Goal: My goal is to list a number of users, each with different credentials and authorization levels, who belong to another web app that is hosted somewhere else, outside of retool. I want to be able to click on a particular user and be taken to the external website and be logged-in over there.
Knowledge so far: What i could gather from the documentation so far is that this is something that retool does not offer as a pre-built function/feature. Like i'll have to make the API calls to login the user, and then use javascript to open the external web app.
You are correct, logging users into the TPA would be on that end, not on Retool. So if you own the backend of that other webapp, you could create endpoints where we could make a request from Retool, and pass data needed for login. That being said, it wouldn't be safe to expose the password digest on either side, so the safest route would be so set up SSO on the TPA.
A question for your use case: If you have a list of users on Retool, and clicking on one of them would sign that user in on the TPA. Doesn't that sound like big risk? A malicious user could make changes on any account.