REST API does not inherit default headers and query parameters

SrihariThalla · December 14, 2023, 10:41am

Hi. I've tried setting up a REST API resource using the OAuth2 Client Credentials grant and added the auth placeholder to the headers in the resource settings. However, this does not seem to work when building a query in an app - the default headers and query params are missing and no call to fetch a token when previewing. Screenshots attached. Thanks for your help!

SrihariThalla · December 14, 2023, 2:22pm

Looks like this is an UI issue. However, the OAuth token is still not being replaced:

"headers": {
      "User-Agent": "Retool/2.0 (+https://docs.tryretool.com/docs/apis)",
      "Authorization": "Bearer OAUTH2_TOKEN",
      "Accept": "application/json",
      "ot-baggage-requestId": "undefined",
      "x-datadog-trace-id": "4308135198611187610",
      "x-datadog-parent-id": "106807876295940960",
      "x-datadog-sampling-priority": "-1",
      "traceparent": "00-00000000000000003bc992233d93a79a-017b753295d55b60-00",
      "tracestate": "dd=s:-1",
      "X-Retool-Forwarded-For": "82.135.82.236"
    }

SrihariThalla · December 15, 2023, 8:23am

From inspecting the logs on the server, I do not see the request to fetch an access token. It seems the OAuth2 implementation is broken.

SrihariThalla · December 15, 2023, 10:41am

It looks like setting up Custom API authentication doesn't work either.

In the "Define a variable" step, the value {{ http1.body.access_token }} is saved to the variable as a string and is not resolved!

When an Auth Login component is added to an app, the "Custom Auth resource" is empty despite the resource being configured with "Custom Auth" workflow!

The Refresh Token workflow does not work, as the variable {{ http1.body_refresh_token }} is saved as a string in the Auth workflow above and is not resolved and thus the "magic" variable when used in this workflow would be resolved to "{{ http1.body.refresh_token }}" string!

Mike_Wang · December 15, 2023, 9:07pm

If this is OAuth2 Client Credentials, your initial setup looks correct. If the OAUTH2_TOKEN isn't replaced it means it failed to fetch an access token with the current configuration. Are you sure that it's correct (would also recommend cross-verifying with another API platform like Postman to see it works).

As for Custom Auth, did you run 'Test auth workflow' and see that it succeeded? If the value is still {{ http1.body.access_token }} that means the flow failed and the value was never replaced.

SrihariThalla · December 16, 2023, 8:41am

Hi Mike. Yes, I tested all the scenarios.