How can I get the ID token from OAuth 2.0 authentication?

cstimber · August 23, 2024, 2:40am

Goal: I want users to authenticate using Google before they use a GraphQL resource so that my GraphQL server can tell who they are and act accordingly.
Steps: I've set up the OAuth 2.0 authentication documented here (Configure API authentication | Retool Docs). Authentication is succeeding, and I am able to use the "OAUTH2_TOKEN" magic string to send the authorization token to my server.

The trouble is that I don't need the authorization token; I need the ID token, aka the authentication token. Is there a way to access it? I haven't seen any documentation of a magic string for the ID token.

Also, I understand that I could implement similar functionality with the Enterprise plan and SSO, but I don't need SSO, and Retool tells me in this screenshot that it already has the ID token.

cstimber · August 26, 2024, 9:14pm

I don't think it's explicitly documented, but it turns out it's really easy to do this. If you do "custom authentication", and add a step to the workflow, one of the step types is "OAuth2 (Google)". Once you've configured your OAuth client on the Google side of things, that step in the custom authentication workflow just works; you don't really have to customize it. Next all you have to do is add a "Define a variable" step and add the defined variable to your headers.