Need help to build OAuth 2.0 Authentication flow


I am trying to do the OAuth 2.0 authentication using Node-red. I have a noise sensor called Minut which is a pretty famous noise sensor in commercial use cases such as AirBNB. Below is their API documentation from the website: Minut API documentation

I am able to test the API using Postman by creating the bearer token which expires after a while and I need to regenerate it again manually. Now I want to keep pulling the events from the device and push them to a database I have set up. I have cliend_id, client_secret, and redirect_uri from their support team for my device. By reading their API documentation it is understood that Authentication produces an Access token and refresh token. When the access token expires, the refresh token can be fed back to the server to produce an updated access token and optional refresh token. I believe that I should be having two HTTP request nodes with one function node in between to store the tokens I receive. I am not sure how can I store them as a global variable which updates automatically when injected and handles the authentication that returns the requested Events data from the API server. Could you please help me in generating this flow?

Kind regards,
Amit Kulkarni

1 Like

Awesome, I did not know there is a dedicated Oauth 2.0 node. I will use it and let you guys know if it worked. Thank you, Steve!

1 Like


I pulled the Oauth2 node down in nodered and below is the initial test flow I have setup :

Below are the settings in Oauth2.0 node (Hidden username and client id for security) :

Not sure but I have added the below header as given in API documentation :
Screenshot 2023-05-02 at 4.33.10 pm

To see the response I added below code in function node :

var payload = msg.oauth2Response;
return msg;

Well, not sure how the access token will pop-up in below http request node to query the information, Do I use any headers hear? :

OAuth 2.0 returns HTTP 200, ok status but Debug node is just showing 'Unauthorized'. And if I remove HTTP request node it shows the timestamp.

Screenshot 2023-05-02 at 4.38.24 pm

Screenshot 2023-05-02 at 4.39.28 pm

Could you please guide me to understand how do I build above flow?

Please refer : RFC 6749: The OAuth 2.0 Authorization Framework

Also, I am using the below link as an Access Token URL as instructed in minut api documentation :


I insert client_id and redirect_uri as provided by their support team for my device.

Minut API document : Minut API documentation

Do you get your access token from the OAuth2 node?
if so, your almost there:

Pass in a headers object to the request Node, and untick Use authentication on the Node also, I could be wrong, but the auth details cant be taken from a msg part in the node config :man_shrugging:

msg.headers = {
    "Authorization": `Bearer ${msg.oauth2Response.access_token}`,
1 Like

I am not sure if I am receiving access_token from the OAuth2.0 node. How do I make debug show that?

Below is the flow I built and passed the token as Marcus suggested via the function node :

msg.headers = {
    "Authorization": `Bearer ${msg.oauth2Response.access_token}`,
return msg;

It returned a 401 error, which means I am not receiving access_token.
Screenshot 2023-05-03 at 9.41.18 am

Also, how does the refresh token work when access_token expires and how to use it in the flow?

Add a debug node to the OAuth output and set output to show complete msg object

Below is the complete msg object :

Here is how I receive access_token manually :
The URL given below I use in the Oauth2.0 node as an access token URL, if opened in browser takes us to the login page of minut sensor, I log in there, accept terms and conditions, then receive the authorization code embedded in the URL.


Code I receive after accepting :
Screenshot 2023-05-03 at 10.52.07 am

Then I fill the token endpoint form given in minut api document as given below and I receive access token once I hit the query - Minut API documentation

Maybe try for the URL in the OAuth2 node.

Whilst I use OAuth2 in work, I'm not 100% on its structure. Many pros here that do, but maybe the URL fix may get you the token :man_shrugging:

The function JS code I posted I use often, and the authorize Url's do not have any parameters

1 Like


I am pleased to inform that I have successfully establish oauth2.0 and now receiving the access token to fetch the data via API.

Below is the flow I setup:

let refreshToken = global.get('refreshToken');
let code = global.get('code');

msg.oauth2Request = { 
  "access_token_url": "",
  "authorization_endpoint": "",
  "credentials": {
    "grant_type": "client_credentials",
    "client_id": "<client id>",
    "client_secret": "<client secret>",
    "scope": "read",
    "refresh_token": refreshToken,
    "code": code

I passed the above code to oauth 2.0 node and it returned the access token. and then used Marcus's JS code to pass the token to HTTP node. Thank you Marcus !

Below is the resulting output from the noise sensor API server :
Screenshot 2023-05-10 at 2.29.49 pm

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.