Auth0 token is not cached

I have a configured resource that uses the Auth0 authentication method.
The configuration was quite simple. Just add

  • Auth0 Domain
  • Auth0 Client ID
  • Auth0 Client Secret

But the problem is that every time the resource is used, a M2M token is required.

Does Retool have a cache functionality for the token? If so, how can I enable it?

1 Like

Hey @francesco.barbera :wave: I see that you have an internal conversation with Victoria about this -- you are in great hands with her :muscle: Once you both find a solution would you mind sharing it here as well? Thanks so much!

@francesco.barbera, if you were able to find a solution for this issue, it would be great if you could post it up here - I'm having the exact same issue.

@lauren.gus perhaps you could check in with Victoria as well, and she could check her notes to see if a solution was found.


Still working with Francesco, actually! Thank you for tagging me in here, @mikehedman :slight_smile: Will post a solution here once we get there. In the meantime, happy to help look into your setup as well!

Hi @victoria,
It would be great to get some insights on our issue, since we're not sure if we're doing something wrong or don't have something configured properly, or if there's a problem on the Retool side.
We are getting log entries of Retool repeatedly requesting an M2M token, sometimes like 4 times with 2 minutes for the same audience and client_id. Our expectation is that it should be caching for 24 hours.
I've been told we've had this issue before, and that Retool had done something that fixed it, but it looks like it might be back.

Hi @mikehedman! Hmmm, this is probably pretty specific to your setup. You said this was working before, correct? Any changes you made on the Retool side or your API side? Has this repeated requesting happened consistently or just sometimes?

It's been a while since we last discussed this - but I'm still getting alerts almost daily, so I would like to press on towards a solution.

I may have confused the issue by saying it worked before. I was looking at the logs, but log retention policies may have been cleaning things up for the past, making them look better than they were.


Hey Mike! Nice to hear from you again :slight_smile: Though sorry it's under this context.

Do you know if you have your Auth0 set to "Machine to Machine Application" (which will perform a token request for every single query) or to "Single Page Application" (which has Retool to requests only one token and keeps it until it expires)?