Auth trigger Login Test URL Failing

So using a custom Auth flow to connect to Xero API using OAuth2 (needs custom to get the tenant id correctly etc.).
Auth is working fine, no issues I can call a resource and get the expected response etc. However I Cannot for the life of me get the Auth trigger Login Test URL to return a positive (logged in result) even trying the same resource etc as a valid query that is returning results...

Any ideas please?

Hey @mawdo81!

If you check the authentication status from the resource page are you able to see a request and response object?

If not, it might help to see a screenshot of your resource setup page that includes the auth trigger login test, taking a look at the working query you mentioned would be helpful as well! If you rather not post them here feel free to DM me as well!

  1. request: Object

  2. url: ""

  3. method: "GET"

  4. body: null

  5. headers: Object

1. User-Agent: "Retool/2.0 (+"

2. Authorization: "---sanitized---"

3. Xero-tenant-id: "ff6bf455-89ec-4728-a554-d6040a12a27a"

4. Accept: "application/json"

5. x-datadog-trace-id: "8099149944402946082"

6. x-datadog-parent-id: "2359996095682121116"

7. x-datadog-sampling-priority: "2"


  1. response: Object

  2. statusCode: 401

  3. statusText: "Unauthorized"

  4. body: Object

1. Type: null

2. Title: "Unauthorized"

3. Status: 401

4. Detail: "AuthenticationUnsuccessful"

5. Instance: "4d527d84-2e92-4ea0-a5dc-854610150261"

6. Extensions: Object

Yet using in a resource query gives a successful response, once authenticated. So there is something fishy happening in the login test that I can't fathom.

1 Like

Thanks for posting such a complete view of your setup @mawdo81, it's great context!

For some further testing - if you switch the endpoint to be it should send an unsanitized request back to you. Does the token look correct in that request? If it doesn't, would you mind posting here what you're seeing instead of the token?

so the request looks fine to me in that Postman response. The token is as I'd expect

Is the behavior any different immediately after you authenticate the resource? I'm curious if an issue with the refresh flow may play a role here. Per these docs, it looks like Xero returns the auth token in the access_token property of the response as opposed to auth_token I'm wondering if the token you're seeing returned by Postman echo is an expired one :thinking: Would be interested to know what a request to the Xero endpoint with that token hardcoded into it returns.

Also curious to see more info about what the successful response looks like when you make the query from your app, in case there's something in it that Retool isn't processing correctly. Would you mind sharing screenshots of the request from your browser's dev tools?

1 Like

Grr! PEBCAK. Sorry @Kabirdas your eagle eyes are better than mine...It does appear to be access vs auth error in my setup

No worries! Glad that fixed the issue :grinning: