Gitpulse
Merged
Size
XS
Change Breakdown
Bug Fix85%
Security15%
#28513fix: Disable axios built-in proxy for OAuth2 token requests

OAuth2 token refresh fixed in proxy environments

BG
BGZStephen
·Apr 16, 2026

OAuth2 token refresh was breaking in corporate proxy environments where axios's built-in proxy conflicted with n8n's custom proxy agents, returning HTML error pages instead of JSON token responses.

OAuth2 token refresh was failing in corporate proxy environments with an unhelpful "Unsupported content type: text/html" error. The root cause was a conflict between two proxy layers: n8n's custom HttpProxyManager/HttpsProxyManager, and axios's own built-in proxy handling that reads HTTPS_PROXY from the environment.

Unlike regular workflow HTTP requests in n8n, the OAuth2 client made direct axios calls without explicitly disabling axios's built-in proxy. This fragile dependency broke in proxy-chain setups where requests got double-routed.

The fix adds to the in , making the OAuth2 client self-contained and consistent with how every other outbound HTTP request in n8n handles proxy configuration.

Corporate users running n8n behind proxy chains can now refresh OAuth2 tokens without seeing HTML error pages from their proxy infrastructure.

View Original GitHub Description

Summary

OAuth2 token refresh fails in corporate proxy-chain environments with Unsupported content type: text/html. The proxy returns an HTML error page (METHOD_NOT_ALLOWED) instead of a JSON token response.

Root cause: Two proxy layers conflict:

  1. installGlobalProxyAgent() replaces http.globalAgent / https.globalAgent with HttpProxyManager / HttpsProxyManager (in packages/core/src/http-proxy.ts). These use proxy-from-env to route requests through the configured proxy.
  2. Axios's own built-in proxy handling also reads HTTPS_PROXY from the environment and attempts to proxy the request itself.

n8n already sets axios.defaults.proxy = false in packages/core to prevent this conflict for all regular workflow HTTP requests. However, @n8n/client-oauth2 makes direct axios.request() calls without an explicit proxy: false in the per-request config, so it relies on that side-effect import being loaded first — a fragile dependency that breaks in proxy-chain environments.

Fix: Add proxy: false directly to the requestConfig object in ClientOAuth2.accessTokenRequest(). This makes the OAuth2 client self-contained and consistent with how every other outbound HTTP request in n8n disables axios's built-in proxy.

Related Linear tickets, Github issues, and Community forum posts

Review / Merge checklist

  • I have seen this code, I have run this code, and I take responsibility for this code.
  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with Backport to Beta, Backport to Stable, or Backport to v1 (if the PR is an urgent fix that needs to be backported)
© 2026 · via Gitpulse