Thursday, 23 April 2026

Connect to EXO Using an Existing Access Token


1️⃣ Access Token Requirements

Your access token must:

  • Be for resource:
    https://outlook.office365.com/.default
  • Include scope:
    Exchange.ManageAsApp

    DELEGATED token (not supported)-Exchange Online rejects delegated user tokens

    Exact Click Path (Step by Step)
    1. Azure Portal → Entra ID
    2. App registrations
    3. Select your app
    4. API permissions
    5. Add a permission
    6. Click APIs my organization uses
    7. ✅ Select Office 365 Exchange Online
    8. Select Application permissions
    9. Exchange.ManageAsApp
    10. Click Add permissions
    11. Click ✅ Grant admin consent

  • Assign the Correct Directory Role

    🔹 Azure Portal (Recommended)

    1. Go to Entra ID
    2. Roles and administrators
    3. Search for:
      Exchange Administrator
    4. Open it → Add assignments
    5. Select:✅ Your application (722a0d98‑ab03‑459b‑b167‑a27717d721b1)
    6. Click Add

    8. ✅ Done

      ⏳ Role propagation can take 2–5 minutes

      <PowerShell>
      $AppId = "<AppId>"
      $Role = Get-MgDirectoryRole | Where-Object DisplayName -eq "Exchange Administrator"
      $Sp   = Get-MgServicePrincipal -Filter "appId eq '$AppId'"
      New-MgDirectoryRoleMemberByRef `
        -DirectoryRoleId $Role.Id `
        -BodyParameter @{
           "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$($Sp.Id)"
      }

2️⃣ Connect to EXO Using an Existing Access Token

✅ Basic Syntax

Connect-ExchangeOnline `
  -AccessToken $AccessToken `
  -Organization "<tenant.onmicrosoft.com>"


3️⃣ Example: Acquire Token Using MSAL (Client ID + Secret)

If you don’t already have the token, here’s a full working example.

Get Access Token
Install-Module MSAL.PS -Force

$TenantId     = "<TENANT-ID>"
$ClientId     = "<APP-ID>"
$ClientSecret = "<CLIENT-SECRET>" | ConvertTo-SecureString -AsPlainText -Force

$Token = Get-MsalToken `
  -ClientId $ClientId `
  -TenantId $TenantId `
  -ClientSecret $ClientSecret `
  -Scopes "https://outlook.office365.com/.default"

$AccessToken = $Token.AccessToken

Connect-ExchangeOnline `
  -AccessToken $AccessToken `
  -Organization "$TenantId"

1️⃣ Wrong access‑token audience (MOST COMMON)

Exchange Online does NOT accept Graph tokens.

✅ Token MUST be issued for:

https://outlook.office365.com/.default

❌ This will fail:
https://graph.microsoft.com/.default


When to Use AccessToken Auth

✅ Best for:

  • Azure Automation
  • CI/CD pipelines
  • Managed Identity
  • Custom auth flows

Posted by at No comments:

Tuesday, 21 April 2026

n8n - Don’t See “Execute Command”

 

✅ Why You STILL Don’t See “Execute Command”

In recent versions of n8n, the Execute Command node is disabled by default for security reasons, even in local installations.

That’s why you see this message:

“We didn’t make that… yet”

👉 n8n is intentionally hiding the node until you explicitly allow it.

✅ THE FIX (Official & Supported)

You must enable the Execute Command node using an environment variable, then restart n8n.

✅ STEP‑BY‑STEP FIX (Windows – Local n8n)

✅ STEP 1: Stop n8n

If n8n is running:

  • Close the terminal
    OR
  • Stop the service / Docker container

✅ STEP 2: Set the Required Environment Variable

You must enable command execution explicitly.

👉 Option A: Temporary (for testing)

Open Command Prompt:

set N8N_ENABLE_EXECUTE_COMMAND=true
npx n8n

⚠️ This works only for that session

✅ Option B (RECOMMENDED): Permanent (Windows)

  1. Press Win + R → type sysdm.cpl
  2. Open Advanced tab
  3. Click Environment Variables
  4. Under System VariablesNew

Name

N8N_ENABLE_EXECUTE_COMMAND

Value

true
  1. Click OK
  2. Restart Windows (important)

✅ STEP 3: Start n8n Again

npx n8n

OR start your service / desktop app.

✅ STEP 4: Confirm It Worked

  1. Create a new workflow
  2. Click ➕ Add node
  3. Search for:
Execute Command

✅ You WILL see it now

✅ STEP 5: Correct Node Configuration (Windows)

✅ Use Execute Command node (NOT SSH, NOT Python)

Command
python runner.py Sumant

Working Directory
D:\PSScripts

✅ No quotes
✅ No trailing slash
✅ No full path in command

✅ FINAL WORKING FLOW

Manual Trigger
   ↓
Execute Command
   ↓
Python → PowerShell

🧠 Why n8n Does This (Important to Know)

n8n disables local command execution by default because it can:

  • Run arbitrary OS commands
  • Access files, services, registry, AD
  • Be dangerous in shared environments

So n8n forces an explicit opt‑in.

This is by design, not a bug.

✅ Security Best Practices (Since You Enabled It)

✔ Use a dedicated automation user ✔ Avoid running as Administrator unless needed ✔ Validate all inputs ✔ Never pass raw user input into shell commands

Posted by at No comments:
Subscribe to: Posts (Atom)