Overview
The QuotiAuth node is designed to authenticate users using the Quoti authentication service. It checks if a user possesses specific permissions and retrieves their user data. The node is useful in workflows where you need to validate user access before proceeding with further automation steps, such as granting access to resources, filtering data based on user roles, or enforcing security policies.
Practical examples:
- Validating that an incoming API request has the required permissions before processing sensitive data.
- Authenticating users in a workflow that integrates with Quoti-based applications.
- Filtering or routing workflow execution based on user roles or permissions.
Properties
| Name | Type | Meaning |
|---|---|---|
| Permissions | JSON | An array of arrays of strings (string[][]) specifying the permission clusters to check, e.g. [["users.list"]]. Each inner array represents a set of permissions; passing any cluster grants access. |
| Output Only User's Data | Boolean | If true, only the user's data is output. If false, the output includes the input data, user data, and the validated permissions. |
| Options → User Token | String | Optionally override the token used for authentication. Must start with Bearer (user token) or BearerStatic (service account token). Defaults to the token from input headers. |
| Options → Organization Slug | String | Optionally override the organization slug. Defaults to the value from credentials. |
| Options → Organization API Key | String | Optionally override the API key. Defaults to the value from credentials. |
Output
On Success (Pass Output):
- If "Output Only User's Data" is true:
{ "user": { /* user data object */ } } - If "Output Only User's Data" is false:
{ /* original input fields */, "user": { /* user data object */ }, "quotiAuthValidatedPermissions": [ /* list of validated permissions */ ] }- If the input contained binary data, it is preserved in the output.
- If "Output Only User's Data" is true:
On Failure (Fail Output):
- If the user lacks required permissions:
{ "user": { /* user data object */ }, "error": { "message": "User missing permissions ...", "type": "unauthorized" } } - If authentication fails (e.g., invalid/expired token):
{ "error": { "message": "The user could not be retrieved. There is a problem with the user's token or the api key.", "type": "unauthenticated" } } - For unknown errors:
{ "error": { "message": "Unknown error: ...", "type": "unknown", "errorData": { /* error details */ } } }
- If the user lacks required permissions:
Dependencies
- External Service: Requires access to the Quoti authentication service via the
quoti-authpackage. - Credentials: Needs n8n credentials named
quotiApicontaining at least:orgSlug(Organization Slug)apiKey(Organization API Key)
- API Key / Token: Either provided via options or extracted from input headers.
- Environment: No special environment variables are required beyond standard n8n credential configuration.
Troubleshooting
Common Issues:
Missing Credentials:
Error:"No credentials got returned!"
Resolution: Ensure thequotiApicredentials are configured in n8n.Invalid Permissions Format:
Error:"The permissions parameter is not JSON with valid array of array of strings (string[][])"
Resolution: Make sure the "Permissions" field is a valid JSON array of arrays of strings, e.g.[["users.list"]].Missing or Invalid Token:
Error:"Missing token from request headers and from parameters"
Resolution: Provide a valid token either in the input headers or in the "Options → User Token" property.Error:
"The token must start with Bearer or BearerStatic"
Resolution: Ensure the token string starts withBearerorBearerStatic.Authentication Errors:
Error:"The token is invalid or has expired"
Resolution: Check that the token is current and correctly formatted.Error:
"The user could not be retrieved. There is a problem with the user's token or the api key."
Resolution: Verify both the token and API key are correct and active.