Hey, we've configured a resource with the OAuth 2.0 settings. We're using Google, and it seems that the tokens expire after 1 hour by default. Google's solution to this is to use refresh tokens to acquire a new access token, however, it doesn't appear that Retool does this for us.
The result is that our team members are constantly needing to re-auth. I assumed that Retool would store the refresh token (which I think should be valid indefinitely) and refresh the token when our backend returns a 400 or when the the google auth fails.
Does anyone know how we can configure retool to do this? Or is it something we need to somehow hook into and do ourselves?
I've tried changing the expiry time in the settings to alleviate the issue but that also doesn't seem to have any effect.
Our team investigated trying to pass in params to let Google know that auth tokens should last longer than an hour but currently their API no longer accepts this param
If you have selected Custom Auth and then chosen the OAuth 2.0 option, then the resource should refresh auth when the backend returns a 400 or when google auth fails.
Here is a link to another thread where my team member came up with a test to check and see if a new token is auto-generated correctly.
Check this out and see if the token is re-generated, if not there might be an issue with the resource set up. In this case, let me know and I can open a DM conversation with you to share a screenshot to further troubleshoot.
Hey Jack, thanks for that. The link helped me search for this modal with the token status which clearly shows the issue, there is no refresh token being granted/received/stored!
I believe I've solved the problem by adding access_type=offline to the end of the Auth URL and changing the prompt method to "Consent". I now see a refresh token - I'll let you know if it doesn't work
It would be good to include this info in the OAuth setup docs if possible!
Just filed a request to our docs team to add in more details on that
Turns out the refresh won't work without the prompt method being set to "Consent". So it should be set by default but there are users who created their auth prior to this change or users that might have changed this that would experience the same isse.
