Skip to main content
Question

Credentials feature not working

  • April 7, 2026
  • 4 replies
  • 95 views
Y

Hi,

We are migrating the authorization url to new credentials feature. After completing the OAuth process the account is not added in the recipe and there are no error message. 

We have followed the steps shown in this tutorial by monday.com. We tried multiple times and it’s not working at our side. 

Below is the extra details json body we are returning.
{  
  "providerUniqueIdentifier": "728e0ec1-8a0b-403d-86e4-8a9d65b3e85e",
  "displayName": "Mock Account"
}

Has anyone else run into this issue? If so, how did you resolve it?

Thanks

4 replies

K
  • Kenotom dev
  • Participating Frequently
  • May 8, 2026

I have the exact same issue. I have posted here a detailed error I have found after debugging.
Bug: credentialsValues is empty {} when triggering from an Automation Template (Works fine when you create automation from scratch) | Community

Y
  • YuvrajSingh
  • Author
  • Participating Frequently
  • May 8, 2026

We have been stuck on this for the past three weeks.

We created a support ticket, which is still open.

 

Due to this, we haven't migrated to the new Automation Builder yet.

K
  • Kenotom dev
  • Participating Frequently
  • May 11, 2026

@YuvrajSingh Have you tried to use the credentials app with the old integration app? Does it work? Thanks in advance.

K
  • Kenotom dev
  • Participating Frequently
  • May 11, 2026

I am writing here the error again, for easier reference.

 

I am having trouble adding an account in an Automation Template, using the Credentials app feature. When I click “Add account”, a pop up window opens which redirects to Microsoft authentication window (as expected), I select the account I want, but then I get this link in the window shortly before it closes immediately with no account added at all: 
https://....monday.com/add_list_item_success_page?fieldTypeReferenceId=18897145&oauthErrorData=%7B%22message%22%3A%22Missing%20CSRF%20cookie%20on%20callback%22%2C%22name%22%3A%22OAuthAuthorizationError%22%2C%22statusCode%22%3A500%2C%22fieldTypeReferenceId%22%3A18897145%7D

Sidekick says:
This is a very clear and specific error. The URL decodes to:

{

  "message": "Missing CSRF cookie on callback",

  "name": "OAuthAuthorizationError",

  "statusCode": 500,

  "fieldTypeReferenceId": 18897145

}

What this means

The error "Missing CSRF cookie on callback" is a CSRF (Cross-Site Request Forgery) protection failure on monday's side during the OAuth callback. This is happening inside monday's apps-credentials.monday.com infrastructure. 

This is directly related to the Cross-Origin-Opener-Policy browser error you saw earlier. The COOP header on Microsoft's login page causes the popup to lose its cookies/session context before redirecting back to https://apps-credentials.monday.com/authorize/oauth2/redirect-uri. When monday's callback handler receives the redirect, the CSRF cookie that was set when the popup opened is no longer present — hence the error. Monday's infrastructure sets a CSRF cookie when initiating the OAuth flow and expects it back on the callback. The COOP policy from Microsoft's login page is breaking this cookie flow.
 

Recommendation

This is a monday.com platform-level issue with how their Credentials feature OAuth popup interacts with Microsoft's COOP security headers. You cannot fix this from your backend code.

The most likely root cause

This appears to be a compatibility issue between monday's Credentials feature OAuth popup mechanism and Microsoft's Entra ID login page COOP headers — which is a platform-level issue on monday's side.

 

CC: ​@OmerK , ​@noa.rapoport Would you happen to have any information regarding this matter? Is this an already known issue or bug? Thank you in advance!

 

Terms & ConditionsAccessibility statement