22 May 2020

Slack OAuth v2

Slack has a new OAuth v2 flow. Here are the major changes:

  • Authorization URL has changed to https://slack.com/oauth/v2/authorize
  • Authentication URL has changed to https://slack.com/api/oauth.v2.access
  • You can now request bot and user scopes within same call by specifying scope and user_scope respectively. Most OAuth libraries allow you to only pass a scope parameter. If however you want to request user scopes as well, find a way to pass the parameter in your library. If your library does not support custom request parameters, one hack would be to add it to the authorization URL: https://slack.com/oauth/v2/authorize?user_scope=identity.basic
  • If you are authenticating as a bot only, meaning you are only passing scope parameters, be sure your library is not using a profile URL that requires user scope/token. Most libraries use https://api.slack.com/methods/users.identity as the profile URL and that method requires identity.scope which is only available to user scopes (user_scope). You have two options. One is to add the user scope identity.scope during the auth request. The other option is to use a profile URL you can access with your bot token. An example of such is users.info (requires users:read bot scope).
  • If you are looking for a Slack OAuth v2 library for Node, check out @kehers/passport-slack.

 

My name is Opeyemi Obembe. I build things for web and mobile and write about my experiments. Follow me on Twitter–@kehers.

Also, subscribe to my newsletter.

 

Next post: Mining my mailbox for top email service providers