I'm trying to send Direct Messages (DMs) to a user on Slack using chat.postMessage using Bot token. But I'm only able to send messages to the users that are in my workspace.
How can I send message to any user on another workspaces?
When I try to do so, I get: "error": "channel_not_found"
I've that user's UserID (U02....), user's email and my Bot token.
When you create a bot/app in Slack, you grant it OAuth Scopes which provide the bot access to certain information in your Slack instance. So for example, I expect you have added the users:read Bot Token Scope to your Slack app, so that it can determine the users, and userId's in your workspace.
However, this scope restricts the bot to only see users in your workspace.
There's a couple of ways around this though:
Solution 1 - Slack Connect
Now in Slack, you can message users in other workspaces with a feature called Slack Connect.
You'll first need to establish a connection with the user you want the bot to message. This can be arranged via an invite process, and once completed that userId should become available to the bot. You can use that userId in the channel field of the chat.postMessage API to direct message the user from the other workspace.
Solution 2 - Org Level App
If you are on an Enterprise version of Slack, you should have multiple workspaces within a company, that are all linked by an enterpriseId.
In this case, a possible solution might be to create what is known as an Org Level App to have access to information across multiple workspaces. More information on Org Level apps can be found here.
Related
I'm trying to convert some bot logic to use delegated permissions instead of application ones, but I'm running into an issue with a bot feature that can post to a Teams channel from a 1:1 conversation. The user can ask the bot to post to a channel, and this works fine, but when I take away Group.ReadWrite.All, I can't find a workaround that doesn't require admin consent. Here's the current flow:
Get the user's joined teams (me/joinedTeams-gets the user's joined Teams. This requires Team.ReadBasic.All.
Get the channels in the team (/teams/{id}/channels). This requires Group.Read.All (admin consent)
Post to the channel (/teams/{id}/channels/{id}/messages) which requires ChannelMessage.Send
So with delegated, non-admin permissions, I can list a user's teams, post a message to a channel on their behalf, but not list the channels on their joined teams? The docs here say that you need delegated Group.Read.All or ReadWrite.All, both of which require admin consent.
Is there another way that I'm missing to get a list of teams/channels for a user to cross-post to? I don't want to have to add the bot to the channel. I suppose I could create/store a list of connectors for each channel, but that's a lot of extra user overhead. The challenge is that I want to deploy this bot to an org that refuses to give any application/admin consent permissions to 3p apps.
I have no idea how I missed this, but there's a Channel.ReadBasic.All permission that doesn't require admin consent. This means I can do something like this in my bot:
Get a user's joined teams with graphClient.Users[aadUserId].JoinedTeams.Request().GetAsync()
Get the team's channels with graphClient.Teams[teamID].Channels.Request().GetAsync()
Post to the channel as outlined in the docs with c.Teams[teamID].Channels[channelID].Messages.Request().AddAsync(chatMessage).GetAwaiter().GetResult();
The only difference here is that the message is attributed to the user and not the bot, but as long as that's OK, this is a way to have a user initiated cross-post from a bot to a Team.
I have created a Microsoft Teams bot that can create/update conversations and receives all kinds of events to an endpoint (user joined team, ...). All I see in the events is a tenant id. For teams, i get an id and sometimes a name which is great.
to create/update conversations I use this flow:
Get a token from https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token
POST to a channel: ${serviceUrl}v3/conversations/${conversationId}/activities
My question is, how can I get the name of a tenant? I can not find any API to do so?
Use case: A user sends me a support email. I have no way to check my database and find the correct entries because all I know is the tenant id.
I have looked into the Graph API but I'm not sure if my bot is actually able to make those calls (I get all kinds of strange permissions errors such as Authorization_IdentityNotFound The identity of the calling application could not be established.).
I want to make the calls to the API myself. I don't want to use any Microsoft SDK/Lib/...
