REST API does not inherit default headers and query parameters

Hi. I've tried setting up a REST API resource using the OAuth2 Client Credentials grant and added the auth placeholder to the headers in the resource settings. However, this does not seem to work when building a query in an app - the default headers and query params are missing and no call to fetch a token when previewing. Screenshots attached. Thanks for your help!

Looks like this is an UI issue. However, the OAuth token is still not being replaced:

"headers": {
      "User-Agent": "Retool/2.0 (+",
      "Authorization": "Bearer OAUTH2_TOKEN",
      "Accept": "application/json",
      "ot-baggage-requestId": "undefined",
      "x-datadog-trace-id": "4308135198611187610",
      "x-datadog-parent-id": "106807876295940960",
      "x-datadog-sampling-priority": "-1",
      "traceparent": "00-00000000000000003bc992233d93a79a-017b753295d55b60-00",
      "tracestate": "dd=s:-1",
      "X-Retool-Forwarded-For": ""

From inspecting the logs on the server, I do not see the request to fetch an access token. It seems the OAuth2 implementation is broken.

It looks like setting up Custom API authentication doesn't work either.

In the "Define a variable" step, the value {{ http1.body.access_token }} is saved to the variable as a string and is not resolved!

When an Auth Login component is added to an app, the "Custom Auth resource" is empty despite the resource being configured with "Custom Auth" workflow!

The Refresh Token workflow does not work, as the variable {{ http1.body_refresh_token }} is saved as a string in the Auth workflow above and is not resolved and thus the "magic" variable when used in this workflow would be resolved to "{{ http1.body.refresh_token }}" string!

If this is OAuth2 Client Credentials, your initial setup looks correct. If the OAUTH2_TOKEN isn't replaced it means it failed to fetch an access token with the current configuration. Are you sure that it's correct (would also recommend cross-verifying with another API platform like Postman to see it works).

As for Custom Auth, did you run 'Test auth workflow' and see that it succeeded? If the value is still {{ http1.body.access_token }} that means the flow failed and the value was never replaced.

1 Like

Hi Mike. Yes, I tested all the scenarios.