oauth2-credentials unauthorized about n8n HOT 17 CLOSED

I think I know what the issue might be.
The callback urls need to be excluded from the new session-hijacking check (until we have a better way to check for urls like these). Still not sure why this isn't failing locally or on cloud instances.
Will send a PR soon after a bit of testing.

from n8n.

We'll release patch release for 1.37 and 1.38 tomorrow morning (CET).

from n8n.

fixed with this @netroy @Joffcom :

const skipBrowserIdCheckEndpoints = [
        `/${restEndpoint}/push`,
        `/${restEndpoint}/binary-data`,
        `/${restEndpoint}/oauth2-credential`,
        `/${restEndpoint}/oauth1-credential`,
];

from n8n.

Hey @enoksaju,

Do you have the correct url set in the Google application?

Can you also confirm the exact version of n8n you are using as next is a tag and changes.

from n8n.

Do you have the correct url set in the Google application?

yes, this worked before latest update

the version is 1.37.1

from n8n.

@enoksaju can you also please share the version this was earlier working on? That might help narrow down the change that might be causing this issue.

from n8n.

@enoksaju can you also please share the version this was earlier working on? That might help narrow down the change that might be causing this issue.

working version 1.34.2

i try to pull docker compose to that version, but when access to credentials endpoint this not load nothing and on console show a errors

from n8n.

also, important thing, after json error is showed, all page not workign and when i reload page this show login page and i need to login again

from n8n.

i read about this: #9031 (comment), maybe this cause the issue

#9031

from n8n.

when i reload page this show login page and i need to login again

This is likely being caused by #9057
Are you by any chance using Firefox with the multi-account containers extension?

The login screen is showing because somewhere in the auth flow a rest-api call is being made from a context that does not have the correct permission to make this api call, so the cookie is getting invalidated.

Unfortunately I'm unable to reproduce this locally, or on n8n cloud, with Firefox or Chrome.

from n8n.

when i reload page this show login page and i need to login again

This is likely being caused by #9057 Are you by any chance using Firefox with the multi-account containers extension?

The login screen is showing because somewhere in the auth flow a rest-api call is being made from a context that does not have the correct permission to make this api call, so the cookie is getting invalidated.

Unfortunately I'm unable to reproduce this locally, or on n8n cloud, with Firefox or Chrome.

Maybe, i think issue is with browserid and nodesAccess property, was removed on new versions

from n8n.

Same problem on version 1.37.1 with Linkedin and Microsoft Outlook OAuth2 API. After hiting "Connect my account" , my session is disconnected. Same acting is for direct visiting /rest/oauth2-credential/callback.

from n8n.

Thanks @netroy for quick response and quick workaround.

This also maybe can help: (Our proxy settings with apache we are adding IP Header)

RemoteIPHeader CF-Connecting-IP

ProxyPass / http://192.168.XX.XX:5678/ 
ProxyPassReverse / http://192.168.XX.XX:5678/

#Websocket HTTP Upgrade
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://192.168.XX.XX:5678/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://192.168.XX.XX:5678/$1 [P,L]

from n8n.

We'll release patch release for 1.37 and 1.38 tomorrow morning (CET).

i add the change manually on the docker files at this path: /usr/local/lib/node_modules/n8n/dist/auth/auth.service.js

then i restart docker and still the issue

from n8n.

mybe issue is with browserid validation, i comment this lines to exclude browser id validation and now is working

from n8n.

i see, req.baseUrl return /rest/oauth2-credential instead of /rest/oauth2-credential/callback

from n8n.

Fix released in 1.37.3 and 1.38.1.

from n8n.