search

n8n-io / n8n

Free and source-available fair-code licensed workflow automation tool. Easily automate tasks across different services.
https://n8n.io
Other
48.48k stars 7.59k forks source link

Cannot connect my account to oAuth 2.0 because of 403 Error on rest/oauth2-credential/callback #6067

Closed todaysday closed 5 months ago

todaysday commented 1 year ago

Describe the bug I'm trying to connect to Upwork API oAuth 2.0 https://developers.upwork.com/#authentication_oauth-20 A week ago everything worked well but now HTTP status 403 always in the end instead of "Account connected". The url of the popup window is https://n8n-production-247e.up.railway.app/rest/oauth2-credential/callback?code=33cae5c{removed_by_me}f36904b&state=eyJ0b2tlbiI6ImhWT2{removed_by_me}EN2WSIsImNpZCI6IjEifQ%3D%3D

To Reproduce Steps to reproduce the behavior:

  1. Create HTTPrequest node
  2. Choose Generic Auth Type OAuth2 API
  3. Fill:
  4. Click: Connect my Account
  5. First time Pop-up opens with url https://www.upwork.com/ab/account-security/oauth2/authorize?client_id=c9d44{removed_by_me}b2646e6&redirect_uri=https%3A%2F%2Fn8n-production-247e.up.railway.app%2Frest%2Foauth2-credential%2Fcallback&response_type=code&state=eyJ0b2tlbiI6Il{removed_by_me}3D%3D&scope Next time it just redirects to next one
  6. Pop-up with url https://n8n-production-247e.up.railway.app/rest/oauth2-credential/callback?code=931d97386{removed_by_me}bd0c6ff&state=eyJ0b2tlbiI6IlNlTFpQblVlLUtnZHY{removed_by_me}yb2ZzUGc0USIsImNpZCI6IjEifQ%3D%3D with message
    "Error: HTTP status 403 Failed to connect. The window can be closed now."
  7. There is no message account connected and there is not available to use token for HTTPResuest node requests

Expected behavior Account connected

Environment (please complete the following information):

Additional context Everything works like a charm on Postman because Postman done care about 403 from ttps://n8n-production-247e.up.railway.app/rest/oauth2-credential/callback and just use code=931d97386{removed_by_me}bd0c6ff&state=eyJ0b2tlbiI6IlNlTFpQblVlLUtnZHY{removed_by_me}yb2ZzUGc0USIsImNpZCI6IjEifQ%3D%3D this part to get all needed

Joffcom commented 1 year ago

Hey @todaysday,

That is interesting, Did anything change just before it stopped working? I just tried to sign up for an account on Upwork to test this but they don't make it easy and require ID verification which is mildly annoying.

A 403 typically means part of the data is wrong, When you did the test in Postman did that also show a 403 or something else?

todaysday commented 1 year ago

Hey @Joffcom not sure about changes on Upwork, but I've updated n8n 0.217.2 to 0.222.2

