n8n Google Sheets Node Authentication Failure

n8n Node-Specific Errors / Leave a Comment

Step by Step Guide to solve n8n Google Sheets Node Authentication Failure

 

Quick Diagnosis

We cover this in detail in the n8n Node Specific Errors Guide

  1. Open Credentials → Google Sheets OAuth2 in n8n.
  2. Click “Re‑authenticate” → complete the Google consent screen.
  3. Verify the credential includes the https://www.googleapis.com/auth/spreadsheets scope (or a broader scope if you also need Drive access).
  4. If you use a Service Account, upload the JSON key, add the service‑account email as an editor on the target spreadsheet, and ensure Domain‑wide delegation scopes include https://www.googleapis.com/auth/spreadsheets.
  5. Save the credential, re‑run the workflow. The node should now succeed.

If the error persists, follow the full troubleshooting guide below.

Who this is for: Developers and automation engineers who run Google Sheets workflows in n8n and encounter authentication errors (OAuth2, Service Account, or API‑Key modes).

1. Why the Google Sheets node can’t authenticate

If you encounter any n8n mysql node authentication error resolve them before continuing with the setup.

Micro‑summary: n8n supports three credential types for Google Sheets. Each follows a distinct token flow; a break anywhere in that flow triggers an auth error.

Mode How it works Typical use‑case
OAuth2 (User) Redirects to Google’s consent screen; a refresh token is stored. Personal or team accounts where a human authorises access.
Service Account (JSON key) Uses a private key to obtain a JWT, then exchanges it for an access token. Server‑to‑server automation, G‑Suite domain‑wide delegation.
API Key (read‑only) Simple key passed in query string; no refresh token. Public sheets that are openly shared; not recommended for write operations.

Authentication failures arise when any part of this flow breaks: expired/invalid refresh token, missing scopes, mis‑configured service‑account permissions, or Google‑side restrictions (e.g., “Sensitive Scope” verification).

2. Most common causes of failure

If you encounter any n8n smtp node authentication error resolve them before continuing with the setup.

Micro‑summary: Identify the exact error message, then match it to the likely root cause.

Error (n8n log) Likely cause Quick check
Invalid Credentials Refresh token revoked or expired. Re‑authenticate OAuth2 credential.
insufficientPermissions Requested scope not granted. Verify scopes include spreadsheets.
User not found Service account email not added as editor. Share the sheet with the service‑account email.
Invalid JSON key file Corrupted or wrong key file uploaded. Re‑download JSON from Google Cloud console.
API key not valid API key restricted to wrong referrer/IP. Remove restrictions or use OAuth2.

3. Step‑by‑step troubleshooting

3.1 Verify the credential type you are using

  1. In n8n, open Credentials → Google Sheets OAuth2 (or Service Account).
  2. Confirm Credential Type matches the method you intended.

EEFA note: Never store a raw API key in a public workflow. Use OAuth2 or a Service Account with least‑privilege scopes.

3.2 Re‑authenticate an OAuth2 credential

Step Action
1 Click the “Re‑authenticate” button.
2 In the Google consent screen, ensure the “View and manage your spreadsheets in Google Drive” scope is checked.
3 After successful auth, n8n stores a fresh refresh token.
4 Save the credential and run the node again.

If the consent screen shows “This app isn’t verified”, add your email under “Testing users” in the Google Cloud console or submit the OAuth consent screen for verification.

3.3 Manually refresh a dead OAuth2 token (advanced)

Purpose: Verify whether the stored refresh token can still be exchanged for an access token.

curl -X POST \
  -d client_id=YOUR_CLIENT_ID \
  -d client_secret=YOUR_CLIENT_SECRET \
  -d refresh_token=STORED_REFRESH_TOKEN \
  -d grant_type=refresh_token \
  https://oauth2.googleapis.com/token

If the response contains a valid access_token, the refresh token works; otherwise, re‑authenticate the credential.

