I'm building an external application and need my users to authenticate different account types (Quickbooks, Microsoft, Google) using the standard OAuth2.0 flow. I have the authentication working, and can make API requests for the authenticated user while they are logged into the retool app.
I am trying to use workflows, since I have some actions that are triggered via webhook outside of the app.
However, it seems user-based auth isn't supported in workflows, so I'm struggling to move forward to use the relevant authenticated user information for further API requests when a trigger occurs.
E.g.
Our clients authenticate their accounts (Quickbooks, Microsoft, Google) in Retool
We then subscribe to webhooks for events such as payments in Quickbooks or new emails in Microsoft / Google
Those events should trigger a workflow that then lets us make additional API requests as the authenticated user related to the webhook event -- like creating an additional invoice in Quickbooks, or sending out an email in Microsoft / Google.
In the workflow, when I try to create a resource block that calls the relevant API, I see an error message as follows:
Auth not supported: this resource uses user-based authentication. Create a version of this resource that only has server credentials (e.g., a service account), or turn on "Share user credentials with all users" in the Resource Config.
I don't think either of these options solves my use case - please let me know if I'm missing something!
Server credentials: I can't figure out how to implement this. I've tried the 'Client Credentials' flow instead of the standard auth, but to no avail. Is there anything else?
Sharing user credentials doesn't work because each user needs to be authorized with their own credentials (my understanding here is that sharing credentials would only work for one internal organization, not an external app).
How can I proceed? Any help would be greatly appreciated!
Hi @megan, welcome to the forum!
We currently do not support Custom Auth in Workflows, but it's a feature we are tracking requests for. Unfortunately, until then, our options do not solve for your use case.
+1 on this feature request; and are there any news on when this would be available?
Our use case:
we are building app for external users where they could oAuth gmail and then workflow would periodically fetched emails and parsed out received invoices and store them into db.
We tried to capture Token and refresh token in the app and store them to db (encrypted). We managed to get access token - if you place it to URL parameters you can view call data and it's not sanitized. But refresh token is still a problem, so we hit a dead end here. Is there any known workaround?
Else we will have to deploy a separate app where we'll redirect users just to preform oAuth and capture the tokens. but we'd prefer not to do this if this can all be managed within retool.
Thank you for the info! Very cool use case, I added your +1 to the ticket
I am going to ping the workflows team and see if they have any updates for me, they have assigned this ticket to an engineer but we are also working on some major AI tools in workflows so bandwidth has been stretched thin
Hopefully I can get some good news from them on this ticket and update this thread
Right now, Retool Workflows don’t support using authenticated user credentials (like OAuth or custom user tokens) inside API requests.
When a workflow runs, it uses shared or service-account credentials, not the logged-in user’s credentials.
If you need to use user-specific tokens, the only workaround is to pass the token as a parameter from your app into the workflow and then use it manually in the API request headers.
Otherwise, you’ll have to handle user-specific authentication outside of Retool Workflows until Retool adds official support for it.
