new credential field is slightly different and lets user to define the client id, secret and redirect url.
This credential is defined at n8n/packages/nodes-base/credentials/AsanaOAuth2Api.credentials.ts at master · n8n-io/n8n · GitHub, which currently just defines scope as an empty string and hides that field by setting its type to “hidden”, so users can’t currently set it and its always left empty.
We then open a new popup window with URL https://app.asana.com/-/oauth_authorize?client_id=<client_id>&redirect_uri=<redirect_type>&response_type=code&state=<state>&scope= with no scopes selected to complete their authorization, which is why you’re seeing a lot of n8n users without scopes.
To add scopes support to this credential either a good set of default scopes could be added instead of empty string, or the field could be changed to a visible editable one. There are also other nodes with more complex scope pickers, like AzureEntraCognitiveServicesOAuth2Api.