3.4 Service Account – verify JSON key & permissions

  1. JSON key integrity – open the file; it must contain "type": "service_account" and a "private_key".
  2. Domain‑wide delegation – in Google Workspace Admin → Security → API controls → Domain‑wide delegation, add the Service Account’s Client ID with the scope https://www.googleapis.com/auth/spreadsheets.
  3. Sheet sharing – open the target spreadsheet → Share → add the service‑account email (xxxx@project.iam.gserviceaccount.com) as an Editor.

3.5 Test the Service Account API outside n8n

Purpose: Isolate the problem by calling the Sheets API directly with the Service Account.

3.5.1 Create a JWT (header + payload)

jwt_header='{"alg":"RS256","typ":"JWT"}'
jwt_claims=$(cat <

3.5.2 Sign the JWT with the private key

jwt=$(printf '%s' "$jwt_header" | openssl base64 -e -A).$(printf '%s' "$jwt_claims" | openssl base64 -e -A)
signed_jwt=$(echo -n "$jwt" | openssl dgst -sha256 -sign service-account-key.pem | openssl base64 -e -A)
jwt_assertion="${jwt}.${signed_jwt}"

3.5.3 Exchange JWT for an access token

access_token=$(curl -s -X POST \
  -d "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
  -d "assertion=$jwt_assertion" \
  https://oauth2.googleapis.com/token | jq -r .access_token)

3.5.4 Call the Sheets API

curl -H "Authorization: Bearer $access_token" \
  "https://sheets.googleapis.com/v4/spreadsheets/SPREADSHEET_ID/values/A1:D5?majorDimension=ROWS"

A successful response confirms the Service Account credentials are valid; if it fails, revisit the JSON key or delegation steps.

3.6 Review Google Cloud console restrictions

  • OAuth consent screen – ensure the app is in Testing mode with your email added, or promote to Production after verification.
  • API restrictions – under APIs & Services → Credentials → API key, verify the key isn’t limited to an unrelated API.
  • Quotas – a “quota exceeded” error can masquerade as an auth failure; increase quota or wait for reset.

4. Advanced debugging

If you encounter any n8n slack node permission denied resolve them before continuing.

Tool How to use
n8n Execution Log Open the workflow’s Execution tab, expand the Google Sheets node, and inspect the full error object (error.response.body).
Browser DevTools (OAuth flow) In the re‑auth window, monitor network requests to the token endpoint and check the response payload.
Google OAuth 2.0 Playground Paste your client ID/secret, request the same scopes, and compare the returned token payload with n8n’s token.
Postman Replicate the OAuth2 token request to isolate whether the failure is n8n‑specific.

5. Production‑grade fixes & EEFA (Experience, Expertise, Authority, Trust)

  • Rotate credentials regularly – schedule a weekly workflow that re‑authenticates the OAuth2 credential via the refresh‑token flow; store the new token in a secure secret.
  • Least‑privilege scopes – request only spreadsheets unless Drive access is required. Reduces audit surface and speeds verification.
  • Service Account security – keep the JSON key in a dedicated secret store (n8n’s built‑in “Secrets”, HashiCorp Vault, etc.). Never commit it to source control.
  • Error monitoring – integrate n8n with **Sentry**, **Datadog**, or similar to capture authentication failures; add alerts for repeated Invalid Credentials within a short window.
  • Compliance – for GDPR/HIPAA workloads, ensure the Google Workspace domain’s **Data Region** aligns with your policy and that the Service Account is confined to a single project.

6. Quick‑reference checklist

Steps Action
Verify credential type (OAuth2 vs Service Account).
Re‑authenticate OAuth2 credential and accept all requested scopes.
For Service Account, confirm JSON key integrity and that the email has Editor access to the sheet.
Ensure required scopes (spreadsheets) are listed in the OAuth consent screen.
Test the API with curl or Postman using the same credentials.
Review n8n execution logs for the exact error payload.
Check Google Cloud console for API restrictions or quota issues.
Rotate secrets and store keys in a secure vault.
Add monitoring/alerting for recurring auth failures.

Final note

If you’ve followed this guide and the Google Sheets node still fails, open a support ticket in the n8n community. Include the full execution log and a sanitized version of the credential JSON (redact private keys).

Happy automating!

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *