Skip to main content

Hey,


I’m getting an invalid signature error when verifying the session token my board view gets. The token looks ok when I’m logging it. I also regenerated the signing secret, didn’t fix it. Here’s a summary of my code:


import jwt from "jsonwebtoken";

import mondaySdk from "monday-sdk-js";

const monday = mondaySdk();



async function init() {

  const sessionToken = (await monday.get("sessionToken")).data;

  const MONDAY_SIGNING_SECRET = "My signing secret (in client for debug purposes only)";

  const sessionData = jwt.verify(sessionToken, MONDAY_SIGNING_SECRET);

}

Hi @rbabayoff,


While I don’t think it is documented, the sessionToken is actually encoded using your CLIENT_SECRET key, not the SIGNING_SECRET.


If you use this key instead, you will be able to get the data you are looking for.

Hey @mitchell.hudson, yes that worked. Thanks 🙏 highly appreciated!


Note to monday team - I’d recommend having docs state exactly which secret to use (client vs signing).


Cheers,

Ronen

Hey @rbabayoff 👋


I’m glad @mitchell.hudson was able to clarify this one for us and I totally agree - I’ll pass this as a documentation improvement to the team and we’ll take a further look from there. I appreciate your help to make the docs better for everyone 🙂


-Alex

Terms & ConditionsCookie settings