Getting the logged-in user on the server

monday Apps & Developers
1

Hi all,

I’m working on an app which can be installed on a board by one person, and then used by anybody in the same account. The problem I’m having is that no matter which account I try to use the board from, my app thinks that it’s the user who originally installed the app on the board who is trying to do the action.

I’ve seen discussions here about getting the user thru the userId option in the trigger (“when column is changed”), but this just returns the installer’s userId. I’ve also seen advice to use the sdk api function to call “me”, but it returns an error, saying that I need to set a token first (and the only auth token I’m able to have access to is one that has the installer’s userId recorded in it).

It seems like there should be a simple solution…I’m on the monday board, I see my picture on the bottom left of the screen indicating that I’m logged in…I change a column…and I should be able to have the system read my userId. But I can’t find how to do this…the only one available is the app installer’s.

Any ideas here?

Thanks,

Moshe

2

hi!

what you need to do is to get the sessionToken in the frontend and then pass that to your backend (typically in an http header) when you do requests. here is an example code snippet:

import mondaySdk from 'monday-sdk-js';

const monday = mondaySdk();

async function getSessionToken() {
  return (await monday.get('sessionToken')).data;
}

async function getFoo() {
  const sessionToken = await getSessionToken();

  const response = await fetch(`https://YOUR-BACKEND.COM/api/foo`, {
    method: 'GET',
    headers: {
      Authorization: `Bearer ${sessionToken}`,
    },
  });

  return await response.json();
}

your backend then needs to extract the sessionToken from the http headers and verify it. the extracted sessionToken also contains the userId. here is an example:

const jwt = require('jsonwebtoken');

const { userId } = jwt.verify(
  getSessionTokenFromHeaders(), // you need to implement this function
  process.env.MONDAY_SIGNING_SECRET
);

console.log('current user id', userId);

hope that helps.

simon

3

Hi, thanks for your reply.

In my case, I’m not trying to get the user on a client, but on the board itself (I’m not sure if this is what you were thinking when you said frontend).

The session token gives the user that originally installed the app, not the user who is currently logged in. I heard that the trigger (using the user output) would give this logged in user (the user that actually triggered the change), but when I try, even that is returning the user that installed the app instead of the user that made the change/logged-in user.

@basdebruin (Current logged In user) had a post where he said that the token behavior was to be expected, as it was responding with the info from the app installation. But it’s the trigger response of that user instead of the user triggering the change that has me puzzled.

Moshe

5

hey @Msh,

i just double-checked this: i logged in as a test user and opened up a board view (provided by a test app) and the userId stored in the sessionToken was the one of the test-user. i then switched back to my main user and opened the board view there and the sessionToken contained the userId of that user. so i was not able to reproduce the behavior you are describing.

in the thread you linked, it’s not clear if they are actually talking about the sessionToken or another token.

simon