Session token TokenExpiredError

Hey,

I’m getting quite a lot TokenExpiredError when trying to verify my board view’s session token using my app’s client secret.

For how long is the session token I’m getting using monday.get("sessionToken") valid for, and if it’s expired, how can I get a new one without reloading the board view? Just call monday.get("sessionToken") again?

Thanks,
Ronen
Eazyform

Hi Ronen,

Great question!

Have you had a chance to check out the “OAuth & Permissions” section of our developers/apps page yet? Here is the page in question: OAuth Reference - monday apps framework.

The section mentions that the authorization code which is generated from an authorization endpoint will expire after 10 minutes. However, access tokens which are different do not expire and will be valid until the user uninstalls your app.

How long are your sessions? It seems the issue here pertains to your authorization code, not the resulting access token?

-Helen

Helen, I’m intimately familiar with the page you sent me. My question has nothing to do with oauth. Please pass it forward to someone familiar with the subject.

Thanks

Hi Ronen,

My apologies for misunderstanding your first post!

To clarify: the sessionTokens you were referring to are indeed methods in our SDK. They’re encoded as JWT tokens that return a payload and can be parsed using internal libraries such as jsonwebtoken, jose, etc. etc.

FYI the payload includes an “exp” field, and this is the field that will tell you the time (in epoch) of when the token expires!

Our JWT tokens expire after 24 hours.

For curiosity’s sake, here’s a super helpful website you can also use to decode the JWT token you see: https://jwt.io/.

I hope this helps answer your question.

-Helen

@Helen, thanks for the info, repeating my question from above - how can I get a new one without reloading the board view? Just call monday.get("sessionToken") again?

Also, I’m using the sessionToken I get from monday.get(“sessionToken”) within less than a minute from the moment I get it and still get those errors, which indicates a bug on your end. Do you guys reuse old ones if they haven’t expired?

Thanks,
Ronen

Hi Ronen,

Hmm no-- I don’t believe that would work.

I just tested this out on my end, and a new monday.get(“sessionToken”) would merely return the same session token. As I understand it, you can only get a new sessionToken upon reloading.

Regarding your second question about reusing old tokens-- yes, we will keep using the same sessionToken until a new one is required after 24 hours.

Do you mind sharing a bit more about your process here, and what you’re trying to do? For instance, why are you using your client secret to verify when using our SDK?

Thanks for walking me through it :).

-Helen