0

I'm trying to grab some conversation histories from slack using the Node API, and at the moment I'm struggling slightly with permissions. To read private channels etc, I believe I need to make all requests to with a X-Slack-Use. But before I can do that, I need to get the user to authenticate the application.

I've created a new Slash command, /digest which makes a request to my application. I then need to issue the following to request permissions:

const response = await this.slackWebClient.apps.permissions.request({
      token: ...,
      scopes: ["channels:history", "channels:read", "groups:history", "groups:read", "im:read"],
      trigger_id: triggerID,
      user: userID,
});

My difficulty I think is getting the correct token. The request that comes in has a token:

[Object: null prototype] {
      token: 'yM....R',
      team_id: 'TD.....E',
      team_domain: '...',
      channel_id: 'CF.....B',
      channel_name: 'email_digest_test',
      user_id: 'UD.....Y',
      user_name: 'Ian',
      command: '/digest',
      text: '',
      response_url: 'https://hooks.slack.com/commands/TD.....E/55....62/cw....Eq',
      trigger_id: '553.....45......6.bb.............719' }

However if I attempt to use this I get an Error:

code: slackclient_platform_error, error: invalid_auth

If I attempt to use my application OAuth token xoxp-45......................... then I get an

code: slackclient_platform_error, error: not_allowed_token_type

Can anyone spot what I might be doing wrong here?

Ian
  • 33,605
  • 26
  • 118
  • 198

1 Answers1

1

The response you posted is from the slash command request, not from a call to the Oauth API. It contains a property called token, but that is not an Oauth token, but a so called verification token. The verification token is used to verify the authenticity of any request coming from Slack (as opposed to Oauth tokens, which are used to authenticate requests from from your app to the API).

See here for a more detailed explanation of the verification token.

To authenticate your app and get an Oauth token you need to follow the Oauth process described here.

Also, in general I would advise against using the API endpoints that only work with workspace tokens like apps.permissions.request. Workspace apps and tokens never completed the beta phase and are now officially legacy. It can be a bit confusing, since they are still listed in the official list of all API methods. But they all have the "Developer preview has ended" disclaimer.

Erik Kalkoken
  • 30,467
  • 8
  • 79
  • 114
  • 1
    Thanks for the explanation about the `token` field, I didn't know I could check the originator was slack using it. I was aware that the first bit was the slash response - off the back of that using the `trigger_id` to request user permissions approval. My app already has a Toronto I generated - is that different to the OAuth one? If so can I get the OAuth one from the node SDK? The stuff I read on here suggested I need an `apps.permissions.users.request` which actually seems to be missing (from here using using the permissions API https://api.slack.com/docs/working-for-users) – Ian Feb 17 '19 at 14:49
  • 1
    I am happy to help you with all your question, but I am afraid that is a bit too much to answer via comments. Would suggest either updating your question or closing this one and post a new question. One general remark: Would advise using workspace tokens (see your link), which are now legacy and never left the beta phase. Use normal tokens, which you get from the link in my answer. – Erik Kalkoken Feb 17 '19 at 15:08
  • 1
    Thanks Erik, yeah happy to ask some more questions. I'm finding there's a ton of options and approaches in the slack API - it's hard actually finding the right question to ask at the moment! I'll have a read of your link and see how I go. – Ian Feb 17 '19 at 15:20
  • 1
    Thanks for adding the point about the Developer preview bit to the answer - I might suggest they drop them from the official docs as you're right, it is a little confusing. With the sea of information I'm trying to absorb, it's easy to miss that disclaimer! – Ian Feb 17 '19 at 20:36
  • I added a follow up question - but you'll probably see it anyway. Seems like you're following the slack tag pretty closely! https://stackoverflow.com/questions/54748535/slack-api-not-returning-private-channels – Ian Feb 18 '19 at 13:44