I'm wondering how I can set a cookie from a REST API call (the goal is to then use this cookie on another subdomain). I'm running on-prem retool on dashboard.company.com and I'd like to use the cookie on sub.company.com. I'm making a REST request to an endpoint that sets the cookie (with properties Domain=.company.com ; Path=/; HttpOnly; Secure; SameSite=None ). However, retool doesn't set this cookie in the browser. If I don't set Domain , the cookie gets set (prefixed with ____rmc_____4 ) but it doesn't transfer over to the subdomain.
Hey Anmol! We have a Beta feature flag for on-prem customers to set cookies on the browser level. Could you please email me at julie @ retool.com, and I'll get you enrolled!
@anmolj Was this resolved? I have the same problem where my REST API (Authentication API) sends a Set-Cookie header with properties Domain=.company.com ; Path=/; HttpOnly; Secure; SameSite=None, but Retool sets the cookies (___rmc____7__*) at the domain retool.company.com instead of .company.com and the cookie is not transferred to the subdomain. @royziv
@Kabirdas I tried the above mentioned setting. But, it's still the same. I see that Retool still sets the cookies (___rmc____7__* ) at the domain retool.company.com instead of .company.com and the cookie is not transferred to the subdomain
For anyone who stumbles across this thread - @Prudhvi was able to solve this by making the request directly from the browser by using a fetch request in a JavaScript query
For completion, I also want to add that the environment variable mentioned above enables a particular auth step that can be used to make API requests directly from the browser:
Doing so allows more flexibility when setting cookies. Namely, you should be able to:
Create a resource called “Cookie API” or something similar. The base URL should be a URL that always returns 200
Select custom authentication and add a “Browser API request" step as pictured in the screenshot above
Configure the "Browser API request" step to hit your cookie API
Create an app with an “Auth Login” component
Select the “Cookie API” from the dropdown
Click that button to be authed with the right cookie
One note to go along with this is that, when using the Custom Auth solution, dynamic values from an app cannot be passed directly to the authing resource. While it's possible to add a form step to the Custom Auth flow to accept user inputs this isn't always an ideal solution so it may be worth exploring other avenues like the one Prudhvi took!
Hi,
I've a similar issue with cookie forward prefixed without domain... I can try the fetch but I need my OAUTH2_TOKEN to call my API that set the cookie. But I guess that is not on the browser ?
Hey @Jean-Baptiste_PIN you should be able to get the OAUTH2_TOKEN using custom auth, save it to a variable and then use it in the headers of the Browser request so that you can properly set the cookie.