if a user has been idle for some period of time and then attempts to query your resource, and their session has expired, the resource returns a 401 or 403 error code. Instead of returning an error, Retool can perform a refresh auth workflow that you define. If the refresh auth workflow is successful, Retool attempts to run the failed query again. Because the user now has a valid authentication session, the second attempt to run the query will succeed and the user can continue using the app without interruption.
does that means if we select "Refresh Auth trigger " as "none", then on every 401 or 403 returned error code, retool will try to refresh token?
because I have selected "time based expiration" (value is 3600 sec), however it seems auth token is not getting refreshed.
or does "time based expiration" trigger means it will refresh after 3600 seconds post any API returns 401 or 403 error code?
@Arvind,
Yes, if you set it to "none", then on every 401 or 403, it should run the refresh workflow. If you set a time, it'll run the refresh workflow each time that time span has passed, regardless of status codes. Are you saying that after one hour (3600 seconds), your token is not being refreshed?
Yes. its not refreshed.
By the way, How can we confirm on app that token is refreshed.
JFYI, even after setting it to "none", token is not refreshing and we are getting error notification.
@Arvind ,
Also, sorry I was wrong...you will not be able to see your token or api call in your network tab. Really I think the only way to confirm is that your api does not return a 401 unauthorized error.
@lindakwoo when hitting "Test auth workflow" or "Test refresh auth workflow" buttons immediately , it works and I am getting token.
But when I am hitting "Test refresh auth workflow" button after sometime like hour or plus.
I am getting "Refresh auth workflow failed: Authentication failure. Missing access token" error.
@Arvind,
This is strange behavior. Are you saying that your "Test refresh auth workflow" button stops working after an hour? Is it just the second attempt that doesn't work? What if you test it and then test it again immediately? Does it work the second time?
@lindakwoo
After a period of inactivity, if the application is idle or the user is logged off from the system, or is actively working in another application (outside the browser where the Retool app is open), the "Test refresh auth workflow" button consistently returns the following error: "Refresh auth workflow failed: Authentication failure. Missing access token."
However, when the user remains active in the same browser and the Retool app is not idle, the "Test refresh auth workflow" button works as expected and successfully returns a token each time.
@Arvind,
This Refresh auth workflow failed: Authentication failure. Missing access token error has to do with your Retool session and not actually the resource refresh access token. Have you set your user session duration in the SSO config to be an hour? If so, the user would have to log back in.
However jst heads up .. We have observed that the access token is actually missing when query is failing with code 401 with response as " Authentication failure. Missing access token"
@Arvind,
I'm pretty sure this error has to do with the access token related to your Retool Session and not the specific query. The accessToken in your cookies is the one from your SSO provider.
