Secure your n8n integrations by setting up OAuth2 credentials for external services. Create an OAuth app on the provider's developer portal, configure the credential in n8n with the client ID, client secret, and redirect URL, then authorize the connection. This lets your workflows access external APIs securely without storing raw API keys.
How OAuth2 Credentials Work in n8n
Many external services (Google, Slack, GitHub, Salesforce) use OAuth2 for secure API access. Instead of copying API keys directly, OAuth2 lets users authorize n8n to access their account through a consent flow. n8n handles the token exchange, storage, and automatic refresh. This tutorial walks you through creating an OAuth2 app on a provider, configuring the credential in n8n, and completing the authorization flow. The process is similar across providers — only the developer portal URLs differ.
Prerequisites
- A running n8n instance accessible via a public URL (OAuth requires redirect callbacks)
- An account on the external service you want to connect (e.g., Google, GitHub, Slack)
- HTTPS configured on your n8n instance (most providers require HTTPS for redirect URLs)
- The WEBHOOK_URL environment variable set to your public n8n URL
Step-by-step guide
Find the n8n OAuth redirect URL
Find the n8n OAuth redirect URL
Before creating an OAuth app on the provider's portal, you need to know the redirect URL that n8n uses. In the n8n editor, go to Settings, then Credentials, then click Add Credential. Search for the service you want to connect (for example, Google Sheets OAuth2 API). Open the credential form — it displays the OAuth Redirect URL at the top. Copy this URL. It typically follows the pattern: https://your-n8n-domain.com/rest/oauth2-credential/callback.
Expected result: You have copied the OAuth Redirect URL from the n8n credential form.
Create an OAuth2 app on the provider's developer portal
Create an OAuth2 app on the provider's developer portal
Go to the developer portal of the service you want to connect. For Google, this is console.cloud.google.com. For GitHub, it is github.com/settings/developers. For Slack, it is api.slack.com/apps. Create a new OAuth application. Set the authorized redirect URI to the URL you copied from n8n. Select the API scopes your workflow needs (for example, spreadsheets.readonly for Google Sheets). After creation, the portal gives you a Client ID and Client Secret.
1# Example redirect URLs for common providers:2# Google: https://n8n.yourdomain.com/rest/oauth2-credential/callback3# GitHub: https://n8n.yourdomain.com/rest/oauth2-credential/callback4# Slack: https://n8n.yourdomain.com/rest/oauth2-credential/callback5# The URL is the same for all providers — it is n8n's callback endpoint.Expected result: You have a Client ID and Client Secret from the provider's developer portal.
Configure the OAuth2 credential in n8n
Configure the OAuth2 credential in n8n
Back in the n8n credential form, enter the Client ID and Client Secret from the provider. Some credentials have additional fields like scopes or authorization URL — fill them in based on the provider's documentation. Most n8n credential types pre-fill the authorization and token URLs for well-known providers. Review all fields, then click 'Sign in with [Provider]' to start the OAuth flow.
Expected result: The credential form is complete with the Client ID, Client Secret, and any required scopes.
Complete the OAuth authorization flow
Complete the OAuth authorization flow
When you click the sign-in button, a popup window opens showing the provider's consent screen. Log in to your account on the provider and grant the requested permissions. The provider redirects back to n8n's callback URL, which exchanges the authorization code for access and refresh tokens. The popup closes and the credential shows a green 'Connected' status in n8n.
Expected result: The credential status shows 'Connected' and n8n has stored the OAuth tokens securely.
Use the OAuth credential in a workflow node
Use the OAuth credential in a workflow node
Add a node for the connected service (for example, Google Sheets). In the node's credential dropdown, select the OAuth credential you just created. The node can now access the API using the stored tokens. n8n automatically refreshes expired tokens using the refresh token, so the connection remains active without manual re-authorization.
Expected result: The workflow node uses the OAuth credential to access the external API successfully.
Test and verify the connection
Test and verify the connection
Execute the workflow to verify the OAuth connection works. If the node returns data from the external service, the setup is complete. Check that the credential refreshes correctly by waiting for the token to expire (usually 1 hour) and running the workflow again. Monitor the execution logs for any authentication errors.
Expected result: The workflow executes successfully and retrieves data from the external service using the OAuth credential.
