I am starting to plan out an app for us to use internally that I would need to write to a series of google calendars that we own, so having the capability to add a service account would be great.
Also I am also having to reauth every couple of days.
Hey @CCM! You shouldn't have to reauth every couple of days 
Would you mind sharing a screenshot of your current resource setup page?
Were you able to figure out a workaround on this?
Hey @CCM!
You mentioned having to auth every few days - are you consistently using the app in between needing to auth or is it that, after leaving the app for some time, you need to auth again? Also, is this happening when you try and run a particular query? And are multiple users running into this same issue?
@Kabirdas thanks a million for getting back. Since I am building this out on the side, there were somedays between each use, so for the past few days, I have been running the query everyday, and its been working fine.
The issue was arising when I was trying to POST to my calendar, and I am the only user in my retool using it.
Thanks for all you all do!
got it, good to hear that it's at least authing normally with regular use! If you do have a period where you're away from the app again for a bit I'd be interested to see what your token status looks like when you return before needing to auth again. You should be able to find it on the resource setup page:
Also when you say a "few days" could it be that you're needing to re-authenticate every 7 days? I'm wondering if you might be running into this refresh token expiration period, though it looks like that should only be true for SSO apps that have a "Testing" status.
Hello!
Just want to give a quick update here that REST resources should now support Google Service Account auth 
2 Likes
Hey!
any documentation about it? Cannot find any and I cannot make it work. I am not sure whether I am missing something obvious or if something does not work as intended...
Thanks!
Great news! I'm trying to use the new Google Service Account auth. I created a new resource with my service account's json key, but I'm getting an error:
Could this be a Retool bug?
We encountered to the same thing. I'm trying to add REST API for Google Cloud Storage services using service account credentials, but the Bearer token generated by Retool backend is incorrect. If I use Bearer token generated by gcloud CLI based on the same account credentials account file it works well.
UPD: I just made an investigation:
-
Printed out information about service account using
gcloud auth describe foo@bar.gserviceaccount.comcommand. The service account email can be found in it's credentials file. In the output you will see information about the account and it's tokens, including private key. There are two fields containing different tokens: id_tokenb64 (JWT) and token. -
The token field contains temporary access token which also can be obtained using the command
gcloud auth print-access-token --impersonate-service-account=foo@bar.gserviceaccount.com -
When I tried to use query, I found out that Retool backend uses id_tokenb64 field instead of token for Bearer header, so that's why the whole thing does not work.
Please fix it soon. We want to use Google APIs for our services.
2 Likes
Hey @etcetera @omarkhan, taking a look. Can also repro and getting this over to the engineering team responsible. I'll update this thread as soon as I have additional information to share.
For further update, Google Service Account auth works well for Cloud Functions, but isn't set up for Drive, Cloud storage API. We have an internal ticket tracking this now and will update this post as soon as there is additional information to share. Thanks!
@etcetera Thank you for reporting the issue with Rest API. Since you're using Google Cloud Storage, I want to point out that we support Google Cloud Storage as a resource type & it has support for service account. You may try it while we're working on supporting Rest API!
@joeBumbaca I also hoped to have this working. We are migrating over to a paid account and suddenly the big convenient feature doesn't work. Seeing as the service account option has been out for over a month and @etcetera has kindly discovered the simplicity of the issue, is it thought the fix will be very post dated?
@Shawn_Crocker @Harry_Doan and team are working on this. Looks like an option to supply the appropriate scopes, which will then allow us to use the appropriate token depending on the service that is being used (Cloud Functions vs Drive API etc), should be out in our next cloud release. Will confirm here when it is available.
@Shawn_Crocker @etcetera @omarkhan The "Google Service Account" authentication option should now work with google apis. There should be an option to enter the service account scope now, and you can use it to query from google drive. Please give it a try and let me know if you still run into any issue!
3 Likes
This is great! I will test it out over the weekend. And report back.
@Harry_Doan happy to report, my service account is being authorized properly now. Thanks for fixing this so fast! This is really going to cleanup how our users get into our app
2 Likes