How to re-use Google SSO Token for self-hosted retool?

As described here in the link below I'm struggling to re-use the access token from retool used for google login.

I would like to forward this token for use with the backend graphql API I have (ie. so it's easy to configure a JWT authorizer with AWS API Gateway) however I cannot seem to figure out if there is a magic variable that should be available when configuring the graphql resource headers.

Can this be done? in /docs/sso-generic-openid-provider it seems possible but maybe that is the difference between "generic" and "google".

I've made it work with a contrived custom auth workflow that prompts the user to authenticate again and uses that variable. Ideally the user of the app wouldn't need to have to login to google more than once though.

The ideal would be for me to be able to set the header value to "Bearer USER_OAUTH2_ACCESS_TOKEN" however this does not work (and neither does it work with the documented %% syntax) so guessing it's a google sso thing - even though google is simply a standout OAUTH2?

Hey @chrisui seems like your issue is being addressed here, so I will go ahead and lock this thread so we don't have multiple threads of the same conversation. If a new issue comes up feel free to post here again or reach out to our support team! Thanks