Complete working example
1#!/bin/bash2# n8n OAuth2 Setup Checklist3# Run this script to verify your n8n instance is ready for OAuth45echo "=== n8n OAuth2 Setup Verification ==="6echo ""78# 1. Check if n8n is accessible9N8N_URL="${WEBHOOK_URL:-http://localhost:5678}"10echo "1. Checking n8n accessibility at ${N8N_URL}..."11curl -s -o /dev/null -w "%{http_code}" "${N8N_URL}/healthz"12echo ""1314# 2. Check HTTPS (required for most OAuth providers)15if [[ "$N8N_URL" == https://* ]]; then16 echo "2. HTTPS: ENABLED (required for OAuth)"17else18 echo "2. HTTPS: NOT ENABLED - Most OAuth providers require HTTPS"19 echo " Set up a reverse proxy with SSL before configuring OAuth"20fi2122# 3. Check WEBHOOK_URL is set23if [ -n "$WEBHOOK_URL" ]; then24 echo "3. WEBHOOK_URL: ${WEBHOOK_URL}"25else26 echo "3. WEBHOOK_URL: NOT SET - OAuth callbacks may fail"27 echo " Set WEBHOOK_URL to your public n8n URL"28fi2930# 4. Display OAuth callback URL31echo "4. OAuth Redirect URL: ${N8N_URL}/rest/oauth2-credential/callback"32echo " Use this URL in your OAuth provider's app settings"3334# 5. Check encryption key35if [ -n "$N8N_ENCRYPTION_KEY" ]; then36 echo "5. N8N_ENCRYPTION_KEY: SET (credentials will be encrypted)"37else38 echo "5. N8N_ENCRYPTION_KEY: NOT SET - Set it to protect OAuth tokens"39fi4041echo ""42echo "=== Checklist Complete ==="Common mistakes when securing n8n Integrations with OAuth2 Credentials
Why it's a problem: Redirect URI mismatch between n8n and the OAuth provider
How to avoid: Copy the exact redirect URL from the n8n credential form and paste it into the provider's app settings. It must match character-for-character.
Why it's a problem: Using HTTP instead of HTTPS for the n8n instance
How to avoid: Set up a reverse proxy (Nginx, Caddy, Traefik) with SSL. Most OAuth providers reject HTTP redirect URLs.
Why it's a problem: Not setting WEBHOOK_URL, causing n8n to generate localhost callback URLs
How to avoid: Set WEBHOOK_URL to your public URL: export WEBHOOK_URL=https://n8n.yourdomain.com
Why it's a problem: Browser popup blocker preventing the OAuth consent screen from opening
How to avoid: Allow popups for your n8n domain in your browser settings. The OAuth flow requires a popup window.
Best practices
- Always use HTTPS for your n8n instance when using OAuth — most providers reject HTTP redirect URLs
- Set the WEBHOOK_URL environment variable to your public URL so n8n generates correct callback URLs
- Request only the minimum scopes needed for your workflow to follow the principle of least privilege
- Store OAuth credentials with descriptive names like 'Google Sheets - Marketing Team' for easy identification
- Test the connection immediately after setup to catch configuration errors early
- Monitor credential expiration — most OAuth tokens refresh automatically, but some providers require periodic re-authorization
- Keep your Client Secret confidential — never commit it to version control or share it in chat
- Set N8N_ENCRYPTION_KEY to ensure OAuth tokens are encrypted at rest in n8n's database
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
How do I set up OAuth2 credentials in n8n to connect to external services like Google Sheets or GitHub? I need step-by-step instructions for creating the OAuth app, configuring the credential in n8n, and completing the authorization flow.
Walk me through setting up an OAuth2 credential in n8n for Google Sheets. Include the redirect URL format, where to create the OAuth app in Google Cloud Console, and how to complete the authorization in n8n.
Frequently asked questions
Do I need a public URL for OAuth to work in n8n?
Yes. The OAuth provider redirects the user's browser back to n8n's callback URL after authorization. This URL must be publicly accessible. Localhost works only for development with some providers (like Google with http://localhost).
Why does my OAuth connection stop working after a few days?
Some providers (like Google with apps in testing mode) issue short-lived refresh tokens. Move your OAuth app from testing to production in the provider's console to get long-lived tokens.
Can I share OAuth credentials between workflows?
Yes. Once an OAuth credential is created in n8n, it can be used by any node in any workflow. Select it from the credential dropdown in any compatible node.
What happens if the OAuth token expires during a workflow execution?
n8n automatically refreshes the access token using the stored refresh token before making API calls. If the refresh token itself has expired, you need to re-authorize the credential manually.
Can I use OAuth2 for my own custom API?
Yes. Use the Generic OAuth2 API credential type in n8n. Enter your authorization URL, token URL, client ID, and client secret. This works with any OAuth2-compliant API.
Can RapidDev help me configure OAuth2 integrations in n8n?
Yes. RapidDev can set up OAuth2 credentials for multiple services, configure HTTPS and reverse proxies, and build secure workflows that use OAuth-authenticated API connections.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation