GraphQL resource staging environment custom auth bug with magic variables

sf_tech_bro · January 13, 2023, 3:31am

I perform authentication for my GraphQL API using the Retool Custom Auth builder.

The general flow is to create a sign-in with my auth provider, use this sign-in to create a session token, and then use the session token to create a JWT token to include in requests to the actual GraphQL API.

I make use of the Define a variable step to store values such as the sign-in ID, the session token, and the JWT token. E.g.
Step 1. POST request to auth provider API that returns the sign-in ID
Step 2. Store sign-in ID in magic variable named SIGN_IN_ID
Step 3. POST request to auth provider API to get a session token, using the SIGN_IN_ID variable as a request query param

I use different variable names between production and staging environments (for the resource in Retool). Variables in the staging config are appended with _STAGING, e.g. SIGN_IN_ID (prod), SIGN_IN_ID_STAGING

When I go to test the auth flow for staging however, I receive an error like: {"errors":[{"message":"not found","long_message":"No sign in was found with id sia_2KFRlH2rKE0ysSydLL8vK7kBdiC_STAGING","code":"resource_not_found"}]}
This is happening during above step 3, the POST request to the auth provider API to get a session token, with the SIGN_IN_ID_STAGING variable as a request param.

It looks like the variable substitution is not happening correctly, like the sign-in ID is being stored in a variable called SIGN_IN_ID instead, and then when it gets substituted, the _STAGING is just a regular string.

A guess from me is that this is some sort of cache issue or missed update. Originally both prod/staging environments were using the same magic variable names for all the steps except for the one storing the JWT token, which was differentiated by _PROD and _STAGING. I added the _STAGING suffix because I couldn't get the Refresh Auth workflow working for staging, and I thought conflicting magic variable names between prod/staging could've been the culprit. The error from testing the refresh auth workflow for staging was "message": "{\"errors\":[{\"message\":\"Signed out\",\"long_message\":\"You are signed out\",\"code\":\"signed_out\"}]}",

I just did an experiment where I appended _PROD to all the variables in the prod environment, and I got the same error: No sign in was found with id sia_2KFRlH2rKE0ysSydLL8vK7kBdiC_PROD

Any ideas on what's wrong here?

Kabirdas · January 19, 2023, 2:26am

Hey @sf_tech_bro!

This looks like it's a potential bug on our end. Can you try either of the following and let me know if you're able to query your endpoint correctly?

1. Change your custom auth flow to set the SIGN_IN_ID magic string to a blank value and run the flow once to clear the value that is currently cached, then try your original flow again:

2. Recreate the resource with your new flow

Either way, this looks to be behavior that should change on our end and I'll pass it along to the devs, just want to get you up and running for now!

sf_tech_bro · January 25, 2023, 6:27pm

Thanks for the suggestions @Kabirdas

What ended up working for me was clicking Remove configuration for my staging environment, and then re-configuring it.

Method 1 of changing the magic variable to a blank value, running the flow, then setting again did not work for me.