WF Workflow Fixes

error fix

n8n OAuth Callback Error: Redirect URL Checklist

Copy the OAuth redirect URL from the n8n credential, add it exactly to the provider app, confirm HTTPS and public domain settings, then re-check scopes and credential type.

Match your incident first

Start with the symptom you can prove

Jump to checks

OAuth provider says redirect_uri_mismatch

First check: Copy the callback URL from the credential screen and compare scheme, host, path, and trailing slash.

Wrong fix to avoid: Do not guess the callback path from memory or old screenshots.

Verify: Provider redirects back to n8n and the credential test passes.

Credential works in editor but fails in production execution

First check: Check credential test, scopes, token refresh errors, and worker/main env consistency.

Wrong fix to avoid: Do not recreate the workflow before testing the credential independently.

Verify: A production execution using the credential succeeds on the same node.

Credentials type is not known

First check: Compare installed node packages and n8n version across main and worker containers.

Wrong fix to avoid: Do not import workflows into production until the credential type exists there.

Verify: The credential type appears in the UI and a test execution can load it.

Use when
n8n credentials, OAuth2, self-hosted, n8n Cloud
First check
Copy the callback URL shown in n8n and compare it exactly with the provider app redirect URL.
Time to check
5-10 minutes
Next step
Match the symptom, then run the verification checks.

Independent third-party notes. n8n is a trademark of its owner and is referenced only for compatibility and troubleshooting context.

Quick Answer

Copy the OAuth redirect URL from the n8n credential, add it exactly to the provider app, confirm HTTPS and public domain settings, then re-check scopes and credential type.

Does this match your symptom?

OAuth callback or credentials are blocking execution

The OAuth login does not return to n8n, credentials reconnect but still fail, or provider scopes and callback URLs do not match production.

First check: Copy the callback URL shown in n8n and compare it exactly with the provider app redirect URL.

Related check N8N Credential Error Related check N8N Reverse Proxy Setup Related check N8N Custom Domain Setup Still blocked? Generate a diagnostic brief

Problem Pattern

OAuth callback errors usually happen when the app provider has a redirect URL that does not exactly match n8n's callback URL, or when self-hosted public URL and proxy settings are wrong.

Version awareness

Last reviewed 2026-05-21

Applies to
n8n Cloud, self-hosted n8n, OAuth credentials, custom domains, reverse proxy
Official docs checked
n8n HTTP Request Credentials, n8n Google Credentials, n8n Google OAuth2 Single Service
Version-sensitive assumptions
n8n node parameters, credential names, and queue mode defaults can change between releases; confirm against your installed version before changing production.
What may change after upgrades
Node parameter names, credential scopes, webhook behavior, Docker image defaults, and queue worker expectations may shift after n8n upgrades.

Key Facts

Redirect dependency
OAuth apps must send the user back to the redirect URL expected by n8n.
Credential context
HTTP Request credentials support OAuth2 for services that use it.
Provider-specific
Google, Linear, and other services each have their own OAuth app settings and scopes.
Self-hosted risk
Wrong public URL or reverse proxy configuration can produce an unusable callback URL.

Production Diagnostic Matrix

Turn checks into a brief
Exact symptom or log Likely cause First check Wrong fix to avoid Verification
OAuth provider says redirect_uri_mismatch Provider app redirect URI does not exactly match the callback URL n8n generated. Copy the callback URL from the credential screen and compare scheme, host, path, and trailing slash. Do not guess the callback path from memory or old screenshots. Provider redirects back to n8n and the credential test passes.
Credential works in editor but fails in production execution Token expired, scope missing, worker cannot decrypt credential, or different runtime env is used. Check credential test, scopes, token refresh errors, and worker/main env consistency. Do not recreate the workflow before testing the credential independently. A production execution using the credential succeeds on the same node.
Credentials type is not known Custom/community node package is missing on one runtime or after upgrade. Compare installed node packages and n8n version across main and worker containers. Do not import workflows into production until the credential type exists there. The credential type appears in the UI and a test execution can load it.
OAuth callback reaches n8n but returns 404 or wrong host Public URL, reverse proxy, or base URL settings are inconsistent with provider settings. Check WEBHOOK_URL/public editor URL and proxy forwarded host/proto headers. Do not add multiple provider redirect URIs before proving which URL n8n actually emits. The callback uses the public HTTPS domain and lands on the credential completion screen.
Provider accepts callback but API calls return 403 OAuth scopes are insufficient or the app was approved with old permissions. Compare requested scopes with the API action the node is trying to perform. Do not store broader scopes than needed without documenting the reason. A minimal API action using the same credential succeeds with the required scope.

