How to correctly configure OAuth2 with Google for Supabase REST API in Retool (RLS not working)”

1. My goal:
   I want to secure my Supabase REST API in Retool using Google OAuth2, so that only authorized users can access data. Supabase RLS policies should return a 401 error if a user is not authorized.

2. Issue:
   I connected Retool to Google OAuth2 and it shows "Connected".
   In my REST API resource I set:

• URL parameter: apikey = sb_publishable_key
• Header: Authorization: OAUTH2_TOKEN

The connection works (no errors in Retool), but Supabase does not apply RLS correctly.
Even unauthorized users can still query data.

3. Steps I've taken to troubleshoot:

• Verified OAuth2 connection in Retool (works, tokens are generated).
• Tried Authorization: OAUTH2_TOKEN
• Enabled RLS and added policies in Supabase.
• Verified policies using Supabase directly (they work outside Retool).

4. Additional info:

• Retool Cloud (not self-hosted).
• Supabase project URL:
• Added Google Cloud credentials for both Supabase and Retool OAuth. (so both sides are connected with Google)
• Screenshots:
  
  

  Captură de ecran 2025-09-05 1209421025×853 54.8 KB
  
  
  

  Captură de ecran 2025-09-05 121236723×968 60.6 KB
  
  
  

  Captură de ecran 2025-09-05 121256735×440 24.5 KB
  
  
  

  Captură de ecran 2025-09-05 1218171513×1010 110 KB

Sorry for the delay in getting to this, @Gabii! I'm not particularly familiar with the Supabase API but will hopefully have a chance to look into this soon. Alternatively, this might be an interesting use case to discuss during Office Hours, as well, if the timing works.