We have setup google SSO & user is able to login to retool.
We want our backend APIs to be able to identify the logged-in user & fetch its user group.
How can that be achieved?
Can we utilize Google SSO token to authenticate & identify user & group info ?
I might be missing the point of your question, but have you tried checking out the current_user obj?
Hi Mendy,
yes current_user has the relevant details, but how do I authenticate the Api call coming from the retool?
Is it possible to send google oAuth token to the Api call, using which I can authenticate the Api call & Authorize the user role as well.
Hey folks! Just want to mention these docs here. If you've set up Google as an OpenID provider (docs) you should be able to use the %USER_OAUTH2_ACCESS_TOKEN% and %USER_OAUTH2_ID_TOKEN% variables in your resource setup. Let me know if that helps or raises any further questions!
Tried this, but im getting the string "%USER_OAUTH2_ACCESS_TOKEN%" itself in the request. What might be wrong here?
Hi @Ashish_Mathew_Philip, welcome to the forum! 
What plan are you on?
I'm on a cloud hosted business plan
Configuring SSO with OIDC authentication is an Enterprise feature, this is why it's not working for you. If you’d like to explore whether our Enterprise plan suits your needs, you can book a demo here. 
Oh thanks @Paulo didn't know this was only for enterprise plan 
. Is there any other best practise you could recommend for authorizing the backend API's from retool?
Custom API authentication: