Custom Auth - Google SSO

Ofir_Sudai · March 10, 2025, 3:02pm

Hi,

We currently have the following flow in order to get access to our api:

Use Google SSO to authenticate a user (a user is redirected to our own OAuth callback URL)
Once the google id token is authenticated in the callback logic, we generate and return a temporary JWT token that can be used to call our api.

I there a way to integrate this flow into our resources on retool, what would be the best way to achieve this?

Ofir

Custom API authentication

Darren · March 26, 2025, 1:25am

Welcome to the community, @Ofir_Sudai! Thanks for reaching out.

Does this mean that you have a non-Retool server handling the verification of that token? If that's the case (and if you're on a Business plan) I'd probably recommend storing the token as a user attribute via the corresponding API endpoint. That would allow you to reference current_user.metadata.TOKEN_NAME when configuring your resources.

Do you think that might work for your use case? Let me know if you have any questions!

Ofir_Sudai · April 3, 2025, 3:06pm

Hi,

Yes, we have a non retool backend. I was thinking to do the following:

create a base resource with "custom auth:" authentication with the following auth flow:
Oauth2 (Generic) - this will return the google token information
API Request - this will verify the google token infomration and generate our own temporary jwt access token
Define a variable - store the access token as a variable to be used

I was able to verify its working when testing the auth flow.

The current issues im facing:

When using the resources, the auth flow isn't actually triggered and we always get an 401 from our server. I was expecting the auth flow to be triggered every time. Is this because we are not on the enterprise plan?
I am not sure I understand how to handle our access token expiration. either because the auth flow will run everytime then it doesn't matter as the access token will keep refreshing or i need a way to detect that the token is expired (based on a response from our server maybe or whenever there is an error) and trigger a reauth.

The only alternative i can think of is introduce a "login" button on my app that will save the access token as a magic variable and then just reference it any of the other resources.

Ofir

Ofir_Sudai · April 3, 2025, 7:10pm

Hi,

I think i found most of the answers here under the " Use the resource in an app" here:

Thank you

Darren · April 3, 2025, 9:41pm

Glad to hear it! Let me know if there's anything else I can clarify.

Topic		Replies	Views
Authenticating Backend API Calls for User Logged In via Google SSO 🤝 Discussion authentication	9	1332	August 22, 2024
Accessing Google OAuth 'Code' in Retool 💬 App Building welcoming-replies	10	560	September 27, 2024
Implementing Custom Authentication with Retool Self-Hosted Business Plan 💬 Self Hosted Retool login	3	33	June 13, 2025
Storing tokens in custom auth 💬 Queries and Resources	11	3530	June 26, 2023
Connecting to a 3rd party API only using a grant_type=refresh_token 💬 Queries and Resources	9	49	May 5, 2025

Custom Auth - Google SSO

Related topics