Is it possible to force a user to authenticate with a resource right after logging in to Retool?

Hello,

I would like to know if it's possible to prompt users to authenticate with a specific resource immediately after they log in to Retool.

Let me explain the issue: we have a GraphQL resource that requires authentication every 24 hours. Our tech team often receives complaints from internal users who are unable to complete various tasks, and more often than not, this is because they are not authenticated to the GraphQL resource. When users are not authenticated and open any app that relies on this resource, they usually see a pop-up reminding them to authenticate. However, some users tend to ignore this reminder.

Another problem is that when the app initially opens, the queries on that page are triggered right away, even if the user is not authenticated. This results in numerous authentication errors in our logs, which we would like to eliminate.

My idea is to check whether the user is authenticated with the GraphQL resource upon login. If they are not authenticated, I propose redirecting them to the login app, which will require them to authenticate before they can proceed with their daily tasks.

2 Likes

not sure if i fully understand your situation....

Re:

Have you tried:

Prevent the query run from page load by switching the run mode to manual and disable the run from page load, then set the query run trigger manually

Re:

I think you can have a small simply query just to try connection to your resource, and set success, failure condition so the Retool can know what is considered as 'failed'. I don't use GraphQL but I think it will somewhat return a specific message for the login failure.

This simple query is set to run at page load, and you set up following according to the state (fail or success) of this simple query:

  • show / hide button to redirect the user for login
  • show / hide app content

Hi @Tatsiana_Shurakova! Welcome back to the community and thanks for reaching out.

One of the things that makes this challenging is the fact that there's not an easy way for the client to know whether the user is authenticated or not. There are a couple of possible solutions, though.

When authenticating with OAuth2, there's an option when configuring the resource to set up an auth verification endpoint, which determines whether the user is currently authenticated or not and then displays an auth modal accordingly.

This should theoretically address your concern, but it's still possible for users to navigate away from the modal without actually authenticating. Additionally, as you note, the queries still execute on initial page load and result in some noisy errors.

If you are running a custom auth workflow, there is an additional option to run the authentication flow without even requiring user input.

What kind of auth pattern are you using in this particular case? It might help to narrow down your options.

One kind of funny solution is to hide the x with custom CSS: