Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

binding slack user to my app users

See original GitHub issue

Description

HI ,

I’m using you slack/bolt v1.5 to create a slack pp with home tab and i’m using slack user id from ‘app_home_opened’ event to publish home tab and also open model …etc . now to get data from my web app database i need to bind my web app user with slack user . i thought to do the binding while installing slack app ( for example : like google drive slack app installation opened a url for me to authenticate and login by google account) . the issue is that i read about your Outh flow 1- at first when user installs slack app it will send a temp code expires in 10 mins to the predefined redirect_url which will request authorize access to grant an access code .

my question is how to handle a custom url (like the one of google drive ) to users who installs my slack app in order to bind both slack and my web app user’s account .

waiting your reply .

Regards, Marwa

What type of issue is this? (place an `x` in one of the `[ ]`)

bug
enhancement (feature request)
question
documentation related
testing related
discussion

Requirements (place an `x` in each of the `[ ]`)

I’ve read and understood the Contributing guidelines and have done my best effort to follow them.
I’ve read and agree to the Code of Conduct.
I’ve searched for any related issues and avoided creating a duplicate issue.

Bug Report

Filling out the following details about bugs will help us solve your issue sooner.

Reproducible in:

package version:

node version:

OS version(s):

Steps to reproduce:

Expected result:

What you expected to happen

Actual result:

What actually happened

Attachments:

Logs, screenshots, screencast, sample project, funny gif, etc.

Issue Analytics

State:
Created 4 years ago
Comments:15 (7 by maintainers)

Top GitHub Comments

9reactions

seratchcommented, Feb 7, 2020

@MarwaAbuEssa

As Steve mentioned, having the state parameter is not mandatory for directory apps at the moment, but I’m happy to know you’re going to implement it for your app! Let me answer your question below.

can i ask you if i want to add my slack app via app directory (not from my custom installation page ) how to set that state param ? because as i understood from you this param is recommended to be added .

The Slack App configuration page provides your app’s slack.com/oauth/v2/authorize (or slack.com/oauth/authorize for classic apps). It doesn’t have the state parameter because the value should be unique per request.

A common way to support the state parameter would be having a kind of entry point of your Slack app OAuth flow as below.

[Step1]: (Your App) The OAuth flow entry point: https://your-domain/slack/installation
- You set this URL to Basic Information > Installing Your App > Install from App Directory > Direct install URL (also, if you use the Add to Slack button link, modify the URL the button links to)
- This endpoint generates https://slack.com/oauth/v2/authorize URL with client_id, scopes, and state parameters
- This endpoint stores the state value on the server-side
- This endpoint redirects a user to the generated URL
[Step2]: (Slack) https://slack.com/oauth/v2/authorize
- Slack server redirects the user to Slack’s OAuth confirmation page
[Step3]: (Slack) The user confirms the installation on the page
- Slack server redirects the user to your redirect_uri under https://your-domain
- The redirection adds two query params to the URL - code and state
[Step4]: (Your App) redirect_uri (say https://your-domain/slack/oauth/callback)
- This endpoint verifies the state parameter first
- Then, this endpoint calls oauth.v2.access (or oauth.access) with the code parameter
- Lastly, this endpoint redirects the user to your app’s landing pages
[Step5]: (Your App) completion/cancellation pages

I hope this guide is helpful to you. If it’s clear now, would you close this issue? Thanks for asking questions here. I’m sure this thread will be helpful for others too!

2reactions

sagar-ranglanicommented, Jan 26, 2021

Is this simpler to do now in boltjs 3.1?

I too wish to:

bind slack user to my app’s user (my app is the oauth2 provider)
save my app’s access tokens for future use (best would be store in a database like DynamoDB)
Do everything in one boltjs app including handling oauth2 redirection to store access tokens.

Any help in this regard would be highly appreciated. Any doc that explains this would be awesome! Thank you very much.