Im struggling to get Microsoft Graph working as a REST api with Retool. I am trying to return a list of users on my Active Directory into Retool.
I got my app registered onto Azure AD and i was able to query Azure using a bearer token but this expires after 1 hour so i need to properly authenticate Graph with Retool.
Im trying to use Auth2.0. I run Retool on prem. I obviously need the connection to Azure to be secure but if there is an easier secure method vs Auth2.0 im all ears.
I don't really know if what im doing is correct. Example in the scope url i tried adding in the scopes 'Directory.Read.All User.Read.All' which is what i have selected under my API permissions in Azure. Not sure if that is correct. I also tried putting in the scope url https://graph.microsoft.com/.default. Both fail when i try to run them.
No, the 'Magic Token' is on the retool side of things. When you specify 'Authorization' header OAUTH2_TOKEN - this tells retool where to store the Access_token returned by the OAuth2.0 flow.
As long as you put it in the resource setup, it should be taken care of 'magically' when you send subsequent request to the graph api without having to specify the access_token explicitly.
Do you mean where the yellow is i need to replace the text 0AUTH2_TOKEN with an actual token from Azure (and if yes where do i get this because the method i was doing when i started off to get a token was expiring after 1 hour).
No what you have there is exactly how it should be done - that is telling retool that when it gets the access_token, to store it in 'OAUTH2_TOKEN' and when subsequent calls are made, it will ptu the actual access_token value in its spot as a header.
As for you token_expiration, thats on the azure side of things - you can either extend it, or use refresh token flow to grab a new one every so often.
May I ask where you see "Skip Retool consent screen & attempt login"? Is that a paid feature?
I'm not able to make Microsoft Graph queries without constantly reauthenticating and reconsenting. (I'm trying to test a proof-of-concept in Retool before committing to a subscription.)
Thanks. Looks like the option is missing from the free plan.
If it saves you from constantly having to consent and grant access every hour, please let me know! This has been an annoyance for me for most services on Retool using OAuth 2.0 authentication.
Doing some digging in our backend, it looks like the refresh request for your resource is failing because there's a refresh token missing. You may need to specify offline_access in your "Scopes" field as mentioned here e.g.
For some more context - the "Skip Retool consent screen & attempt login" option is only available for self-hosted orgs and it also looks like @rcanpolat is using the client credentials flow which doesn't require user interaction so Retool can automatically auth without needing a refresh token or any user interaction.