Still blocked after these checks?

Use the brief to decide whether to keep fixing this setup, move the workload to n8n Cloud, or rebuild the self-hosted path on cleaner infrastructure.

Compare tools
  1. Open the failing n8n credential and copy the OAuth redirect or callback URL shown by n8n.
  2. Paste that exact URL into the provider's OAuth app settings.
  3. Confirm the public domain, HTTPS, and reverse proxy route reach the n8n instance.
  4. Check required scopes and whether the provider expects a single-service or generic OAuth credential.
  5. Reconnect the credential from n8n and test a low-risk read operation.

Verification

  • The OAuth provider accepts the exact n8n callback URL.
  • The browser returns to n8n after authorization.
  • The credential test or a low-risk node operation succeeds.
  • The callback URL uses the intended public HTTPS domain.

Warnings

  • Do not manually guess the callback URL when n8n displays one in the credential setup.
  • Changing public domain or proxy settings can break existing OAuth credentials.
  • A successful OAuth login can still fail later if scopes are missing for the node operation.

Common Mistakes

  • Using localhost in a provider OAuth app for a public self-hosted instance.
  • Copying only the domain and not the full callback path.
  • Missing required scopes for the selected node operation.
  • Changing WEBHOOK_URL or public domain after creating credentials.

Examples

OAuth callback checklist Exact matching matters. 
n8n displayed callback URL: copied exactly
Provider app redirect URI: exact match
Public domain uses HTTPS: yes
Reverse proxy reaches n8n: yes
Scopes cover operation: yes
Credential reconnect succeeds: yes
Provider error split Different OAuth messages point to different checks. 
redirect_uri_mismatch -> compare the full callback URL, including path and protocol
invalid_client -> check client ID, secret, app status, and environment
access_denied -> check user consent and account permissions
insufficient_scope -> add required scopes, reconnect, and retest the node operation
Self-hosted callback readiness Use this after changing domain, HTTPS, or reverse proxy config. 
Public editor URL loads over HTTPS: yes
n8n generated callback URL uses the public domain: yes
Provider app stores that exact URL: yes
Reverse proxy forwards callback path to n8n: yes
Old credentials reconnected after URL change: yes

FAQ

Why does OAuth work on n8n Cloud but not self-hosted?

Self-hosted instances must expose a correct public HTTPS URL and configure the provider app with the exact callback URL.

Is this a credential password problem?

Usually no. OAuth callback errors are more often redirect URL, domain, proxy, or scope configuration problems.

Sources

n8n HTTP Request Credentials Accessed 2026-05-08 n8n Google Credentials Accessed 2026-05-08 n8n Google OAuth2 Single Service Accessed 2026-05-08 n8n Linear Credentials Accessed 2026-05-08

Related Pages

error fix

N8N Credential Error

An n8n credential error usually means the selected credential type, authentication method, scopes, test request, or external service settings do not match what the node needs.

 self hosting

N8N Reverse Proxy Setup

When n8n runs behind a reverse proxy, configure the public host, protocol, and webhook base URL so editor links and incoming webhook URLs match the external domain.

 self hosting

N8N Custom Domain Setup

A custom domain for self-hosted n8n needs DNS, reverse proxy routing, HTTPS, and endpoint environment variables that make editor and webhook URLs use the same public host.

 node cookbook

N8N HTTP Request Node Cookbook

Use the HTTP Request node as the general-purpose connector for APIs that do not have a built-in n8n node or need custom headers, methods, bodies, or authentication.