I have managed to get Auth0 working. After the user has logged in with Auth0 the OAUTH2_TOKEN becomes available and in my backend I can call to the auth0 api to validate that token and get the users details.
I feel like this is an extra step though and that I would much rather use the currently logged in Retool user instead of an extra authentication. I’m not totally sure what this would look like but I think I would like the user to log in to Retool, then once in an application a magic variable called RETOOL_TOKEN
(or whatever) is available for me to use in query headers.
Such as:
Authorization: Bearer RETOOL_TOKEN
Or maybe its {{ current_user.token }}
or {{ authContext.opaqueToken }}
or whatever you want to call it.
Then in my backend I would like to essentially do this:
const { authorization } = req.headers
const { data: payload } = await axios.get("https://mydomain.retool.com/userinfo", {
headers: { "Authorization": authorization },
});
if (payload) {
const { sub, email, roles } = payload;
return {
ok: true,
token: createRetoolJwt(sub, email, roles)
}
} else {
throw new ForbiddenError()
}
Is there a way to do this currently?