I have an app that uses a resource with oauth that works normally, but when visited via the public url, the oauth login button redirects to the wrong url and shows an error "Here is the error: JsonWebTokenError: jwt must be provided".
Unfortunately, due to the way that auth is handled in Retool, this won't be possible. On public apps, we collect no user info, which means any kind of authentication would be challenging. All authentication is associated with specific Retool user accounts, and since public app users are fully anonymous there is no user to work with that system. Public apps allow for unauthenticated, open access to the embedded app. If you need to give users access to confidential information or dangerous functionality, they would have to login with a Retool account.
Thanks for the response. Right now to for us to share an app with a new user, they end up needing two separate logins (one for retool, one for our API), and that seems quite cumbersome and confusing. Do you have suggestion on how to best handle this?
It seems that it should be theoretically possible to handle oauth for public anonymous users as well by using cookies to identify the user and storing oauth auth token keyed by the cookie
It seems that it should be theoretically possible to handle oauth for public anonymous users as well by using cookies to identify the user and storing oauth auth token keyed by the cookie
Our main focus right now is on use cases surrounding building internal applications, so it would be tough to prioritize this over other work.