I have a slack application and I have authenticated using this application. When I list all the channels, some of the private channels are not listed. Do we need the access token of workspace admin to list all the private and public channels?
Stumbled across this question when Googling for a similar issue in a large org - I was getting the public channels, but not all of them were showing.
Turns out Slack has a default limit of returning 100 channels. To bypass this, simply pass a limit: 9999 parameter, eg:
app.client.conversations.list({
token: process.env.SLACK_BOT_TOKEN,
limit: 9999
}).then((res: any) => {...})
See also: conversations.list API
Here is how Slack's security architecture works, which explains why you don't get all private channels with conversations.list.
A user only can only see private channel he is a member of. That includes users with admins and owner role, so even the creator of a workspace does not see private channels he is not invited to.
There are two types of tokens:
User token inherit the access rights from the user who installs the
Slack app. So if you installed a Slack app it can only see the
private channels that you are a member of.
Its a bit different with bot token. With a bot token the app can
only see private channel the bot user is a member of.
There are two workarounds to get access to all channels:
Generic user
Ensure a the generic user (e.g. slackadmin) is a member of all private channels. Then using his access token a Slack app also has access to all those private channels. This is an organizational solution.
Collect all user tokens
Collect the tokens of all users on your workspace and then use those tokens to access all conversations incl. private channels their are a member of.
This can be achieved by asking every user to install your Slack app once (via standard OAuth "Add to Slack" process), which is called a configuration in Slack terms.
response = client.conversations_list(types="public_channel, private_channel")
See https://slack.dev/python-slackclient/conversations.html
Related
Requirement: Continuously manage membership of a private channel based on external-to-slack criteria, preventing channel members from kicking the bot from the channel!
I can't find a way to meet:
Allow a Slack bot to manage a private channel it's a member of: inviting and kicking users at-will,
Prevent users of the channel from kicking the Slack bot.
Under Settings & Permissions -> Permissions -> Channel Management there's the People who can remove members from private channels: option.
If I choose Everyone, then
Is satisfied: bot can kick users,
Isn't satisfied: Users can kick the bot.
If I choose Workspace Admins and Owners only, then
Isn't satisfied: bot can't kick users because it's not admin or owner,
Is satisfied: Users can't kick the bot!
Would love a workaround this this...
Solution was at Oauth request time ask for the groups:write scope for both the bot and the user. Then when making the conversations.kick API call pass the user token (who has Owner or Admin privileges).
Following this approaches lets your bot (acting as the user who installed it) to kick private channel members when People who can remove members from private channels = Workspace Admins and Owners only.
I have a working MS Teams bot. Now If I want to accept only requests only from a particular domain (#xyz.com).
So My Bot will be accessible to all users from xyz.com domain and for rest it should not be discovered. How to achieve that?
So you need to confirm if you bot is going into the main App Store. If it's not, you can "restrict" it by only uploading the manifest to the relevant 'company' store in that Tenant. However, if the app is going to be available more widely, or if your tenant has multiple user domains and you want to restrict within the same tenant even, then you should look to use middleware to do this. You can read more about Middleware and then have a look at the following samples: teamsTenantFilteringMiddleware (node) (C# version).
That middleware filters on tenant id, which might suit your use case, or if you need to check actual user email, you'll need to look that up per user. This link shows how to get a user's email (it's not supplied with each message to the bot, unfortunately).
I resolved this by following:
The way I handled this is by programmatically using reading and slicing Email address of the user (e.g. John.Doe#email.com)
TeamsChannelAccount member = await TeamsInfo.GetMemberAsync(turnContext, turnContext.Activity.From.Id, cancellationToken);
string[] checkEmail = member.Email.ToLower().Split('#');
if (checkEmail[1].Equals("contoso.com") || checkEmail[1].Equals("email.com"))
{
//Business logic
}
Thanks.
We basically want to annotate certain messages (adding links) but it does not
seem to be possible using Slack API. Only way to modify is to give permission
to the user who posted that message and modify it as that user.
I can delete other users comments or file.
I have tried to update others messages using legacy token, app token's with
full permissions but no success. I called Slack API as a owner or admin.
I used chat.update Slack api method.
The response from the api call is an error "cant_update_message"
"headers": {
....
},
"ok": false,
"error": "cant_update_message"
}
Well it is not possible even if you are an admin, as slack article say:
Mistkaes Mistakes sometimes happen. Fortunately, members can edit and delete the messages they send in Slack (if allowed by Workspace Owners and Admins). Workspace Owners can also delete messages in public channels and private channels they've joined.
Slack Roles are the following:
Owner
Admin
Permissions
Owner and admin permissions:
Manage or #mention user groups
Set private channel retention
Delete a channel
Rename a channel if you created the channel you can rename it.
Make a public channel private
Create a private shared channel
Create a shared channel
Delete your own messages
Remove people from channels
Invite Guests to a public channel
Invite a Single-Channel Guest to a private channel
Delete other people's messages
Invite new Guest members
Deactivate a member's account
Promote a Workspace Admin
Only Owners
Demote a Workspace Admin
Promote a Workspace Owner
Turn on Approved Apps
All of these permissions are allowed to them just, if you want to know all permissions, read more
It is only possible to edit your own messages (assuming this is allows in your workspace), but never the messages of others. That is the same for all users including admins and owners. And its the same with the API method chat.update.
But there is a workaround: Your app can gather tokens from every user in your workspace and then use those token to impersonate each users allowing your app to change every message. This will require each user to install the app once. Your app then just needs to use the matching token to update each message.
Note that this workaround has some obvious drawbacks, e.g. giving your app access to all message and channels on the workspace and also requires some organizational effort to maintain.
So I'm building a small Slack bot that I want multiple users to be able to use in different Slack teams. So far the workflow is like this:
User signs up on website.
User connects with an API provider and receives their OAuth credentials. The access token for each user is saved in the database.
User adds Slack bot to their team.
With hardcoded API values the bot retrieves the desired data, but what is the best way for the bot to be able to get the appropriate data for each Slack team?
I obviously don't want a user to need to keep signing into the website etc, so how do I associate the slack team with the Laravel user and then pull the relevant API data?
For some example code, imagine that I have a Strava access token stored in my DB for a user and I want to call the API:
$botman->hears('runstats', function ($bot) {
$payload = \Strava\Account::get(
\Auth::user()->strava_id,
array('api_key' => "here_is_a_secret_key")
);
$bot->reply($payload->monthly_kms);
This works fine when I query from my web interface as I'm signed into my website and it spits back 123km as an example.
Obviously when I'm signed into Slack then there's no Auth::user instance and so it cannot find the relevant Strava ID. That's what I want to be able to retrieve for the relevant Slack user. I envisage it being installed in multiple Slack workspaces.
You need to store the relation between a Slack user (with team ID, user ID) and his individual token for each API in your database.
So you have two options when adding new API tokens:
Ensure that the process of adding new tokens for API services is always started on Slack (e.g. with a slash command) and then forward the user to your webpage. Thus your app knows which user it is.
Let users log into your web-page with their Slack credentials (using Slack Sign-in).
Both options require that your Slack app has been previously installed to the relevant team of course.
Imagine I have a Slack app. After someone logs in with his or her Slack account,
I get their team ID.
Is it possible to use this team ID to get a list of all users that belong to
the same team as the logged in one?
What I tried
I looked at the users.list request
in the Slack docs, but it appears that it returns only those users who are in
the same team as me (i. e. I can get a list of my colleagues, but not those of
another user). In particular, there is no way to specify the team id.
Yes, that is possible. The Slack team is linked to the access token you use for users.list. If you use your own access token, you will of course only get the users from your own team.
To get the users from other Slack teams you need to use the access token your Slack app received during installation to that team (e.g. via Slack button). Your Slack app will also need the OAuth permission scopes users:read.