OAuth 2.0 with Password Credentials Grant Type

I want to connect the Elation API which uses OAuth 2.0 with password credentials.

I've connected successfully via Postman before.

Additionally you can generate an access token by posting to the token endpoint and including grant_type=password, client_id, client_secret, username, and password in the body.

It looks like the retool OAuth 2.0 only supports server side and client credentials. So I'm guessing I'd need to use Custom Auth.

I'm a bit stuck here though. My first instinct was to use an API Request as my first Auth workflow step. When I add the POST request to the workflow I get an error "Action only supports GET".

I'd appreciate any guidance here.


Hi @henrymeiklejohn, Can you take a screenshot of the error you see on Retool? I wonder if that's an error returned by your server, not a Retool error. If you try to use "GET" method instead of "POST" method, does the error go away?

Hi @Harry_Doan.

Here is the error with POST

And with GET:

CleanShot 2024-03-28 at 15.27.41

I don't think GET is doing anything though. I don't see any response data. And if I use GET from Postman I'll get a 405 error.

@henrymeiklejohn And what does your custom auth config look like? This does look like an error returning from the external system and not from ours.

Confirmed with curl that that end point only supports GET method

* Connection #0 to host sandbox.elationemr.com left intact
Action only supports GET%

I think your requests succeeded and you would get the token in the http1 object in the response. You should expand it to see what it contains. For custom authentication flow, you have to manually extract the token out and set up the HTTP request to use it in its header. Please refer to the link here to see how to set up a custom authentication: Custom API authentication | Retool Docs

Hi @Harry_Doan. I just discovered that this API now supports Client Credentials. So looks like I can use actual OAuth2.0 setup rather than custom.

I'm still having a bit of trouble though. It looks like the token is probably being added to my requests because I see the Authorization header sanitized, but I'm getting "Authentication credentials were not provided" as a response. Could you help me troubleshoot this setup please?

Never mind actually, I figured out the problem. My client secret was mis-entered. All set on this for now.

1 Like

@henrymeiklejohn Sounds good! I'm glad it's working for you!