Turns out this doesn’t work and I get “invalid signature”. However, if I use the Client Secret instead, then it works fine.
Am I misunderstanding anything? I thought that in order to validate in the backend if the request is valid, I should use the signing secret to validate the token. Or am I using the wrong token for this?
That doesn’t change the result. I wasn’t using the environment variable just because I was trying. You can consider I had the correct keys on the MONDAY_SIGNING_SECRET variable that I mentioned on the original question.
The point is: is it expected to be able to verify the JWT token in the backend that I got from monday.get("sessionToken") using the Client Secret, or it should work with the Signing Secret instead?
Hey there @v-appgami Thanks for raising this question and providing context to what you are trying to achieve, as well as the issues you are having in the process. That really helps
@TMNXT-Dev thanks for jumping in and sharing your expertise! I appreciate the help.
That said, @v-appgami - this is something I’ll have to check over with the team and then get back to you as soon as I get further updates from them. I hope that works for you!