OAuth flow on client and backend

I’ve got the OAuth flow working fine on my client app but I realized I’ve got the client secret in the client and that’s no good so I’m moving some logic to my backend.

Currently I’m making the authorization request from the client and then sending the code to the backend. The backend makes the same exact token request as the client was making successfully but it gets returned with a 500 status, ‘Internal Service Error’.

I’ve checked everything several times for typos and formatted the request different ways. So my guess is that the token request has to come from the same origin as the authorization request. Is this right?

Also, I can’t find much information on the client secret itself. Is it really a secret? The 'OAuth and Permissions" doc describes the entire OAuth process as happening on a client, leaving out securing the client secret. If this is something that I don’t actually have to worry about I’d just as well let the client handle the entire OAuth flow.

Hello there @Janssen,

Would you be able to please send an email to appsupport@monday.com so we can take a look into this from there?

If you could include a screen recording that shows your app’s configuration, your script and the steps you are taking and the error you are seeing, that would be fantastic.

See you over there!


1 Like

Sure, I’d be happy to.

@Matias.Monday In the process of making a screen recording I realized the problem was my own; I forgot to complete the oAuthUrl with “/token”.

Please feel free to delete this post after you see this. I’m so sorry to waste your time due to my own incompetence!

Hello again @Janssen,

It is great that you found the issue!

No worries! I am glad I could be useful as a rubber duck :sunglasses: