What is the best approach to manage app ownership in Slack?
Currently all devs in our team create their apps under their own Slack accounts. The risk with this is if they leave the company and their account gets closed then the apps they created will cease to work.
This must be a common solution but I couldn't find a definitive document with a good solution.
What would you recommend?
Here is what I would suggest for managing ownership of app development.
For this discussion we need to distinguish between
creating a Slack app
installing a Slack app.
Those are different concepts which need to be handled in different ways.
Creating a Slack app
A new Slack app is always created in a workspace and belongs to the user that created it. If that user leaves the workspace (or goes on a longer vacation) the Slack app can no longer be managed.
This risk can be mitigated by adding collaborators to every Slack app. Collaborators have the same rights (e.g. delete an app) and will keep their access when the initial creator is deactivated.
As the documentation states:
Slack apps are owned and contained by the team they are created on.
Slack apps may have multiple App Collaborators associated with it, and they can review & manage the application record. They can also add or remove other collaborators.
To further mitigate the risk of losing access to Slack app it might be prudent to create a dummy admin user that has to be added to every Slack app as collaborator. That way you won't loose access to your Slack app even if multiple users leave the workspace.
Installing a Slack app
When the creator or collaborator of a Slack app gets deactivated his app will automatically be uninstalled if he was also the installer. As it says in the documentation:
One caveat: this exception doesn't apply to the folks who created an
app or were added as an App Collaborator. When they leave, the app is
still uninstalled. Same goes for when an app uses additional scopes
beyond the ones listed above, taking on the behavior of a user.
One way to avoid this situation is to use a dummy admin account for app installation instead of the actual user.
Related
I am trying to download the history messages for a specific Slack app, let's say MLflow.
I found a few open-source tools on Github but none of them actually work for me. It seems that slack has disabled ways for non-admin to create the access token since May 2020. Is there any way for the scraping script to work without tokens? WHat else can I do now?
You can try the app called Backupery for Slack
Disclaimer: I'm the developer of the app and the app is not free, but a free trial is available.
The app can help you to export any conversation from your Slack workspace, including direct messages between you and an app. For example, if I need to export the conversation between me and Jira Cloud app, I just need to select the conversation and export it:
Please also note, the app will automatically create an access token for you. By default, Primary Owner, Owners, Admins and Full Members are allowed to install any applications for Slack (and create access tokens). However, a workspace Admin or Owner may limit installations to pre-approved apps - in this case you will not be able to use the app as it will not be possible to install it.
I'm working on a Slack integration for our workspace that is within an Enterprise Grid. I have a workspace and I've created a Slack App with all possible OAuth scopes and have installed it in the workspace.
I'd like to automatically invite and remove users to our workspace using the app/bot. I should be able to do this with the Slack app/bot using the admin.users.invite and admin.users.remove API actions.
However, these two actions require the admin.users:write OAuth scope, which can only be used on an App that is installed organization-wide, so I can't use this scope on my workspace app:
The app requesting this scope must be installed by an admin or Owner of an Enterprise Grid organization. Also, the app must be installed on the entire org, not on an individual workspace.
Is there any other way I can have an automated system that invites/removes users to/from our workspace, without it being an organization-wide app? This is something I can do as a user through the Slack UI (and I'm not an organization admin, just a workspace admin), so one would think I should be able to do the same things via an app/bot that is installed and authorized to act on my behalf.
Unfortunately, the APIs currently provided by Slack are available for Org Owner & Org Admin roles.
The best course of action for you will be to collaborate with your org admins. Let them manage the app. It means you will not have access to token, but you can use the app as a user.
Create the app that will operate only on your workspace by using fixed teamId.
Ask the org admin to generate the admin token and update that in your app.
May be, if they find your app useful, it can be used across organization eventually.
I have developed an app that synchronises our users' Google contacts with the School's database. When I submitted the consent screen for verification I was asked to change the display name, as it violated branding policies by including GMail in the title. However when I try to update the consent screen in the API Console, after changing the app name the Save button remains greyed out, so I can't change it. How do proceed now?
Note the app is currently in use with an unverified consent screen, but new users are now unable to sign up since Google appear to have tightened their policies.
Also the app is only used by members of our organisation, so it should really be an internal app. However the Make Internal link is deactivated, apparently because I am not a G Suite User. However we have a G Suite for Education account, so does this not make me a G Suite user?
As no-one has provided a solution it looks like there is none. Therefore I’ve resorted to my plan B, which is to create a new API Project and consent screen, This time I created it as an internal project, which avoids any complications of validation. The previous project was created public as it was envisaged that parents with private Gmail accounts might also use it. However with the constraints of GDPR it has been decided to restrict it to employees only. Fortunately I have found a way for existing users to continue using the old version, while new users have to register using the new consent screen.
It appears that the message about not being able to change to a local project if you’re not a G Suite user is a red herring. I suspect you just can’t change project type once it’s in use, because of the possible implications for existing users,
I'm currently working on a parse.com project and I want another collaborator to be able to add additional collaborators to the project. I'm not quite sure how to do this. Thanks in advance.
Only the main account can add additional collaborators per Pasre's website.
https://parse.com/plans/faq
How do I share access to my app? Can multiple people collaborate on my
app?
You may share access to one app with one or more collaborators.
Each collaborator should sign up for a Parse account individually if
they don't have one yet. You can then invite them to collaborate on
your app from the Collaborators panel in your app's Settings. You as
the app owner will remain responsible for any charges your app may
incur. Collaborators will share the same level of access that an app
owner has, but they will not be able to delete the app or add more
collaborators.
Good luck.
We've migrated our app from the old marketplace to the new one. After a few days we've received an email that we don't comply with an SSO policy - the user is not recognized after he installs the application.
In the old app we had a specific setup link, that was opened for the user after he installed the app - thus making him recognizable. Is there such a function in the market? Is there some sort of a callback for the installation event in the new marketplace?
P.S. the guy from Google told me to post technical questions on Stackoverflow and that "Our developer relations team monitors that forum and will be able to assist you."
EDIT:
There's the Additional app setup link in this after-installation popup (which clearly no user will click):
Is there a way to call the URL that of the Additional app setup in the background, without needing the user to click an obscure link?
That was an intentional design change which is different than how it used to work in v1 of the marketplace.
If you need interactive setup, best thing to do is put in a check on login to see if the domain has been configured. You can use the licensing API to check for a marketplace install record or directory API to check user permissions if those matter for your use case.
If you just need to run a background task, you can periodically poll the licensing API to detect new installations of the app. This shouldn't be done too often, so if you need to do things before a user logs you're still better off going with a check on login to route them to the setup flow as needed.