API OAuth in public app?

I have an app that uses a resource with oauth that works normally, but when visited via the public url, the oauth login button redirects to the wrong url and shows an error "Here is the error: JsonWebTokenError: jwt must be provided".

How to make API oauth work in a public url?

1 Like

Hey there @xinlu,

Unfortunately, due to the way that auth is handled in Retool, this won't be possible. On public apps, we collect no user info, which means any kind of authentication would be challenging. All authentication is associated with specific Retool user accounts, and since public app users are fully anonymous there is no user to work with that system. Public apps allow for unauthenticated, open access to the embedded app. If you need to give users access to confidential information or dangerous functionality, they would have to login with a Retool account.

Thanks for the response. Right now to for us to share an app with a new user, they end up needing two separate logins (one for retool, one for our API), and that seems quite cumbersome and confusing. Do you have suggestion on how to best handle this?

It seems that it should be theoretically possible to handle oauth for public anonymous users as well by using cookies to identify the user and storing oauth auth token keyed by the cookie

There is an option to share OAuth credentials between users for a resource, if it is not important for you to authenticate individual users:


I am not sure if this will work with public apps, however, due to what I mentioned in the above post.

Unfortunately we need per user login (which is why we need the API oauth in the first place).

2 Likes

It seems that it should be theoretically possible to handle oauth for public anonymous users as well by using cookies to identify the user and storing oauth auth token keyed by the cookie

Our main focus right now is on use cases surrounding building internal applications, so it would be tough to prioritize this over other work.