I am creating a slack bot app like geekbot. In the geekbot it is able to broadcast standup messages on behalf of the user. But as a regular user, I did not allow any access to the bot. I understand that the admin can allow the "post as me" scope.
In that case, does the bot get access to all user's access tokens in that workspace? If not then how is it able to post as me?
Related
What's the difference between Slack bot and app tokens, not in terms who and how they are given to (I really don't care) but in terms of their respective usage power. On OAuth and Permission page they can be given equal permissions/scope - so which one should I use? Also, when I post a message with a bot token it appears to be from the "app" and when I use an "app/user token" - it comes from the app bot, is that how it's supposed to be?
On the "OAuth and Permissions" page, as you said, there are two tokens. Bot User token and OAuth User.
One starts with "xoxb-"; the other one starts with "xoxp-".
The main difference on them is the abilities they have.
If I give to both tokens the scope chat:write and then use them on the API chat.postMessage, there's a difference. Bot tokens will post the message as the app, and you will see the message in the app's home tab. Instead, if you use the OAuth access token, the app will impersonate you (meaning another users won't be able to tell the difference between you and the app). This token also needs to be authorized by the user in question, otherwise you won't be able to use it
I want to provide a bot that can only be accesible for certain users within a company. How should I go about that?
Different Channels
Skype for business
I guess this narrows down the problem to only identify the subset of the users as all the users in Skype for business would be from the organization.
MS Teams
Is this similar to the previous case? I understand that anyone with the bot id could chat with the bot.
Other non company restricted channels
I guess with this one the bot will always be exposed to external accounts and I'll need to authenticate before answering any message.
Authentication
How would this work? Would I store a token for each user for each channel were they login? With that check the ADD for attributes in order to decide what to provide to that user?
Unfortunately, there is no way to restrict access to a bot - it will be visible to all users. You will need to build authentication into your bot to limit who can communicate with it. There is documentation you can read for Adding authentication to your bot via Azure Bot Service or to Authenticate requests via Direct Line API 3.0 (also available via Direct Line API 1.1) by use of tokens. You would use this to authenticate AAD credentials.
Imagine I have a Slack app. After someone logs in with his or her Slack account,
I get their team ID.
Is it possible to use this team ID to get a list of all users that belong to
the same team as the logged in one?
What I tried
I looked at the users.list request
in the Slack docs, but it appears that it returns only those users who are in
the same team as me (i. e. I can get a list of my colleagues, but not those of
another user). In particular, there is no way to specify the team id.
Yes, that is possible. The Slack team is linked to the access token you use for users.list. If you use your own access token, you will of course only get the users from your own team.
To get the users from other Slack teams you need to use the access token your Slack app received during installation to that team (e.g. via Slack button). Your Slack app will also need the OAuth permission scopes users:read.
I'm trying to get further user details from the Slack's API.
Currently I'm authenticating users via Slack's OAuth2 that returns a code. I'm currently asking for scope=identity.basic,identity.email,identity.avatar. When I try to ask for more, like users.profile:read, the link redirects me to a crash page.
My link for signing in to my app via Slack is like this, for now:
Thanks for any help
Sign in with Slack works as a kind of sidebar form of OAuth 2.0 authorization for Slack. It's meant to be used for identity, exclusively. So whenever going through the flow and asking for an identity.* scope, you'll be restricted from combining it with others.
You can still ask for users.profile:read, but you have to do so in a separate authorization attempt where it's not among the momentarily requested scopes. It'll then be added to the user token you already hold for that user.
In messaging platforms like Slack and HipChat you can integrate apps that can post messages to groups without them being sent from a user e.g.
Defect Management System: A new defect was logged at 12pm
Instead of:
John Smith: A new defect was logged at 12pm
Is it possible to do the same thing in Yammer?
There are two options available for you:
1 - You can create a new user on Yammer, name it however you want (e.g., "Defect Management System" with a snazzy avatar), then take the user's OAUTH token and use it to impersonate that user programmatically. This is fine for quick development.
2 - You can create a new user on Yammer, name it however you want, then register a new app on Yammer to get a permanent token and client ID, then use those to impersonate that user programmatically. This is the right way to do it. You can read more about how to do this on https://developer.yammer.com/introduction/#gs-registerapp.
This is an example of a user that we impersonate. It is a bot on our network. It is a separate account in AD and is registered as an app in Yammer and interacts with Yammer automatically.
You are always impersonating a user in Yammer via the API, there isn't a way to impersonate a group, in the way that Slack does (i.e. being able to override the username displayed and replace it with a bot for example in your payload)
If this app is for internal use, you could consider creating a dummy user as a bot to post defects, and then using Custom Object Types & Actions in Open Graph to further customize the messages. Obviously there are some business & administration considerations in doing that, not just development ones.