I am using the free version of retool and I created an app with an Auth Login in which users enter their credentials and we validate them in our database. The thing is that once a user is authenticated, it does not ask for credentials to other users. Is there any way that I can ensure that all users must enter their credentials and so I can recognize in my sent data the email of the user who performed any action?
That is odd that users are able to access your app without needing to login
Regardless of authentication method, new users must be added to relevant permission groups to grant them required access. You can either configure the SSO authentication flow to handle this automatically or you can manually configure user permissions.
Check out our docs here for more details on setting up authentication. Users should be required to sign in to access the app, and then for resources that have Auth set up on them, require users to authenticate themselves to run queries on the resource.
You might need to share a video recording of the behavior so I can better understand how users are getting past needing their auth credentials to access app features
Hi, @Jack_T ! I think that it was not clear what I wanted to explain . When I say that they log in without being asked for credentials, I am referring to the Auth Login component that I added to the app, not to the Retool login.
That is, already logged in Retool and the app shows the information but should not because they must first authenticate by entering their credentials from our internal database through the Auth Login component button that asks for username and password but from our backend not from the retool account itself.
So unless the data is protected by configuring auth on the resource that gathers the data, it will be visible. But if the resource is protected with an auth setup it will ask the user to validate before it can be used and accessed.
I hope that makes sense If you are trying to make a custom set up, you would likely need to have a boolean variable that would be used to hide a component until a user correctly logs in with credentials from your database to then flip the boolean and take the hidden components and make them visible!