Potential bug in auth flow on Retool Mobile?

I have a Rest API resource setup with custom auth to Azure GraphQL using client credentials flow.

I don't seem to have any issues with it when testing on the desktop or in Edit mode.

I have two users - one is a full admin, and one only has read/use access on certain resources and apps. I couldn't seem to get the resource to Authorize on the mobile app when logged in as the read only user.

I made sure that in the settings the user had full access to use the resource, and the app itself set to 'edit'. No matter what combinations I tried, reloading the app etc. I could not seem to get the Authorization to go through. I finally tried setting the secondary user to 'own' on the permissions page - and now all seems good?

Not sure what 'own' vs 'use/edit' means here. Is this normal? I guess another wrench to throw in is that when testing this from some other users devices before making this change it WAS authenticated - but seemed unreliable. Am I just missing something here?



@msd5079 hard to tell exactly what's going on here. Can you share (1) screens of how your GraphQL Custom Auth is set up, and (2) a screen recording of what it looks like when the read-only user attempts to use the app on mobile? (Feel free to censor any proprietary info)

Hey @bca

Yes, i certainly can - not sure why i didnt in the first place! you guys arent mind readers!

Note that this current config is slightly different - when i was having the issues i was using a time based expiration, not a URL.

Only problem with a screen recording is that i dont want to break the currently working app - but ill work on it!

Thanks for checking into it!


Also - here is one of my users, running a galaxy S20 - gets the below:


Im using an s22 - and it authenticates fine for me, and works as i expect.

Got it, thanks for sharing. We actually currently only officially support OAuth2 resource authentication in the Retool Mobile native client.

However, coincidentally, I shipped a prototype of custom auth this week that I can enable for you if you email me your Retool org name (my email is braden AT retool dot com). Enabling should unblock you here!

Hmmm -

So the resource i have setup now - that is working - is REST API with custom Auth using client credentials flow, are you saying that it should be not functioning at all?

Either way id be happy to test out the new prototype - ill send over my org shortly!