Here is what postman shows after Get New Access Token 

GET https://www.upwork.com/ab/account-security/oauth2/authorize?response_type=code&client_id=c9d44861159{removed_by_me}2646e6&redirect_uri=http%3A%2F%2Fn8n-etc.up.railway.app%2Frest%2Foauth2-credential%2Fcallback
302
Request Headers
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) PostmanCanary/10.12.12-canary230404-1148 Chrome/100.0.4896.160 Electron/18.3.5 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: master_refresh_token=b780d9c7.oauth2v2_994cf4aa{removed_by_me}aac5dc84371749.1; visitor_id=110.169.8.238.1682139500576000; lang=en; cookie_prefix=; cookie_domain=.upwork.com; __cflb=02DiuEXPXZVk436fJfSVuuwDqLqkhavJbswGFyAnaaVjR; lang=en; _gcl_au=1.1.541019886.1682139502; _cq_duid=1.1682139501.T8meecfLGc9sl7lZ; _cq_suid=1.1682139501.TU0OCBIA2H9MsQxZ; _tt_enable_cookie=1; _ttp=8O-CQqbAzNovw8biE5f4-6U6C8k; G_ENABLED_IDPS=google; spt=3fab2b59-cff5-4378-8e1a-1487c6fd4e2e; _rdt_uuid=1682139503401.60134d4d-f6ae-466b-b4dc-1a9629dc32b6; IR_gbd=upwork.com; __pdst=6ef8f13326a44ac380203b2f3d860e4a; _fbp=fb.1.1682139503493.1608561317; OptanonAlertBoxClosed=2023-04-22T04:58:28.114Z; recognized=safonov; console_user=safonov; user_uid=42416{removed_by_me}509056; current_organization_uid=4241621{removed_by_me}703361; company_last_accessed=d4473852; SZ=55abf00e946ea7980d430de6a9774319f456983a082ddb62d794fdaf9f6f652c; AWSALB=ytmMsnEl0d8+PMM+wJBScceZkwYXSKrulvJzDn9mqGV5NABctN62cGdst+zHRn+/IC7mr7v9Dz8OKxYxC77QPzppNUYNbmK86g3LC0Xp4f57PFocnbF+ycLeND3d; AWSALBCORS=ytmMsnEl0d8+PMM+wJBScceZkwYXSKrulvJzDn9mqGV5NABctN62cGdst+zHRn+/IC7mr7v9Dz8OKxYxC77QPzppNUYNbmK86g3LC0Xp4f57PFocnbF+ycLeND3d; OptanonConsent=isGpcEnabled=0&datestamp=Sat+Apr+22+2023+13%3A35%3A52+GMT%2B0700+(Indochina+Time)&version=6.37.0&isIABGlobal=false&hosts=&consentId=f233671c-39a9-4e94-8339-6bf797b9ad8e&interactionCount=1&landingPath=NotLandingPage&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1&geolocation=TH%3B84&AwaitingReconsent=false; _sp_id.2a16=b7ed34ca-02d9-404d-8ba4-1659ec7cee73.1682139502.2.1682145352.1682139517.9005b6ed-fe3a-4639-b1c2-69787ef9a67a.fa0c807d-e0fe-412e-9e17-f6842b460d57...0; forterToken=58ff49fcd0ae4cbc801b4622e51b6faa_1682145351997__UDF43_14ck; _ga=GA1.1.1159924053.1682139502; IR_13634=1682145354092%7C0%7C1682145354092%7C%7C; _ga_KSM221PNDX=GS1.1.1682145353.2.0.1682145354.0.0.0; _uetvid=257b7240c80011edab04e3f88d371b0b; __cfruid=67bd7e61c76f54d000134f1c640b297556ead9be-1682313907; master_access_token=b780d9c7.oauth2v2_968b5{removed_by_me}23fd9abec6f564aa30; oauth2_global_js_token=oauth2v2_37722efe4ea9ee843d9d20fc0f0be52f; XSRF-TOKEN=27621712daa2e058a542759a69567385; asct_vt=oauth2v2_30219c9431ab244dcc6d603726a8bed6; enabled_ff=OTBnrOn,!CI10857Air3Dot0,!payexEditBankAccountPageAir3,!CI12577UniversalSearch,CI9570Air2Dot5,!SSINavUser,!air2Dot76Qt,!payexWireTransferPagesAir3,!payexMPESAPageAir3,CI11132Air2Dot75,air2Dot76,!payexErrorPagesAir3,!payexAddDirectDepositPageAir3,!payexBillingsEarningsReportAir3,!CI10270Air2Dot5QTAllocations,!payexIntermediatePagesAir3,!payexFinancialAccountsPageAir3,!MP16400Air3Migration,TONB2256Air3Migration
Response Headers
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7bceaf9f8a11a193-BKK
content-security-policy-report-only: report-to csp-endpoint
content-type: text/html; charset=UTF-8
date: Mon, 24 Apr 2023 13:27:51 GMT
location: http://n8n-etc.up.railway.app/rest/oauth2-credential/callback?code=c09d171{removed_by_me}3259c6281
referrer-policy: origin-when-cross-origin
report-to: {'endpoints':[{'url':'https://www.upwork.com/ab/csp/index'}],'group':'csp-endpoint','max-age': 10886400}
server: cloudflare
set-cookie: enabled_ff=!payexErrorPagesAir3,!payexBillingsEarningsReportAir3,!payexAddDirectDepositPageAir3,!payexFinancialAccountsPageAir3,!payexIntermediatePagesAir3,CI11132Air2Dot75,!payexEditBankAccountPageAir3,!CI10270Air2Dot5QTAllocations,CI9570Air2Dot5,!air2Dot76Qt,air2Dot76,OTBnrOn,!SSINavUser,!CI12577UniversalSearch,!MP16400Air3Migration,!payexMPESAPageAir3,!payexWireTransferPagesAir3,TONB2256Air3Migration,!CI10857Air3Dot0; Path=/; Secure
set-cookie: lang=en; Max-Age=31536000; Path=/; SameSite=Lax
set-cookie: asct_vt=oauth2v2_9dda2{removed_by_me}4af907128c317; Max-Age=86400; Domain=.upwork.com; Path=/; Secure
set-cookie: current_organization_uid=424162173442703361; Max-Age=2678400; Domain=.upwork.com; Path=/; Secure
set-cookie: cookie_prefix=;Path=/;secure;
set-cookie: cookie_domain=.upwork.com;Path=/;secure;
set-cookie: __cf_bm=uLi4pZkSywnlFloYo31QyTV20STTbGxMSlPAcPPyAmw-1682342871-0-AcO2D7Jo+hZ5boCLA5MNjBz0N17+NE8TVz3LafOYaIq8vhPQyA4YEzR6Pewcybjx+MC65NB1C2RCpUOmTVU0Qxc=; path=/; expires=Mon, 24-Apr-23 13:57:51 GMT; domain=.upwork.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
vnd-eo-trace-id: 7bceaf9f8a11a193-SEA
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

I don't see any errors. But n8n response with 403 for Grant Type: Autorization code

Joffcom commented 1 year ago

Hey @todaysday,

I was curious to know if you had made any changes before it stopped working, I had assumed the upgrades were done after it stopped are you able to confirm if you updated before or after it stopped working?

I also thought you said that Postman didn't care about the 403 but it looks like Postman gets a 302 instead which is fine as it is a redirect.

I guess the only way to get the bottom of this would be for me to go through the verification process on Upwork to set up a test account. I will see if I can free up some time to dig out the ID required this week.

todaysday commented 1 year ago

hey @Joffcom Usually it's kind of long term process to get key for Upwork. Can we just find each other in any kind of messenger and I will provide you with all necessary to make the tests and also switch redirect_uri to your endpoint ?

Joffcom commented 1 year ago

Hey @todaysday,

I use a few different things but maybe email is better? You can find an email address for me on my profile 👍🏻

Joffcom commented 1 year ago

Hey @todaysday,

We released an update recently that shows more information when oauth fails, Can you try again using the latest release and see if that shows anything useful in the response body.

Joffcom commented 5 months ago

Moving to closed for now, if this is still an issue let me know and we can open it again.