fix(core): Allow ignoring SSL issues on generic oauth2 credentials (#6702)

packages/@n8n/client-oauth2/src/ClientOAuth2.ts

@@ -4,7 +4,9 @@
 /* eslint-disable @typescript-eslint/restrict-plus-operands */
 /* eslint-disable @typescript-eslint/no-explicit-any */
 import * as qs from 'querystring';
+import { Agent } from 'https';
 import axios from 'axios';
+import type { AxiosRequestConfig } from 'axios';
 import { getAuthError } from './utils';
 import type { ClientOAuth2TokenData } from './ClientOAuth2Token';
 import { ClientOAuth2Token } from './ClientOAuth2Token';
@@ -18,6 +20,7 @@ export interface ClientOAuth2RequestObject {
 	body?: Record<string, any>;
 	query?: qs.ParsedUrlQuery;
 	headers?: Headers;
+	ignoreSSLIssues?: boolean;
 }
 
 export interface ClientOAuth2Options {
@@ -32,6 +35,7 @@ export interface ClientOAuth2Options {
 	state?: string;
 	body?: Record<string, any>;
 	query?: qs.ParsedUrlQuery;
+	ignoreSSLIssues?: boolean;
 }
 
 class ResponseError extends Error {
@@ -40,6 +44,8 @@ class ResponseError extends Error {
 	}
 }
 
+const sslIgnoringAgent = new Agent({ rejectUnauthorized: false });
+
 /**
  * Construct an object that can handle the multiple OAuth 2.0 flows.
  */
@@ -86,7 +92,7 @@ export class ClientOAuth2 {
 			url += (url.indexOf('?') === -1 ? '?' : '&') + query;
 		}
 
-		const response = await axios.request({
+		const requestConfig: AxiosRequestConfig = {
 			url,
 			method: options.method,
 			data: qs.stringify(options.body),
@@ -95,7 +101,13 @@ export class ClientOAuth2 {
 			// Axios rejects the promise by default for all status codes 4xx.
 			// We override this to reject promises only on 5xxs
 			validateStatus: (status) => status < 500,
-		});
+		};
+
+		if (options.ignoreSSLIssues) {
+			requestConfig.httpsAgent = sslIgnoringAgent;
+		}
+
+		const response = await axios.request(requestConfig);
 
 		const body = this.parseResponseBody<T>(response.data);
 

packages/@n8n/client-oauth2/src/CodeFlow.ts

@@ -53,13 +53,13 @@ export class CodeFlow {
 	 * the user access token.
 	 */
 	async getToken(
-		uri: string | URL,
+		urlString: string,
 		opts?: Partial<ClientOAuth2Options>,
 	): Promise<ClientOAuth2Token> {
-		const options = { ...this.client.options, ...opts };
+		const options: ClientOAuth2Options = { ...this.client.options, ...opts };
 		expects(options, 'clientId', 'accessTokenUri');
 
-		const url = uri instanceof URL ? uri : new URL(uri, DEFAULT_URL_BASE);
+		const url = new URL(urlString, DEFAULT_URL_BASE);
 		if (
 			typeof options.redirectUri === 'string' &&
 			typeof url.pathname === 'string' &&
@@ -70,7 +70,7 @@ export class CodeFlow {
 
 		if (!url.search?.substring(1)) {
 			// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
-			throw new TypeError(`Unable to process uri: ${uri.toString()}`);
+			throw new TypeError(`Unable to process uri: ${urlString}`);
 		}
 
 		const data =

packages/@n8n/client-oauth2/src/utils.ts

@@ -63,14 +63,15 @@ export function auth(username: string, password: string): string {
  */
 export function getRequestOptions(
 	{ url, method, body, query, headers }: ClientOAuth2RequestObject,
-	options: any,
+	options: ClientOAuth2Options,
 ): ClientOAuth2RequestObject {
 	const rOptions = {
 		url,
 		method,
 		body: { ...body, ...options.body },
 		query: { ...query, ...options.query },
-		headers: { ...headers, ...options.headers },
+		headers: headers ?? {},
+		ignoreSSLIssues: options.ignoreSSLIssues,
 	};
 	// if request authorization was overridden delete it from header
 	if (rOptions.headers.Authorization === '') {