Slack Requesting Permissions for a User
Question
I'm trying to grab some conversation histories from slack using the Node API, and at the moment I'm struggling slightly with permissions. To read private channels etc, I believe I need to make all requests to with a X-Slack-Use . But before I can do that, I need to get the user to authenticate the application.
I've created a new Slash command, /digest which makes a request to my application. I then need to issue the following to request permissions:
const response = await this.slackWebClient.apps.permissions.request({
token: ...,
scopes: ["channels:history", "channels:read", "groups:history", "groups:read", "im:read"],
trigger_id: triggerID,
user: userID,
});
My difficulty I think is getting the correct token. The request that comes in has a token:
[Object: null prototype] {
token: 'yM....R',
team_id: 'TD.....E',
team_domain: '...',
channel_id: 'CF.....B',
channel_name: 'email_digest_test',
user_id: 'UD.....Y',
user_name: 'Ian',
command: '/digest',
text: '',
response_url: 'https://hooks.slack.com/commands/TD.....E/55....62/cw....Eq',
trigger_id: '553.....45......6.bb.............719' }
However if I attempt to use this I get an Error:
code:
slackclient_platform_error, error:invalid_auth
If I attempt to use my application OAuth token xoxp-45......................... then I get an
code:
slackclient_platform_error, error:not_allowed_token_type
Can anyone spot what I might be doing wrong here?
1 answers
solution1
1 ACCPTED 2019-02-17 11:20:41
The response you posted is from the slash command request, not from a call to the Oauth API. It contains a property called token , but that is not an Oauth token, but a so called verification token . The verification token is used to verify the authenticity of any request coming from Slack (as opposed to Oauth tokens, which are used to authenticate requests from from your app to the API).
See here for a more detailed explanation of the verification token.
To authenticate your app and get an Oauth token you need to follow the Oauth process described here .
Also, in general I would advise against using the API endpoints that only work with workspace tokens like apps.permissions.request . Workspace apps and tokens never completed the beta phase and are now officially legacy. It can be a bit confusing, since they are still listed in the official list of all API methods. But they all have the "Developer preview has ended" disclaimer.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.