-
Goal: OAuth2 with Client Credentials Flow uses new token after expiration (instead of continuing to send the expired token to my API)
-
Steps: I have tried adjusting the access token lifespan on the connection details in Retool to a shorter value, logging-out and in again (didn't expect that to work, but why not).
-
Details: Retool is successfully passing the JWT in my
authorizationheader, but on my API side the verification of the JWT says that theexpiredAttimestamp is in the past. This is using the client credentials flow, and my understanding is that Retool should just request a new token. I'm unable to find a way to refresh a token using the client credentials flow.
Hi @Daniel_Clarke!
I can't even get the client credentials flow to work at all! I think I have everything set up correctly, but do not think the token is being set in the header. Do you mind sharing some screenshots of your API configuration?
I have some screenshots of my setup in this post: OAuth 2.0 Client Credentials Flow
For the time being, I am working around it by calling for a token refresh periodically and setting it as a variable in my header (just skipping OAuth completely)
Set my authentication token retrieval to run periodically... After it runs I save the token to a variable
Reference the variable in subsequent calls
Hey @Daniel_Clarke, if you Enable an auth verification endpoint on the resource, do you notice any difference? A 200 response from that endpoint should indicate that the token is valid, anything else should trigger the auth flow again to retrieve a new token. Let me know if that gives you any different behavior.
@Jessica_D I'll take a look at your other post now as well.