Why (Refresh Auth Workflow) not getting triggered when API responds with 401/403?

CoderNadir · January 23, 2026, 9:26am

can you please share with me the app you created and tested it? so I can see if I can catch something I am missing in my app?

okay, please keep me updated

Jack_T · January 23, 2026, 10:06pm

I just copied your auth setup from the screenshot you shared so there isn't anything you are missing in your set up.

My hunch is that the issue is on the supertokens side of things with how it is handling the auth tokens that are in the cookies of the request.

Could you try updating their "test login url" to use supertoken's /example endpoint, which seems designed to test auth sessions.

Also could you enable the refresh auth trigger again and set to time-based expiry, and set equal to whatever their access_token_validity config value is.

If you could share a screen recording of this that would be very useful!

CoderNadir · January 29, 2026, 3:07pm

Hi @Jack_T

Re 1) ok, nice that my setup seems good.
Re 2) Supertokens requires (sAccessToken, sRefreshToken) as cookies to refresh the session with new tokens ofc, our current issue is that Retool isn’t triggering the Refresh Auth workflow when the API responds with 403/401 and even when we set timer to refresh it, it doesn’t get trigger too
Re 3) Supertokens don’t have an endpoint that we can use in ‘test login url‘ and the URL I set is doing it’s job as expected
Re 4) I already did and currently this is what I am doing

FYI:

I added vars as duplicate submit for cookies to make sure they are there in every request, and still the same issue.
I added a manual refresh and if the token expires and we refresh manually it removes the tokens (access, refresh) from the browser cookies!!!

Jack_T · February 3, 2026, 11:09pm

Hi @CoderNadir,

Thank you for the details.

We can't seem to figure out why the refresh is not being triggered.

Are you able to provision another user(us at Retool) on your Supertokens account so that we can better try to reproduce this with Supertokens?

Would it be possible for you to come to our office hours so we can live debug the resource with you to see if we can either solve this or get a better handle on if a bug is preventing the expected flows to occur? If we can get a recording of your resource set up and show that the tokens are being wiped then we can show to our engineers to try to triage why this isn't working as expected

CoderNadir · February 3, 2026, 11:11pm

Hi @Jack_T I am faaar away from you guys I cannot come to your office!

Jack_T · February 3, 2026, 11:25pm

The office hours are on Zoom!

If you click the link it will have instructions on joining remotely

CoderNadir · February 4, 2026, 10:24am

Oh sorry, Okay I registered a meeting tomorrow

Topic		Replies	Views
Refresh Tokens not being fetched and store by oAuth2.0 or custom Auth 💬 Queries and Resources api , oauth2 , rest-api	9	2259	August 3, 2023
How to connect to AirTable via OAuth? 💬 Queries and Resources	10	4292	May 30, 2024
Bug: GraphQL custom auth workflow stops working until tested 💬 App Building bug	19	389	November 15, 2024
Oauth 2.0 client credentials flow appears to be broken, cannot be inspected or tested 💬 Queries and Resources rest-api	17	1624	October 22, 2025
Retool Consent modal no longer popping 💬 Queries and Resources oauth2 , authentication	12	3149	August 2, 2023

Why (Refresh Auth Workflow) not getting triggered when API responds with 401/403?

Related topics