It looks like I have to:
In Azure Portal -> App registrations -> API permissions add the Microsoft Graph application permission Organization.Read.All
For each tenant, ask the Microsoft Teams admin to visit: https://login.microsoftonline.com/${tenantId}/adminconsent
Get a graph token for the tenant via https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token (scope: graph.microsoft.com/.default)
Call the graph api https://graph.microsoft.com/v1.0/organization
I am enabling slack channel in MS bot framework. All mentioned steps are done and from my own ID i am able to communicate with bot.
However, I when I give "Add to Slack" button to another slack user, it asks for permissions. After allowing the permission, the user is transferred to https://bots.botframework.com/ webpage where following is written:
Persmissions snapshot: Permissions snapshot before bot framework page
error page
The Bot Directory is no longer accepting new submissions. Add your bot to the Bing channel so users will not only be able to find it, but chat with it too
I have already enabled bot for public in slack settings, and users should be able to chat with bot who have the ID of bot.
Looks like some change has been done from Microsoft, which I am not aware of. Ideally it should take the user to conversation page
In order for user to chat with your bot on Slack, you DO NOT need to use that link to connect them. The method you're attempting is to give them a roundabout admin access, which won't actually work.
In order for your users to communicate with your bot, once it's properly connected to Slack, they can simply select it on the app list, like so:
Additionally, you as the admin, can add the bot to a particular channel, where the users can chat with the bot directly.
I'm using slack api to send reply whenever there is any direct message to authenticated user. So I created app, enabled events api and verified webhook url and subscribed to messages.im event
I use regular oauth flow with scope(chat:write:user,users:read) to get the access token.
First I tried with the admin of the workspace and everything worked fine. Whenever there is a direct message between admin user and any other user, i'm receiving events to my callback.
NOW
when I tried same with normal user(user2) i'm not receiving any events back when there is direct message between user2 and some other user. I followed the same steps above.
User2 went through same oauth flow with same scopes and got the access token of his own. As I subscribed to events api, I should be able to received event callbacks to the url I mentioned.
Is there any issue here? Is this not how things work?
This is not supposed to work.
Your Slack app will only receive message events from channels / conversations, which the installing user is a member of (e.g. the admin is member of the direct messaging conversation between him and others). But it's not possible to get direct messages between other users.
This is how Slack's security architecture is designed. In general it is not possible for any Slack app to monitor all private and direct messaging channel, even if the installing use is an admin / owner.
A common workaround for private channels is to retrieve messages for a bot user and make sure that bot user is a member of all private channels you need to monitor. However, this workaround is not very practical for direct message conversations.
Turns out it is an issue with scopes, following is the message I received from slack support team, they are awesome.
Hi Sasikanth,
Thanks for getting back to me. I took a look and it seems that there was some change with the scopes requested when user2 installed the "My App Name" app.
Here are the scopes that each of these users received upon installing the "My App Name":
user1: im:history,users:read,chat:write:user
user2: users:read,chat:write:user
You'll notice that user 1 above has the im:history scope, whereas user 2 above does not. It's mentioned on the doc for the message.im event type (https://api.slack.com/events/message.im) that the im:history scope is needed.
That's the reason why you're not receiving the message.im event type for DMs sent to user 2.
I hope that helps to explain the issue. What you'll need to do is remove the authorization for user2 from: (my dev app url) and have that user reinstall the app with the appropriate scopes.
Let's think of the following example:
1) I have a certain bot deployed on Azure
2) Bot can be talked via Facebook Messenger and via Skype
3) A certain user talks to the bot via Facebook Messenger and then he leaves.
4)A couple of minutes ago the same user resumes the conversation with the bot, but via Skype.
Is this possible? I assume Bot Framework doesn't have anything included for this, hence, that this isn't posible (as conversations are independent and state changes depending on the channel). Is there any way to identify a user (via some authentication method maybe), and then making this logic again?
Do any of you know any workaround for this?
Thanks in advance!
The Bot Framework Connector service is a component which provides a single API for your bot to communicate across multiple client services such as Skype, Email, Slack. Every bot and user has an account within each channel.
The channel account contains an identifier (id) and other informative bot non-structural data, like an optional name.
And there us unique conversation ID created for each conversation of each user for each channel. And you can customize your channel capabilities as described here.
Regards,
Jyo