I'm trying to authenticate a resource using custom auth and the configuration looks like this:
In the 2nd API call, I'm getting auth token as part of cookies (X-Auth) in response which I want to pass as a header (X-Auth) in all further API calls in this resource. I've tried using "Define a variable", and forwarding cookies but nothing seems to work. While trying to define a variable I've tried a lot of perm combinations (http2.headers.Set-Cookie[0], http2.headers.Set-Cookie[0].X-Auth, http2.metadata.headers.Set-Cookie[0].X-Auth).
Retool is forwarding auth header as a plain string instead of substituting it with header value.
"request": {
"url": "https://e16f-171-76-12-25.ngrok.io/***",
"method": "GET",
"body": null,
"headers": {
"User-Agent": "Retool/2.0 (+https://docs.tryretool.com/docs/apis)",
"X-Auth": "TOKEN",
"X-Retool-Forwarded-For": "***"
}
1 Like
Also having this issue. Also noticing that variable interpolation on a custom flow also doesn't work eg. Bearer {{ google1.accessToken }} just sends that raw string as a header
%USER_OAUTH2_ACCESS_TOKEN% syntax as documented in the following page also doesn't work.
https://docs.retool.com/docs/sso-generic-openid-provider#using-the-jwts-obtained-from-the-auth-flow-in-resources
Context: Trying to use the default google sso and forward auth token via a header to backend api
Hi @ishank08, If it's still helpful here, could you share the output of the Test auth workflow? Specifically, it would be helpful to see the response of the API Request step in your custom auth flow to confirm that the X-Auth header is returned as expected!
Hi @chrisui, Could you share a few screenshots of your full auth flow to help us understand your issue?
@everett_smith Attached the screenshot. The actual header name is different from what I posted initially in the question now but the problem remains.
Hi @ishank08, Would you be able to share what you see in http2.headers when you click Test auth workflow?
I'm just hoping to see the structure and not the actual values to make sure that the set-cookie header is being returned as expected. Hopefully that will help us see how to reference the cookie. Then, with 'Forward All Cookies' set, you shouldn't need to define a variable but should just be able to reference the cookie with COOKIE_cookie_name.
If your cookie name is X-HS-IAuth then your header could look like this
