Missing Refresh Tokens on OAuth Request

The refresh_token as outlined in the OAuth documentation is never returned.

const token = await monday.oauthToken(
        code,
        process.env.MONDAY_CLIENT_ID,
        process.env.MONDAY_CLIENT_SECRET
      );

The response is…

{ 
  token_type: 'bearer',
  access_token:'eyJhbGciOiJIUzI1Ni...1lFytwQ66s',
  scope: 'me:read,boards:read,boards:write,users:read,users:write,notifications:write,account:read,updates:read,updates:write,assets:read,tags:read,teams:read,webhooks:write'
}

Both the expires_in and refresh_token are missing as documented at https://monday.com/developers/apps/oauth

 {
   "access_token": "NgeFeX...FEmEka", 
   "token_type": "Bearer",
   "scope": "boards:write boards:read", 
   "expires_in": "2592000", 
   "refresh_token": "NgeFeX...FKoLUka"
}

Thoughts?

Hi @kamescg,

At the moment, this is the correct behaviour.

The access token that is returned is a long life token.

The refresh token will be added at a later date. I don’t have a timeframe on this sorry. However I am sure that we will get notice when this is released

2 Likes

Makes sense. Seems reasonable to document and let people know in the documentation.

Hey @kamescg ! Thanks for reaching out, that’s a great question.

@mitchell.hudson thank you for taking this one on too, I appreciate your help all around the block :slight_smile:

I’ll see what I can do about adding this bit to the documentation as a placeholder for now just for clarity’s sake, at the very least. Thanks for flagging this one!

-Alex