Hello,
I've created a scheduled workflow to fetch data via API calls. The workflow requires obtaining an initial access token and then using a refresh token for subsequent requests, for as long as the initial access token has not expired.
Workflow Structure Scheduled trigger. The workflow is triggered at intervals (e.g., 8:00, 8:15, 8:30). Obtain the initial access token (POST request to /connect/token). The response includes: access_token, refresh_token, expires_in (duration of 1200 seconds), timestamp. subsequent API calls. : Use the refresh_token for authentication.
The first run at 8:00 works fine. However, at 8:15, the workflow runs again and starts with the first codeblock the ‘obtain_access_token’, even if the access token of the previous run did not expire (1200s). This behavior is possible, but actually not allowed. The refresh token should be used instead.
I noticed that authentication can be handled directly at the Resource level with an Auth Workflow, but this feature is available for self-hosted Retool, we are on Retool Cloud.
Another option would be to encrypt the token and store it in a database. This way, I could check its expiration and conditionally request a new token as the first step of the workflow. However, I would like to avoid this if possible.
I am not sure which options I have in Retool Cloud to handle this. Any help/suggestions would be much appreciated.
Thanks a lot. However, I actually did build an AUTH Workflow, similar to your example, when finished I could not run it as we are on Retool Cloud, it was blocked by Retool.
Auth Worflows unfortunately can only be used on Retool Self Hosted.
Looking for any alternative options within Retool.
The API doesn’t support static credentials or long-lived tokens, and I don’t use OAuth, so I need to manage access and refresh tokens. Any other approaches within Retool Cloud that might work? I guess the solution was within the AUTH Workflow, which I cannot use on Retool Cloud...
Custom authentication would be a good solution here, but unfortunately, we don't support user based authentication or custom auth with refresh flows in Workflows yet. This is regardless of self hosted or Cloud infrastructure. I will follow up here if our team ships a feature to support these types of authentication in Workflows
However, updating the values requires the Retool Configurations API (as values cannot be updated dynamically without it), which isn’t available for Retool Cloud users. As the documentation states: "Organizations on the Enterprise plan running on Retool Cloud or self-hosted Retool versions 3.42 and later can use theRetool APIto manage configuration variables."
Unfortunately, this means I haven’t been able to solve the issue yet. Since I also cannot use AUTH workflows, and configuration variables don’t fit this use case, it seems I’ll need to set up an external solution to securely store and update the tokens outside of Retool. I’ll need to discuss internally to determine the best approach for us.
If you have any alternative suggestions, please let me know