Refresh token not passing through into Custom Auth Refresh auth workflow

I initially set up the OAuth2 authentication directly but it wasnt refreshing the token. So I found documentation saying I needed a custom auth flow so this is what I ended up with:

The authentication part at the top works fine and it even shows the debug data with a valid auth token and refresh token.

But then I'm trying to pass that refresh token down to the "Refresh auth workflow" section below it (as shown in the screenshot)

But when testing the refresh workflow it gives the error:

"message": "{"status":"BAD_REFRESH_TOKEN","message":"missing or invalid refresh token","correlationId":"6c9b21d3-f4dd-4d52-84ac-8356d83bfe22"}",
"stack": "Error: {"status":"BAD_REFRESH_TOKEN","message":"missing or invalid refresh token","correlationId":"6c9b21d3-f4dd-4d52-84ac-8356d83bfe22"}\n at handleHttpRequestStepWithExposedEnvReplacements (/retool/backend/transpiled/server/controllers/resourceAuth.js:192:50)\n at runMicrotasks ()\n at processTicksAndRejections (node:internal/process/task_queues:96:5)\n at async processRefreshAuthStep (/retool/backend/transpiled/server/controllers/resourceAuth.js:386:36)\n at async /retool/backend/transpiled/server/controllers/resourceAuth.js:420:27"

It seems like the oauth1 variables are not being exported. What makes me think that is when I open the double curly braces I get an autocomplete of the current_user (which is shown in the debug state from the authentication section, but it does not show the oauth1.

Screenshot 2023-03-02 at 14.35.35

Also when I simply hard code the refresh token by copying it from the debugState and putting it into the refresh_token field and then click the "test refresh auth workflow" button it works as expected and returns a fresh auth_token.

I could also just be missing something. Maybe this is not how to use those exported variables, but I couldn't find any clear examples or documentation. For now I'm just going to hard code the refresh token in there, but it would be great to know if I'm missing something of if this is a bug.


1 Like

Hey @nmajor!

A good first step is to confirm that the variable is being replaced correctly. Can we try switching the URL in the refresh request to be (or another endpoint where we can view the request), in order to confirm that REFRESH_TOKEN_VAR is being replaced correctly?

@nmajor Was this resolved for you? I am also confused as to how I can use a REFRESH_TOKEN variable I defined during the Auth workflow (custom) in the Refresh auth workflow. I've confirmed that the token exists and is being saved as a variable called REFRESH_TOKEN at the end of the Auth workflow, but the variable is not visible from the Refresh auth workflow.

For reference, I am trying to refresh with Firebase:

curl '[API_KEY]' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=refresh_token&refresh_token=[REFRESH_TOKEN]'

(API REST d'authentification Firebase)

Hey Alex! Happy to try helping out here. Would you mind sharing a screenshot of your current resource set up page?