Retool's OAuth2 flow is built off of generally used parameters, if you want a more configurable one you might be able to set it up using custom auth. Assuming your auth follows this flow:
you might try creating a custom auth flow with 4 steps:
Use a "Redirect to SSO" step that passes the necessary information as URL parameters (e.g. your Client ID)
Define a variable to store your grant code - at this point, you can reference any arbitrary value passed either in the body or URL params from your IdP
Use an API request step to query your authorization server with the grant
Define a variable to store your Access Token and whatever other properties you need to query your resource
Finally, you can include your access token variable in your query requests as normal
Other flows are also possible but you'd need to configure the steps accordingly. Let me know if this helps or you run into any issues!
Note: If you're using this custom auth flow your callback url will be different so make sure to add it to your oauth app!
any idea how to integrate microsoft graph and get the user to be able to be able to accept permission request. My integration works for my if I test the resource but if a user logs in they don't get prompted to give access to microsoft graph api.
So my auth provider sends the code with the callback url after oauth2 success. I need this code for further query basically getting refresh token. How can I achieve it ?
your comments says " 1. Define a variable to store your grant code - at this point, you can reference any arbitrary value passed either in the body or URL params from your IdP" how can we catch values of url params ? http1.url ?
It depends a bit on your endpoint but I would expect it to be in redirect1.urlparams. If you set up your custom auth flow to the point where you have the Redirect to SSO step defined, then save it and click "Test auth workflow" you should see a JSON representation of all the variables you have access to:
The above screenshot is incomplete but hopefully, it gives you an idea. I would check that to see if you can find the code somewhere under redirect1. You might end up referencing something like {{ redirect1.urlparams.code }}.