Request for Authentication Prompt

Hi there, I have a request.

Is it possible to authenticate this session automatically without this authentication prompt on the picture?

The reason is as follows. We are now using RestAPI which needs the authentication. However even if this authentication prompt is displayed, every user can pass this authentication with this "OK" button.
The problem is that if the user who passed this authentication prompt is not authenticated, requests of RestAPI would fail. To prevent from this error, I want to restrict authentication whenever authentication is needed.

For that, I hope you Retool team builds a function with which users are authenticated automatically.
If which is impossible, I hope you remove the "OK" button so every user cannot pass this authentication prompt.

Jumpei.

Hi @jumpei!

In the resource setup for this Rest api resource, what do you have the test url set to? Retool will automatically make a request to the test endpoint to check if it is already authenticated for the user. If the endpoint returns anything other than a 200 code, it will prompt the user to authenticate.

There’s a little more info about the test url in this section: https://docs.retool.com/docs/apis#oauth-20

Alex,
Thank you for your reply.

I already set the test endpoint properly and the prompt is only shown if it is not authenticated.
The problem is that the prompt can be closed with the OK button, so some users may close the prompt without authenticating.
We want to restrict this behavior.

My ideas are below to restrict. Hope you take this into consideration.

  1. Authentication is all done automatically in the background(Even if test endpoint returns anything other than a 200 code)
  2. Disabled or hidden the OK button unless users authenticate.

Jumpei.

Hi Jumpei!

I looked into doing this with a bit of custom css like on How to write custom CSS in Retool!, to hide the OK button but there were some limitations. The confirmation button’s class is shared with the confirmation for deleting components and queries, so it affected that as well. In addition, the confirmation modal can be exited using the escape button.

The next best option I can think of is to run another query inside of retool to that authentication test endpoint, and then disable some of the UI in the app based on that result. Since the resource isn’t authenticated anyways, none of that data would be displayed in the app. This could let you conditionally hide components using their “Hide when true” setting, and to show a notice to the user that this app must be authenticated to be used.

I think for this feature request, we should specifically give an option in the resource setting to something along the lines of “restrict access to apps using this resource if the user is not authenticated”, to force users to authenticate if they want to use the app in any capacity.

Alex,

thank you for your suggestions but both suggestions custom css and creating another query are a bit hassle to implement for each app so I would appreciate if you enhance new option in the resource setting and restrict apps. Just to make sure that my understanding of the feature you said is something like the pictures attached, is that right?

Jumpei.

Yep! This is what I was thinking. If the resource is included in an app, it would need to be authenticated if you want to use that specific app at all.

1 Like

Hi Alex, I’m a member of the team @jumpei belongs to. That’s good to know that our thought are almost same and I hope you take it into consideration as a feature request.

1 Like

I would be happy if you remind me when this request is decided to be in a backlog in your team. Thank you in advace.

Hi @alex-w! Is there any update on this?