OAuth 2.0 authentication not working for homolog environment

  • Goal: I'm trying to enable OAuth 2.0 authentication for a Google Spreadsheet resource that is currently working on production and staging environments. I get an error while trying to connect via UI on homolog environment (again, both staging and production are fine):

{ "error": "{"statusCode":400,"data":"{\n \"error\": \"invalid_request\",\n \"error_description\": \"client_secret is missing.\"\n}"}", "request": { "url": "www.googleapis.com/oauth2/v4/token", "method": "POST", "headers": { "Content-Type": "application/x-www-form-urlencoded", "Host": "www.googleapis.com", "User-Agent": "Node-oauth", "Content-Length": 276 }, "body": { "grant_type": "authorization_code", "redirect_uri": "https://oauth.retool.com/oauth/oauthcallback", "client_id": "716367306867-d861tjqj92gjb0uphcjt8gu2nvtf6e9t.apps.googleusercontent.com", "client_secret": "---sanitized---", "code": "---sanitized---" } } }

GPT says that I have to override the default Google OAuth client ID and secret for our built-in Google Sheets integration, and says that this is a feature flag that you guys need to set to our account so we can see the options for doing that.

  • Steps: 1) Under Google Spreadsheet resource, try to authorize it via OAuth 2.0 (in my case on Homolog environment, there are other two environments where the authorization is ok: staging and production)

Hi @Interliche,
I have been able to reproduce what is happening to you. This is bug that Retool only allows two environments and I will file a bug report.

As a workaround, you can use Service Account auth instead of Oauth. I have tested this and it works on three environments. Check out these docs and read up on Service Account authorization.

@Interliche ,
When I am filing a bug with engineering, I'd like to be able to explain how this bug has impacted you as an enduser. It would be helpful if you could help me explain why it's important for you to have the use of 3 environments for your Google Spreadsheets resource and prefer to use Oauth as opposed to Service Account for authorization and how this has impacted your work. Thanks very much.

Hey @lindakwoo, we're experiencing the same issue except we only have two environments and only one of them is using the resource.

Has there been a recent update that may have broken the OAuth 2.0 flow with Google?

It's blocking our one of our apps from running that we use daily for our users.

@cadell-montu,
Are you on Retool Cloud?
I just tested my three environments on my Google spreadsheets with Oauth 2.0 and two are working just fine, with the third one broken, as described above. Can you provide me with some more details on what is happening? Is it working for just one of your environments, but not the other? Are you getting the exact same error as the one above?

hey @lindakwoo, thank you for the quick response.

Yes, we're on Retool Cloud. I can refine the steps to reproduce.

Create a new app. Add a table. Click connect data. Select Google Sheets. Observe it says authentication failed and you can hit edit to see the details. Click reauthenticate takes you through the oauth flow and arrives at the same error as above.

That error message is from retool's oauth page, reporting back the error it gets from google. the client_secret and code are sanitised from the page but the error suggests these aren't been sent at all. I suspect if they weren't sanitised they would be blank.

We only have one environment.

Small update @lindakwoo. The issue only seems to be impacting that resource.

If I create a new Google Sheets resource it works.

Do you know why that would be?

@cadell-montu,
Are you creating the new one that works with the same client id and secret?

hey @lindakwoo, I don't specify the client id and secret. where does that happen?

I didn't think I had to because it's using OAuth 2.0 client credentials, with each user logging in themselves.

oh, sorry @cadell-montu , you are right. You are using Oauth. Are you accessing the same google spreadsheets resource? (same user logging in?)

no worries @lindakwoo. The previous Google Sheet resource can't access any spreadsheets with any user, with the same error as above.

The new resource works as expected for all users.

@cadell-montu,
I am filing a bug / feature request on this issue. Thanks for your patience.

No worries @lindakwoo. thank you

It's less urgent now that we have a new working Google Sheet resource

i just hope the same thing doesn't happen to our new resource

Hello @lindakwoo,
I'm having the same issue as described by cadell-montu except that creating a new Google Sheet resource doesn't fix my issue.

Here are steps to reproduce: Create a new app > Add a table > Click connect data > Create a new Google Sheet Resource (to Read & write + share credentials between users):

Go through the Google Oauth Flow > Authentification succeeded for production environment.
On Resources tab > Go to the settings of new created Google Sheet resource > Add the staging environment > Click on 'Save changes'. Go through the OAuth flow again to connect to the staging env:

See error (client_secret & code sanitized):

@Xiway_Banh,
Okay, so it works in your Production environment but not your staging environment? Thank you for reporting this. The bug ticket has been filed!

@lindakwoo thanks for your quick reply.
Yes correct, it only works on Production environment.
Perfect, please keep me updated as we are currently blocked.

Thanks!

@Xiway_Banh,
As a workaround until we get this fixed, you might consider using the Service Account authorization instead. That, or try using google's API.

1 Like