Retool Mobile OAuth callback fails on Android - CSRF error on oauth.retool.com

Nolunga_FARO · February 9, 2026, 4:45pm

My goal:
Authenticate users via OAuth (Zitadel OIDC) in our Retool Mobile app on Urovo DT50 Android warehouse scanners.
Issue:
OAuth callback to oauth.retool.com/oauth/user/oauthcallback fails with "CSRF DETECTED" error - but ONLY on Android Retool Mobile app.
Works: iPhone Retool Mobile app
Works: DT50 browser (web app)
Fails: DT50 Retool Mobile app → CSRF error
Steps I've taken to troubleshoot:

Enabled refresh tokens in Zitadel OAuth client
Tested multiple browsers (Chrome, Firefox, incognito) - same issue
Cleared app cache and data
Verified Android System WebView is up to date
Checked App Links verification - found only retool.com is verified, NOT oauth.retool.com

Additional info:

Cloud (Retool Cloud)
Android 13 on Urovo DT50 scanner
Zitadel OIDC authentication
Retool Mobile latest version
Hypothesis: oauth.retool.com is not registered as a verified Android App Link, so the OAuth callback doesn't redirect back to the Retool Mobile app correctly on Android.
Is there a way to get oauth.retool.com added as a verified Android App Link?

ChiEn · February 11, 2026, 8:17pm

Hello @Nolunga_FARO, welcome to the Community! And thanks so much for reporting this! I have reached out to our engineers internally and will get back to you as soon as I hear back.

Topic		Replies	Views
How to authenticate a Oauth2.0 resource in Retool mobile? 💬 Mobile	6	103	February 27, 2025
Gmail API + OAuth 2.0 - second auth flow does not save access/refresh token 💬 Queries and Resources bug , api , oauth2 , rest-api	5	84	December 15, 2025
Retool App on Z-Fold Samsung 💬 Mobile	8	99	December 23, 2024
Retool Android mobile app crashing on update to v3.191.0 💬 Mobile bug	8	237	June 9, 2025
Login / auth issues on mobile app 💬 Mobile	12	942	September 19, 2024

Retool Mobile OAuth callback fails on Android - CSRF error on oauth.retool.com

Related topics