Skip to main content

Invalid signature of board view sessionToken

  • August 23, 2020
  • 3 replies
  • 1745 views
rbabayoff
Forum|alt.badge.img

Hey,

I’m getting an invalid signature error when verifying the session token my board view gets. The token looks ok when I’m logging it. I also regenerated the signing secret, didn’t fix it. Here’s a summary of my code:

import jwt from "jsonwebtoken";
import mondaySdk from "monday-sdk-js";
const monday = mondaySdk();

async function init() {
  const sessionToken = (await monday.get("sessionToken")).data;
  const MONDAY_SIGNING_SECRET = "My signing secret (in client for debug purposes only)";
  const sessionData = jwt.verify(sessionToken, MONDAY_SIGNING_SECRET);
}
    This topic has been closed for replies.

    3 replies

    mitchell.hudson

    Hi @rbabayoff,

    While I don’t think it is documented, the sessionToken is actually encoded using your CLIENT_SECRET key, not the SIGNING_SECRET.

    If you use this key instead, you will be able to get the data you are looking for.

      rbabayoff
      Forum|alt.badge.img
      • rbabayoff
      • Author
      • Participating Frequently
      • August 23, 2020

      Hey @mitchell.hudson, yes that worked. Thanks 🙏 highly appreciated!

      Note to monday team - I’d recommend having docs state exactly which secret to use (client vs signing).

      Cheers,
      Ronen

        AlexSavchuk
        Forum|alt.badge.img
        • AlexSavchuk
        • monday.com Team Member
        • August 25, 2020

        Hey @rbabayoff 👋

        I’m glad @mitchell.hudson was able to clarify this one for us and I totally agree - I’ll pass this as a documentation improvement to the team and we’ll take a further look from there. I appreciate your help to make the docs better for everyone 🙂

        -Alex

          Terms & ConditionsCookie settingsAccessibility statement