Hi There,
TLDR: I’m having trouble with the monday OAUTH redirect_uri (post client authorization) as the monday system does not forward the state field as per the documentation.
Currently the Oauth flow setup I have is as follows
- User is directed to the Monday app authrization page where the user clicks Authroize and approves the app’s scoped permissions:
https://auth.monday.com/oauth2/authorize?client_id=<our apps client id>&state=<nonce generated by our system>&redirect_uri=https://<our app>
Note: When this authorization page loads I can see the url changes to a new format i.e.:
https://<subdomain>.monday.com/oauth2/authorize?oauth_payload_token=<jwt formatted token>
I can see the jwt token when decoded clearly contains the state nonce that was passed to monday, suggesting it has been received (for the avoidance of any doubt that it has not).
- When the User clicks Authorize they are redirected to the
redirect_urihowever monday passes the state attribute as a query string parameter without any value i.estate=. According to the Official documentation it should always be passed through when provided.
From the Monday Docs:
An arbitrary value that will be passed back to your app on approval or denial. Use a unique state parameter to avoid forgery attacks and check the value at every step of the OAuth flow. - see under state parameter in table.
I’d love it if this could be resolved quickly as it’s blocking development and is seemingly a very simple mistake in the monday system or something I’ve missed?
Kind Regards,
Alex
