OAuth2 errors – Expected object, received array

Camel_Case · February 25, 2025, 7:43pm

We upgrade SH Retool 3.18.1 –> 3.75.25-stable and got OAuth2 errors like:

{"endpoint":{"criticalityTier":"tier1","path":"/api/user","service":"backend","team":"@tryretool/hub"},"error":{"level":"error","msg":"Internal server error: [\n {\n \"code\": \"invalid_type\",\n \"expected\": \"object\",\n \"received\": \"array\",\n \"path\": [\n \"platformLevelAuthSteps\"\n ],\n \"message\": \"Expected object, received array\"\n }\n]","stack":"ZodError: [\n {\n \"code\": \"invalid_type\",\n \"expected\": \"object\",\n \"received\": \"array\",\n \"path\": [\n \"platformLevelAuthSteps\"\n ],\n \"message\": \"Expected object, received array\"\n }\n]\n at get error [as error] (/retool_backend/bundle/main.js:123:12219)\n at r.parse (/retool_backend/bundle/main.js:123:13892)\n at /retool_backend/bundle/main.js:6159:73694\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","type":"INTERNAL_ERROR"},"level":"info","message":{"http":{"method":"GET","request":{"time":0.04685107000172138},"status_code":500,"url_base":"https://<domain>","url_path":"/api/user"},"type":"REQUEST_FINISH"},"organization":{"id":1,"name":"<name>"},"pid":113,"requestId":"7d3931b7453ed4352cfbb80b3b79c7a6","retoolClientVersion":"3.75.25","timestamp":"2025-02-25T19:24:51.473Z","user":{"email":"<mail>o","sid":"<sid>"}}

Why it starts happened? And in which direction should I move for the fix? Maybe some system variables are needed?

WidleStudioLLP · February 26, 2025, 6:24am

Hey @Camel_Case

The error happens because Retool expects platformLevelAuthSteps as an object, but it’s currently an array. You need to check OAuth2 authentication settings in Retool, adjust the format, and verify environment variables. Also, review the Retool documentation for any changes in authentication handling.

Camel_Case · February 27, 2025, 9:02am

Thank you, but I understand what the error message says. This issue has been occurring since version 3.26.16. The changelog information on Retool's website doesn't provide enough insight for analyzing the changes (I don't see links to pull requests, only a basic description of fixes and modifications).

Camel_Case · February 27, 2025, 9:05am

I want to see a response from the API developer.

Camel_Case · February 27, 2025, 10:37pm

An important point I noticed is that when a user is granted admin privileges, the issue disappears.

Camel_Case · February 28, 2025, 7:14am

In the database, in the organizations table, I found the platformLevelAuthSteps column, and it is an array – [ ]. Attempting to change it to an empty JSON – {} completely breaks the authentication for all users (including the admin).

I tested multiple versions of Retool between 3.18.1 – 3.75.25-stable, and each of them stores an empty array in the database by default.

Even if I add something in the authentication settings in the UI, it still gets wrapped in an array – [{"type":"define_variable","defined_variable_name":"accessToken","defined_variable_value":"{{ http1.body.accessToken }}"}]

Camel_Case · March 6, 2025, 12:18am

bean

Tess · March 6, 2025, 4:54pm

Hi @Camel_Case,

Can you share the container logs from around the time of this error?

I'm having trouble locating your account with the email you're using here on the forum. Could you let us know which plan level you're using?

Even if I add something in the authentication settings in the UI, it still gets wrapped in an array – [{"type":"define_variable","defined_variable_name":"accessToken","defined_variable_value":"{{ http1.body.accessToken }}"}]

Can you share a screenshot of the auth settings?

Camel_Case · March 6, 2025, 11:54pm

Thank you! I will most likely be able to provide screenshots next week (UI, log, and a screenshot of the column in the database). Right now, the release candidate of the new Retool version is being tested by the QA team. We are verifying the functionality's integrity. After that, I will be able to modify it again.

Camel_Case · March 10, 2025, 9:57pm

Flow #1 – Simple user:pass auth flow non ADMIN user:

Screen 1 (UI without any changes on workflows)

Screen 2 (table organizations column platformLevelAuthSteps` – empty array)

Screen 3 (Result after Login)

Log error message:

{"endpoint":{"criticalityTier":"tier1","path":"/api/user","service":"backend","team":"@tryretool/hub"},"error":{"level":"error","msg":"Internal server error: [\n {\n \"code\": \"invalid_type\",\n \"expected\": \"object\",\n \"received\": \"array\",\n \"path\": [\n \"platformLevelAuthSteps\"\n ],\n \"message\": \"Expected object, received array\"\n }\n]","stack":"ZodError: [\n {\n \"code\": \"invalid_type\",\n \"expected\": \"object\",\n \"received\": \"array\",\n \"path\": [\n \"platformLevelAuthSteps\"\n ],\n \"message\": \"Expected object, received array\"\n }\n]\n at get error [as error] (/retool_backend/bundle/main.js:123:12219)\n at r.parse (/retool_backend/bundle/main.js:123:13892)\n at /retool_backend/bundle/main.js:6159:73694\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)","type":"INTERNAL_ERROR"},"level":"info","message":{"http":{"method":"GET","request":{"time":0.04685107000172138},"status_code":500,"url_base":"https://<domain>","url_path":"/api/user"},"type":"REQUEST_FINISH"},"organization":{"id":1,"name":"<name>"},"pid":113,"requestId":"7d3931b7453ed4352cfbb80b3b79c7a6","retoolClientVersion":"3.75.25","user":{"email":"<mail>o","sid":"<sid>"}}

Flow #2 – Simple user:pass auth flow non ADMIN user:
Screen 1 (add fake workflow settings)

Screen 2 (table organizations column platformLevelAuthSteps – JSON inside an array)

Screen 3 (Result after Login) – same 500 response error
Log error message: same errors in log "Expected object, received array"

Tess · March 11, 2025, 8:28pm

Hi @Camel_Case,

Thanks - this is very helpful!

Just to confirm, are you looking to use the Authentication upon successful login feature? Were you using it previously? Wanted to check since the first screen doesn't have any auth steps filled out

If you don't want to use the Authentication workflow feature, you can try setting the ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS environment variable to false and restarting the instance to apply the changes.

I'll have to do a bit more digging as to why it stopped working on newer versions If you want to keep the Authentication feature enabled, I'll let you know as I find out more internally about why it isn't currently working

Could you also share how you've deployed Retool and which plan level you're using?

Camel_Case · March 12, 2025, 7:50am

License plan – Business
Retool deployed via Helm-Chart – GitHub - tryretool/retool-helm

The problem is that I initially launched the instance with ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS disabled, and I was still getting the same error upon login.

Then, I started investigating the cause of the issue and found a record in the database. After that, I looked through the documentation to find which parameter was responsible for this record and came across the ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS environment variable.

I enabled it and tried modifying the database record to remove the array, but the issue persisted.

I tried deploying Retool with a completely new database as well as connecting it to a restored backup of the current database—the result is the same.

Tess · March 13, 2025, 10:26pm

Hi @Camel_Case,

Thank you! This is all very helpful.

I recommend trying this as a next step:

Set the platformLevelAuthSteps value to null (rather than [] or {})
Go ahead and also set the ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS env var to false so it doesn't get re-set from null

I think we've narrowed down a change in the codebase that could be leading to the issue you're seeing, so I will be discussing this with our engineering team. However, I am hoping we can still get your instance sorted out in the meantime. The Authentication feature associated with ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS is an older feature that isn't as commonly used, so as long as you don't need the feature, I think we should be able to get your instance into a working state

We were not able to reproduce the issue by simply upgrading between the same version #s that you did, so if the suggestion above does not resolve things, there may be something in your environment contributing to this error. In that case, could you DM me your values.yaml file (with any sensitive values obfuscated) + the version of helm you're running.

Thanks so much for taking the time to troubleshoot this with us

Camel_Case · March 14, 2025, 8:12am

Thank you, the actions you suggested helped. Now I’ve learned that this method is outdated.

Camel_Case · March 14, 2025, 12:05pm

As you can see, the verification method platformLevelAuthSteps is deprecated, but is still being executed and causes an interruption in case of failure. ChatGPT was not aware of this.
This information might be useful for your company when configuring Retool for clients.

Tess · March 14, 2025, 4:09pm

Hi @Camel_Case,
I'm glad to hear! Thanks for confirming! And thank you for working with us on troubleshooting this bug