Retool token expires and doesn't auto-refresh tokens causing resource disconnection

💬 Queries and Resources
1

  1. My goal:

    • Diagnose why refresh tokens are being invalidated despite the "until revoked" setting.
    • Recommend any Retool-side or Salesforce-side configuration changes to ensure persistent connectivity.
    • Advise on best practices for maintaining long-lived integrations with Salesforce via Retool.

  2. Issue: Our Retool Project Board integration with Salesforce is experiencing recurring token expiry issues. The SFDC refresh token, configured as "valid until revoked," is being invalidated by Salesforce after several days (typically weekly), causing the integration to break until we manually re-authenticate using our service account. This prevents Retool from auto-refreshing the access token, resulting in production disruptions.

    No changes have been made to the Salesforce app config, and the integration worked reliably for years until this started a few months ago. We’ve confirmed the Salesforce Connected App is set to allow refresh tokens indefinitely, and there are no obvious config errors. The pattern suggests Salesforce is revoking the refresh token unexpectedly, not due to explicit admin action.

  3. Steps I've taken to troubleshoot:

    • The team confirmed that Salesforce is expiring the refresh token after a set period, which prevents Retool from auto-refreshing the access token.
    • Attempts were made to find a Salesforce configuration that would keep the refresh token alive indefinitely and allow Retool to refresh the access token silently.
    • The Salesforce Connected App was reviewed and is set to "refresh token is valid until revoked," which should prevent automatic expiry unless manually revoked.
    • The integration was stable from 2022 until a few months ago, when the recurring expiry began.
    • No configuration issues were found on the Salesforce side after multiple reviews.
    • The team is monitoring for a pattern and noted that expiry typically occurs on Mondays.
    • Manual re-authentication has been used as a temporary workaround.
    • The suggestion was made to contact Retool support for further guidance, as no root cause has been identified on the Salesforce side.

    No evidence of explicit admin revocation or config changes was found, and the issue appears to be new and recurring despite a previously stable setup.

  4. Additional info: (Cloud or Self-hosted, Screenshots)

4

Hey @Aditya_Sharma, thanks for the detailed write-up, this gives a good starting point! :folded_hands:

Before diving into recommendations, a couple of quick questions to make sure we're looking in the right place:

  1. Are you on Retool Cloud or self-hosted? If self-hosted, what version?
  2. Can you share the specifics of how your resource is configured? If you could share a screenshot that would be awesome, feel free to redact any private and confidential information if needed.
5

Hi @ChiEn ,

Retool support team reached out to me in another thread and helped me get this resolved. I appreciate the help and check in.

6

Sounds good, I saw that Kenny was able to help you out! :raising_hands: