Unable to capture cookies received while authenticating a resource

ishank08 · April 20, 2022, 7:29am

I'm trying to authenticate a resource using custom auth and the configuration looks like this:

In the 2nd API call, I'm getting auth token as part of cookies (X-Auth) in response which I want to pass as a header (X-Auth) in all further API calls in this resource. I've tried using "Define a variable", and forwarding cookies but nothing seems to work. While trying to define a variable I've tried a lot of perm combinations (http2.headers.Set-Cookie[0], http2.headers.Set-Cookie[0].X-Auth, http2.metadata.headers.Set-Cookie[0].X-Auth).

Retool is forwarding auth header as a plain string instead of substituting it with header value.

  "request": {
    "url": "https://e16f-171-76-12-25.ngrok.io/***",
    "method": "GET",
    "body": null,
    "headers": {
      "User-Agent": "Retool/2.0 (+https://docs.tryretool.com/docs/apis)",
      "X-Auth": "TOKEN",
      "X-Retool-Forwarded-For": "***"
    }

chrisui · May 9, 2022, 3:48pm

Also having this issue. Also noticing that variable interpolation on a custom flow also doesn't work eg. Bearer {{ google1.accessToken }} just sends that raw string as a header

%USER_OAUTH2_ACCESS_TOKEN% syntax as documented in the following page also doesn't work.

Context: Trying to use the default google sso and forward auth token via a header to backend api

everett_smith · May 24, 2022, 10:13pm

Hi @ishank08, If it's still helpful here, could you share the output of the Test auth workflow? Specifically, it would be helpful to see the response of the API Request step in your custom auth flow to confirm that the X-Auth header is returned as expected!

everett_smith · May 24, 2022, 10:14pm

Hi @chrisui, Could you share a few screenshots of your full auth flow to help us understand your issue?

ishank08 · May 27, 2022, 2:44pm

@everett_smith Attached the screenshot. The actual header name is different from what I posted initially in the question now but the problem remains.

everett_smith · June 2, 2022, 1:05am

Hi @ishank08, Would you be able to share what you see in http2.headers when you click Test auth workflow?

I'm just hoping to see the structure and not the actual values to make sure that the set-cookie header is being returned as expected. Hopefully that will help us see how to reference the cookie. Then, with 'Forward All Cookies' set, you shouldn't need to define a variable but should just be able to reference the cookie with COOKIE_cookie_name.

If your cookie name is X-HS-IAuth then your header could look like this