2

Everything I see around slack bot say that a bot cannot post within a conversation it's not been invited to.
➡️ However, why /giphy or simple poll (/poll) can post in PM (one to one) OR in a conversation where the bot has not been added to?

  • The current permissions are chat:write,commands,files:write
  • The oauth token is a "Bot User OAuth Access Token"
  • The plan is to support the Add to slack and to distribute the app.

Functionality wise, it support a /command and post file to a conversation.

The bot can:
- receive the oauth token uppon app install (via add to slack)
- delete ephemeral messages
- post a file only where it's been added too, which suck because the bot does not need to read any message within anything.

Code of the bot here

If the bot is not invited too, the answer is either channel_not_found or not_in_channel.

What am I missing?

Hugo Gresse
  • 17,195
  • 9
  • 77
  • 119

1 Answers1

0

It is correct that bots in general can only post messages to channels they are invited to. However, there are two exceptions:

  1. Bots can inherit the rights of the installing user. So bots can post to every private channel the installing user is a member of (including direct message channels).

  2. Slash commands work differently. If a user issues a slash command from a channel the bot can reply to that slash command. That works for every channel and does not require the bot to be invited. Those replies are normal Slack messages, so the can contain all kind of message features incl. image attachments or blocks with images.

A common pattern to give bot full access to private channels is the following:

  • User starts the bot with a slash command
  • Bot checks if it has full access to the current channel
  • If not it asks the user to invite it to that channel
Erik Kalkoken
  • 30,467
  • 8
  • 79
  • 114
  • thanks for the quick reply. So the option 2. "Slash commands work differently. If a user issues a slash command from a channel the bot can reply to that slash command. That works for every channel and does not require the bot to be invited." That would imply using the response_url of the received command right? Is there any permissions that I should add? – Hugo Gresse Apr 17 '20 at 14:16
  • You can reply both directly to the request from slash within 3 secs or send a request to `response_url` both works. – Erik Kalkoken Apr 17 '20 at 14:25
  • No, you only need the `commands` scope bot your bot that is required for all slash commands. – Erik Kalkoken Apr 17 '20 at 14:26
  • I can't see in the doc how to upload a file using response_url Also, using response_url the message is posted as ephemeral, not visible to all users within a conversation no? – Hugo Gresse Apr 17 '20 at 14:50
  • You can not upload files that way, because that requires your bot to have full access to the channel. Does not work through slash response. – Erik Kalkoken Apr 17 '20 at 16:02
  • :( is there a way for private message (not private group) to have a specific permisson? – Hugo Gresse Apr 17 '20 at 16:13
  • sorry, but not sure what you mean by "specific permission". In general you always need to invite a bot (or user) to get access to a private channel. There is no permission or scope to circumvent that. That is how Slack's security architecture is designed. – Erik Kalkoken Apr 17 '20 at 16:33
  • how is giphy doing then? a gif is still a file – Hugo Gresse Apr 17 '20 at 20:20
  • giphy is not uploading any files to Slack it just provides an image attachment to a message. Those also work fine with responses to slash commands. Image attachment work with every public image URL. The image itself is still stored on giphy.com – Erik Kalkoken Apr 17 '20 at 21:24
  • I have added the bit about images to the answer. If you feel this post now sufficiently answers your question please consider marking it as solution. TY – Erik Kalkoken Apr 18 '20 at 14:51
  • I'm trying to see if I can make an Embed player so Slack can unfurl it as soundcloud and youtube. – Hugo Gresse Apr 18 '20 at 17:07
  • Sounds great. I think this question has been answered. Please feel free to post more question if you need assistance on other topics. – Erik Kalkoken Apr 18 '20 at 17:34