1) My goal: Configure Cookie based authentication using cookie forwarding through retool with gRPC backend. Backend authenticate endpoint responds with HTTP Response headers containing a Set-Cookie, HttpOnly, Secure auth cookie that should be forwarded to the user's browser and included in request headers for authentication in future api requests.
2) Issue: The documentation page for authentication and cookie based API's, states this should be possible.
Though Retool proxies all HTTP requests through the backend, Retool supports forwarding the cookies set by the API to the user's browser. This includes attributes such as the expiration date. The cookies are then stored in a
HTTPOnly
cookie in the user's browser, which is tied to the lifecycle of the user's current session.
To configure this, tell Retool the name of the cookie that should be forwarded onto the user's browser. You can also specify a URL to check the user's authentication status.
However, in retool cloud I'm not seeing anywhere to " tell Retool the name of the cookie that should be forwarded onto the user's browser." (using Retool cloud and a gRPC resource for the backend api). I've looked under Resource Settings > Authentication and tried every version available including custom authentication. I've not been able to find any more detailed retool documentation on the setup process for this. Only this forum post from November saying it might be a deprecated feature of session based auth, which I don't see any option to configure for gRPC resource. The documentation page doesn't indicate this feature is limited to self hosted retool or a deprecated feature.
- Is this still supported?
- If so, how should it be configured? Is there any better documentation on the configuration process than what's in Configure API authentication | Retool Docs
3) Troubleshooting - Created many different gRPC resources and tried every "authentication" config scheme. Searched all documentation and forum posts for answers. Tried custom authentication and manually getting the header cookie value without success.
4) Additional info: Retool - Cloud hosted.
Thanks in advance for any and all help/information you can assist with.