Session token TokenExpiredError

rbabayoff · January 2, 2021, 8:58pm

Hey,

I’m getting quite a lot TokenExpiredError when trying to verify my board view’s session token using my app’s client secret.

For how long is the session token I’m getting using monday.get("sessionToken") valid for, and if it’s expired, how can I get a new one without reloading the board view? Just call monday.get("sessionToken") again?

Thanks,
Ronen
Eazyform

Helen · January 22, 2021, 1:21pm

Hi Ronen,

Great question!

Have you had a chance to check out the “OAuth & Permissions” section of our developers/apps page yet? Here is the page in question: OAuth Reference - monday apps framework.

The section mentions that the authorization code which is generated from an authorization endpoint will expire after 10 minutes. However, access tokens which are different do not expire and will be valid until the user uninstalls your app.

How long are your sessions? It seems the issue here pertains to your authorization code, not the resulting access token?

-Helen

rbabayoff · January 22, 2021, 5:07pm

Helen, I’m intimately familiar with the page you sent me. My question has nothing to do with oauth. Please pass it forward to someone familiar with the subject.

Thanks

Helen · January 22, 2021, 11:19pm

Hi Ronen,

My apologies for misunderstanding your first post!

To clarify: the sessionTokens you were referring to are indeed methods in our SDK. They’re encoded as JWT tokens that return a payload and can be parsed using internal libraries such as jsonwebtoken, jose, etc. etc.

FYI the payload includes an “exp” field, and this is the field that will tell you the time (in epoch) of when the token expires!

Our JWT tokens expire after 24 hours.

For curiosity’s sake, here’s a super helpful website you can also use to decode the JWT token you see: https://jwt.io/.

I hope this helps answer your question.

-Helen

rbabayoff · January 23, 2021, 2:03am

@Helen, thanks for the info, repeating my question from above - how can I get a new one without reloading the board view? Just call monday.get("sessionToken") again?

Also, I’m using the sessionToken I get from monday.get(“sessionToken”) within less than a minute from the moment I get it and still get those errors, which indicates a bug on your end. Do you guys reuse old ones if they haven’t expired?

Thanks,
Ronen