We are using custom auth first to perform Google Oauth2 login and then making an API call to our backend service to get the permissions this logged-in user has. We would like to know where we can set this permissions array to access it outside the resource.
In what contexts are you using these permissions outside of the resource? I'm particularly curious about the gaps you're looking to fill in the built-in permissions.
It's possible to have a query that runs on page load in an app which hits your permissions API with the OAuth 2 token and then stores the resulting array in
localStorage or something similar. In other words, you would configure a resource with Google auth, and then have the request to your permissions API happen from the app instead of from the auth flow.
If it's helpful you could set this up on a Workspace so that it happens automatically when someone logs in to Retool.
Retool Embed offers an alternative method to set user permissions when they log in based on an external auth service. If you haven't gotten a chance to already, it's worth checking out!