Skip to content

fix(GraphQL Node): Refresh OAuth2 token when it expires #17891

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 4, 2025
Merged

fix(GraphQL Node): Refresh OAuth2 token when it expires #17891

merged 2 commits into from
Aug 4, 2025
+138 −7

Conversation

RomanDavydchuk
Copy link
Contributor

Summary

Fix an issue where the OAuth2 access token is not refreshed in the GraphQL node when receiving a 401

Dummy NodeJS server that can be used to test the refresh logic:

const http = require("http");
const url = require("url");
const querystring = require("querystring");

let reject = true;

const server = http.createServer((req, res) => {
  const parsedUrl = url.parse(req.url);
  const pathname = parsedUrl.pathname;
  const query = querystring.parse(parsedUrl.query);

  if (pathname === "/authorize") {
    console.log("Endpoint /authorize hit");
    const code = "dummy_code";
    const redirectUri = query.redirect_uri;
    const redirectWithCode = `${redirectUri}?code=${code}&state=${query.state || ""}`;
    res.writeHead(302, { Location: redirectWithCode });
    res.end();
  } else if (pathname === "/token" && req.method === "POST") {
    console.log("Endpoint /token hit");
    let body = "";
    req.on("data", (chunk) => (body += chunk));
    req.on("end", () => {
      const parsedBody = querystring.parse(body);
      if (parsedBody.grant_type === "refresh_token") {
        console.log("Refreshing the token");
      } else {
        console.log("Returning the initial token");
      }

      res.writeHead(200, { "Content-Type": "application/json" });
      res.end(
        JSON.stringify({
          access_token: "dummy_access_token",
          refresh_token: "dummy_refresh_token",
          token_type: "Bearer",
          expires_in: 3600,
        }),
      );
    });
  } else {
    console.log(`Endpoint ${pathname} hit`);
    if (reject) {
      console.log("Responding with 401");
      res.writeHead(401, { "content-type": "application/json" });
      res.end(JSON.stringify({ error: "unauthorized" }));
    } else {
      console.log("Responding with 200");
      res.writeHead(200, { "content-type": "application/json" });
      res.end(JSON.stringify({ foo: "bar" }));
    }

    reject = !reject;
  }
});

server.listen(3000, () => {
  console.log(`Running on http://localhost:3000`);
});

Add an OAuth2 credential with Authorization URL: http://localhost:3000/authorize and Token URL: http://localhost:3000/token (client ID and secret can be whatever) to test with this code. Before the fix the GraphQL would not try to refresh the token after getting a 401, after the fix - it does

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/NODE-1766/graphql-node-not-refreshing-oauth2-token-in-graphql-node
https://community.n8n.io/t/n8n-not-refreshing-oauth-token-in-graphql-node/54363/2

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with release/backport (if the PR is an urgent fix that needs to be backported)

@RomanDavydchuk RomanDavydchuk marked this pull request as ready for review August 1, 2025 10:19
@Joffcom Joffcom requested a review from ShireenMissi August 1, 2025 10:20
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Aug 1, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cubic analysis

No issues found across 3 files. Review in cubic

@n8n-assistant n8n-assistant bot added n8n team Authored by the n8n team node/improvement New feature or request labels Aug 1, 2025
ShireenMissi
ShireenMissi approved these changes Aug 4, 2025
View reviewed changes
Copy link
Contributor

@ShireenMissi ShireenMissi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested locally using the instructions from the PR description and it works as expected ✅

@currents-bot currents-bot
Copy link

currents-bot bot commented Aug 4, 2025

E2E Tests: n8n tests passed after 3m 57.6s

🟢 500 · 🔴 0 · ⚪️ 0

View Run Details

Run Details

  • Project: n8n

  • Groups: 1

  • Framework: Currents

  • Run Status: Passed

  • Commit: 2f7cb9f

  • Spec files: 105

  • Overall tests: 500

  • Duration: 3m 57.6s

  • Parallelization: 1

This message was posted automatically by currents.dev | Integration Settings

@ShireenMissi ShireenMissi merged commit 381c146 into master Aug 4, 2025
47 checks passed
@ShireenMissi ShireenMissi deleted the node-1766-graphql-node-not-refreshing-oauth2-token-in-graphql-node branch August 4, 2025 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@ShireenMissi ShireenMissi ShireenMissi approved these changes

Assignees
No one assigned
Labels
n8n team Authored by the n8n team node/improvement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RomanDavydchuk @ShireenMissi