Slack App - Direct message NOT from slackbot - slack

I have an app in Slack that sends direct messages to users. The messages always show up in the Slackbot channel and I would like to know if it is possible for the messages to show in the bot's own channel instead.
The app is made using bolt for NodeJS and here is my code:
app.client.chat.postMessage({
channel: userSlackId,
text: `TEXT HERE `,
token: process.env.SLACK_BOT_TOKEN,
icon_emoji: ":emoji",
username: "Incident Bot",
});
My scopes are:
chat:write
chat:write.customize
users:read

I believe you need the im:write scope as well to enable your app to directly message users.
You can update scopes from your app page -> OAuth & Permissions -> scroll down to scopes.

Related

Azure bot framework Slack channel "Slack API error" because of token_expired

I have a self-hosted Azure bot with a Slack channel. The bot is able to send proactive messages and respond to user mentions after I authorized it with Slack. However, this stops working after some period of inactivity. The request via botbuilder sdk results in "Slack API error" and the underlying error appears to be token_expired.
await turnContext.sendActivity({ text: 'Some message...', textFormat: 'markdown' });
I assumed that token refresh should be fully handled within the framework. Has anyone encountered this issue? Is there some specific configuration that is required?

Can a slack bot join automatically a channel?

I am building a slack application.
I added "incoming-webhook" to oauth scopes that let me choose the channel I want the App to post messages. However unless I ping the app in the channel to add it. I get a "channel not found" error.
Is it possible to add the app to a channel when installing app via oauth ? Without adding it manually by #app-name or /invite app-name ?
When you add an incoming-webhookscope to your app, the option to add a channel during authentication is specific to incoming webhooks not bot messages. So any messages you send via the incoming webhook will send to the channel you selected during authentication. Messages sent via [chat.postMessage][1] will require your bot to be a member of the destination channel, via invite. Incoming webhooks can only be linked to a single channel. You will have to create a new webhook for every channel you want to post to using webhooks. For that reason, I'd recommend using chat.postMessage instead. If you request the chat:write.public scope your bot will be able to post into any public channel without invitation.

Is there a way to keep my Slack App from being used in Channels?

Is there a way to keep my Slack App from being used in Channels?
I only want the current user to be able to interact with the App directly and it not to show in any channels.
When setting up a app in MS Teams using App Studio there is a option that lets you limit the App to "Personal" I'm looking for something similar in Slack.
I am not sure what use cases you want to prohibit exactly, but in general your app can check each incoming request and decide if and how it wants to react to it.
For example you will always get the user ID of who sent the slash command or message to the bot. You can use that to filter our users that should not have access.
Update
To restrict your app the the app channel you need to do the following:
When receiving a request from the user, first open a direct message channel to the user from the bot user. That will always give you the channel ID of the app channel.
Then reply with a direct message in that app channel
or alternatively check if the received request is from the app channel and ask the user to only talk in app channel if it is not.
See also this answer on how this works in detail.

Slack Events API not working for normal users

I'm using slack api to send reply whenever there is any direct message to authenticated user. So I created app, enabled events api and verified webhook url and subscribed to messages.im event
I use regular oauth flow with scope(chat:write:user,users:read) to get the access token.
First I tried with the admin of the workspace and everything worked fine. Whenever there is a direct message between admin user and any other user, i'm receiving events to my callback.
NOW
when I tried same with normal user(user2) i'm not receiving any events back when there is direct message between user2 and some other user. I followed the same steps above.
User2 went through same oauth flow with same scopes and got the access token of his own. As I subscribed to events api, I should be able to received event callbacks to the url I mentioned.
Is there any issue here? Is this not how things work?
This is not supposed to work.
Your Slack app will only receive message events from channels / conversations, which the installing user is a member of (e.g. the admin is member of the direct messaging conversation between him and others). But it's not possible to get direct messages between other users.
This is how Slack's security architecture is designed. In general it is not possible for any Slack app to monitor all private and direct messaging channel, even if the installing use is an admin / owner.
A common workaround for private channels is to retrieve messages for a bot user and make sure that bot user is a member of all private channels you need to monitor. However, this workaround is not very practical for direct message conversations.
Turns out it is an issue with scopes, following is the message I received from slack support team, they are awesome.
Hi Sasikanth,
Thanks for getting back to me. I took a look and it seems that there was some change with the scopes requested when user2 installed the "My App Name" app.
Here are the scopes that each of these users received upon installing the "My App Name":
user1: im:history,users:read,chat:write:user
user2: users:read,chat:write:user
You'll notice that user 1 above has the im:history scope, whereas user 2 above does not. It's mentioned on the doc for the message.im event type (https://api.slack.com/events/message.im) that the im:history scope is needed.
That's the reason why you're not receiving the message.im event type for DMs sent to user 2.
I hope that helps to explain the issue. What you'll need to do is remove the authorization for user2 from: (my dev app url) and have that user reinstall the app with the appropriate scopes.

How to check credentials against botframework api

I'd like to check that my bot credentials (appId + appSecret) are ok to connect to https://api.botframework.com/bot/v1.0/messages.
I can't send a real message because i have no conversation running so I tried to post the following json message :
{ "type": "Ping"} but the response i got was
{
"error": {
"message": "Expression evaluation failed. Object reference not set to an instance of an object.",
"code": "ServiceError"
}
}
Is there any way to check if my access to the api is ok?
If you've registered your bot, you can visit the Bot Framework page, click on the My Bots menu, and select your registered bot. On your bot page, scroll down to the bottom left and there's a test box.
Also, you can use the emulator. It has a place in the upper right corner to replace the default credentials with your bot credentials. Then change the URL to where you have your bot deployed. Tip: remember to append 'api/messages' to the URL.
Download the BotFrameworkEmulator to test connectivity to your bot. It works on windows and OSX if you have mono installed. You can change the default settings that the emulator uses by typing '/settings' after running it. You will be prompted to enter your appId, appSecret and url endpoint for sending and receiving messages to/from your bot.
You can also use the directline rest api to initiate conversations and send messages to your bot

Resources