Simply looking for some direction, whether it's a link to the docs or an example:
I want to use Passport to authenticate users using Slack/Passport but only if they belong to my company. So, for example,
olaf@mycompany can log in and view protected assetsishtar@anotherco cannot do either, despite having an account with slackA cursory search found this issue but I couldn't find anything in the docs.
Thanks!
Slack Passport is using the Sign in with Slack feature. It requires users to already have an existing Slack account for your Slack workspace.
So to ensure that only users belonging to your company get access to your web site all you need to do is verify that you receive an access token for the right Slack workspace, e.g. the one of your company. You can check that by comparing the team_id in the access token.
Apparently you can pass a team parameter during the oauth flow as described here. This allows slack to do the id comparison on their end, but it does require the developer to know what their team's id is ahead of time.