Closed lawfulsoftware closed 2 months ago
Hey @lawfulsoftware
Are other oauth services working ok?
Did you also set the offline access_type option?
Thanks for the quick response, @Joffcom.
I have tried different approaches, including setting access_type=offline
.
I don't use OAuth with many services. I just tried to connect Nextcloud and experienced the same issue. It also happens if I use the built-in Zoho Oauth2 API which only works with Zoho CRM.
I have logging set to debug
however I do not see any issues. I also don't see any issues with my configuration. I am using Traefik in case that is relevant.
I used basic auth at one point but I commented it out a long time ago.
Since the oauth2 callback url is excluded from the browserId check, the only way for that url to return a 401 is when the request is missing the auth cookie.
I am using Edge. I only had two extensions however I disabled both. There is no change in behaviour.
I will add the following:
When I add prompt=consent
, it still shows the same { "status": "error", "message": "Unauthorized" }
message however it does not return a 401 and, when I close out of the credential manager and open it again, it shows a green Account connected
message. If, however, I execute a GET request on https://mail.zoho.com/api/organization
, I receive the following response:
The resource you are requesting could not be found
404 - "{\"data\":{\"errorCode\":\"INVALID_OAUTHTOKEN\"},\"status\":{\"code\":404,\"description\":\"Invalid Input\"}}"
Also, the auth token is contained in the query string of the page displaying the error. Here are screenshots of the network requests.
I just tried in Chrome Canary (no extensions) with the same result. I am using Edge 126.0.2592.102 (Official build) (64-bit).
The callback popup has no effect on my n8n session.
The callback popup has no effect on my n8n session.
Can you please check if the domain for the popup and the domain you are accessing n8n over are the same?
That was it! Thank you!
The domain is the same but I was using a different subdomain for the UI. I accessed the UI using the webhook subdomain and it worked correctly.
Ideally, it should be possible to use different subdomains for the UI and webhooks but I can confirm that this solution works and persists even if I revert to the UI subdomain.
Quick thought. If it's difficult to permit authentication when using a different subdomain for the UI, could a warning be displayed when trying to connect the account?
Bug Description
The authentication process appears to be blocked by this check.
I am trying to authenticate with the [Zoho Mail API] (https://www.zoho.com/mail/help/api/using-oauth-2.html). I see the pop-up asking for approval of the requested permissions. Once granted, the request is redirected to n8n
https://{your_domain}.com/{your_redirect_page}?code={authorization_code}&location={domain}&accounts-server={accounts_url}
but I receive:If I try to access the redirect URL directly (i.e., without any query parameters), I receive the same error message.
The process breaks at this point and I cannot move to step 3 of Zoho's documentation.
To Reproduce
Try to authenticate following Zoho's documentation.
Expected behavior
Authentication should work seamlessly
Operating System
Docker
n8n Version
1.49.0
Node.js Version
20.14.0
Database
PostgreSQL
Execution mode
main (default)