Hi Retool Community,
We are experiencing an issue with OAuth 2.0 authentication behavior for one of our API resources in a self-hosted Retool environment.
We have reviewed and validated the resource authentication configuration against the official Retool OAuth 2.0 documentation, and the setup appears to be correct.
Observed behavior:
-
When the access token expires, Retool correctly initiates a token refresh.
-
However, while the token refresh request is in progress, other API requests continue to be sent using the expired access token.
-
These requests receive
401 Unauthorizedresponses. -
After the new token is obtained, the previously failed requests are not automatically retried, and users must manually re-run them to load data.
This behavior is especially noticeable on pages with multiple tables or queries that execute in parallel.
Expected behavior (from our perspective):
- During token refresh, parallel requests should either be queued or retried automatically once the new access token is available, instead of failing with
401.
Questions:
-
Is this behavior expected for OAuth 2.0 resources in Retool, particularly in self-hosted deployments?
-
Is there any configuration option or recommended approach to prevent parallel requests from executing while a token refresh is in progress?
-
Are there known limitations or workarounds to enable automatic retry of failed requests after a successful token refresh?
We’d appreciate any guidance or best practices you can share, as this behavior negatively impacts user experience and leads to avoidable errors.
