Bug: credentialsValues is empty {} when triggering from an Automation Template (Works fine when you create automation from scratch)

Facing the same issue for a month.

I raised a support ticket on March 17.

Hope it gets fixed soon.

​@Opeyemi have you created a ticket for this yet? this is clearly a bug and tickets should always be opened for bugs.

​@Revilre  Yes I have created a ticket,

They are working on it , they wanted me reproduce the bug. I have done that...and sent them the payloads for both template and building from scratch.

I also attached the link for this thread.

​@Rupam Bhattacharya I know you had, I meant the original poster.

​@Rupam Bhattacharya  Same issue here. If it get resolved please update here. 

Hello! I am also having trouble adding an account in an Automation Template, using the Credentials app feature. When I click “Add account”, a pop up window opens which redirects to Microsoft authentication window (as expected), I select the account I want, but then I get this link in the window shortly before it closes immediately with no account added at all: 
https://....monday.com/add_list_item_success_page?fieldTypeReferenceId=18897145&oauthErrorData=%7B%22message%22%3A%22Missing%20CSRF%20cookie%20on%20callback%22%2C%22name%22%3A%22OAuthAuthorizationError%22%2C%22statusCode%22%3A500%2C%22fieldTypeReferenceId%22%3A18897145%7D

Sidekick says:
This is a very clear and specific error. The URL decodes to:

{

  "message": "Missing CSRF cookie on callback",

  "name": "OAuthAuthorizationError",

  "statusCode": 500,

  "fieldTypeReferenceId": 18897145

}

What this means

The error "Missing CSRF cookie on callback" is a CSRF (Cross-Site Request Forgery) protection failure on monday's side during the OAuth callback. This is happening inside monday's apps-credentials.monday.com infrastructure. 

This is directly related to the Cross-Origin-Opener-Policy browser error you saw earlier. The COOP header on Microsoft's login page causes the popup to lose its cookies/session context before redirecting back to https://apps-credentials.monday.com/authorize/oauth2/redirect-uri. When monday's callback handler receives the redirect, the CSRF cookie that was set when the popup opened is no longer present — hence the error. Monday's infrastructure sets a CSRF cookie when initiating the OAuth flow and expects it back on the callback. The COOP policy from Microsoft's login page is breaking this cookie flow.
 

Recommendation

This is a monday.com platform-level issue with how their Credentials feature OAuth popup interacts with Microsoft's COOP security headers. You cannot fix this from your backend code.

You should:

1. Contact monday.com Developer Support directly with this exact error message (Missing CSRF cookie on callback) and the decoded error URL — this is actionable and specific enough for their team to investigate

2. Post in the monday Developer Community asking specifically if anyone has successfully configured the Credentials feature with Microsoft Azure/Entra ID OAuth — there may be a known workaround
   
   Is this maybe somehow related to your issue also?

One more info:
The most likely root cause

This appears to be a compatibility issue between monday's Credentials feature OAuth popup mechanism and Microsoft's Entra ID login page COOP headers — which is a platform-level issue on monday's side.

​@Revilre is the credentials issue fixed now?? I got a mail from support saying they fixed it.. but I am facing the same issue.

Same here ​@Rupam Bhattacharya.

Have you checked the PCKE checkbox in the credentials feature?
That’s a requirement for OAuth with Microsoft. 

Personally, yes, I have.