Bug Description

When n8n runs behind a corporate HTTP proxy, the OAuth2 token refresh fails with Method not allowed / Unsupported content type: text/html. The response is an HTML error page from the proxy instead of the expected JSON token response.

This happens because the @n8n/client-oauth2 package does not set proxy: false on its axios requests, while the n8n core (request-helper-functions.js:80) does set axios.defaults.proxy = false. This causes a double-proxying conflict: axios's built-in proxy handling AND n8n's custom HttpsProxyManager global agent both attempt to route the request through the proxy simultaneously.

To Reproduce

1. Deploy n8n (tested on v2.11.3) behind a corporate HTTP proxy with proxy chaining (e.g., a forwarding proxy that chains to an upstream filtering proxy)
2. Set standard proxy environment variables: HTTP_PROXY, HTTPS_PROXY, NO_PROXY
3. Configure a Microsoft Outlook OAuth2 credential
4. Activate a workflow with a Microsoft Outlook Trigger (poll-based)
5. Wait for the OAuth2 token to expire and trigger a refresh

Expected behavior

The OAuth2 token refresh should succeed, and the trigger should poll Microsoft Graph API normally.

Debug Info

Expected behavior

The OAuth2 token refresh should succeed, and the trigger should poll Microsoft Graph API normally.

Actual behavior

The token refresh request to https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token fails. The corporate proxy returns an HTML error page with METHOD_NOT_ALLOWED instead of a JSON token response.

Error in n8n logs:

error   There was a problem in 'Microsoft Outlook Trigger' node: 'Unsupported content type: text/html'
NodeApiError: Method not allowed - please check you are using the right HTTP method
    at PollContext.requestWithAuthentication (request-helper-functions.ts:1550:10)
    at PollContext.microsoftApiRequest (transport/index.ts:58:10)

Root cause analysis

n8n's proxy architecture has two layers:

1. Global proxy agents (HttpProxyManager / HttpsProxyManager) installed by installGlobalProxyAgent() in packages/core/src/http-proxy.ts — these replace http.globalAgent and https.globalAgent and use proxy-from-env to route requests through the configured proxy.

2. Per-request proxy agents created by createHttpsProxyAgent() — these are set on individual axios requests via the axios interceptor in request-helper-functions.ts. The interceptor also sets axios.defaults.proxy = false (line 80) to disable axios's built-in proxy handling.

The @n8n/client-oauth2 package (packages/@n8n/client-oauth2/src/client-oauth2.ts) uses axios.request(requestConfig) for token exchange and refresh. Although it uses the same axios module instance, the requestConfig does not explicitly include proxy: false.

In environments with proxy chaining (e.g., forwarding proxy → upstream filtering proxy), axios's built-in proxy detection reads the HTTPS_PROXY environment variable and attempts its own proxy handling. This conflicts with the global HttpsProxyManager agent, effectively double-proxying the request. The upstream proxy rejects the malformed tunneled request with METHOD_NOT_ALLOWED.

Why it works without proxy chaining

In simple proxy setups (single proxy, no upstream filtering), the double-proxying may not cause visible issues because the proxy handles the redundant request gracefully. The bug only manifests when the proxy chain has strict request validation.

Fix

Add proxy: false to the axios request config in @n8n/client-oauth2:

File: packages/@n8n/client-oauth2/src/client-oauth2.ts

// Before (current code):
const response = await axios.request(requestConfig);

// After (fixed):
const response = await axios.request({ ...requestConfig, proxy: false });

This ensures the OAuth2 client's requests use n8n's custom proxy agents (via the global agent) instead of axios's built-in proxy handling, consistent with how all other n8n HTTP requests work.

Workaround

Patch the compiled file on container startup by adding this to the entrypoint/init script:

sed -i 's/const response = await axios_1.default.request(requestConfig)/requestConfig.proxy = false; const response = await axios_1.default.request(requestConfig)/' /path/to/app/node_modules/@n8n/client-oauth2/dist/client-oauth2.js

Operating System

Linux

n8n Version

2.11.3

Node.js Version

24.4.0

Database

SQLite (default)

Execution mode

main (default)

Hosting

self hosted