Invalid signature of board view sessionToken

Hey,

I’m getting an invalid signature error when verifying the session token my board view gets. The token looks ok when I’m logging it. I also regenerated the signing secret, didn’t fix it. Here’s a summary of my code:

import jwt from "jsonwebtoken";
import mondaySdk from "monday-sdk-js";
const monday = mondaySdk();

async function init() {
  const sessionToken = (await monday.get("sessionToken")).data;
  const MONDAY_SIGNING_SECRET = "My signing secret (in client for debug purposes only)";
  const sessionData = jwt.verify(sessionToken, MONDAY_SIGNING_SECRET);
}

Hi @rbabayoff,

While I don’t think it is documented, the sessionToken is actually encoded using your CLIENT_SECRET key, not the SIGNING_SECRET.

If you use this key instead, you will be able to get the data you are looking for.

1 Like

Hey @mitchell.hudson, yes that worked. Thanks :pray: highly appreciated!

Note to monday team - I’d recommend having docs state exactly which secret to use (client vs signing).

Cheers,
Ronen

1 Like

Hey @rbabayoff :wave:

I’m glad @mitchell.hudson was able to clarify this one for us and I totally agree - I’ll pass this as a documentation improvement to the team and we’ll take a further look from there. I appreciate your help to make the docs better for everyone :slight_smile:

-Alex

1 Like