Slack Events API not working for normal users - slack

I'm using slack api to send reply whenever there is any direct message to authenticated user. So I created app, enabled events api and verified webhook url and subscribed to messages.im event
I use regular oauth flow with scope(chat:write:user,users:read) to get the access token.
First I tried with the admin of the workspace and everything worked fine. Whenever there is a direct message between admin user and any other user, i'm receiving events to my callback.
NOW
when I tried same with normal user(user2) i'm not receiving any events back when there is direct message between user2 and some other user. I followed the same steps above.
User2 went through same oauth flow with same scopes and got the access token of his own. As I subscribed to events api, I should be able to received event callbacks to the url I mentioned.
Is there any issue here? Is this not how things work?

This is not supposed to work.
Your Slack app will only receive message events from channels / conversations, which the installing user is a member of (e.g. the admin is member of the direct messaging conversation between him and others). But it's not possible to get direct messages between other users.
This is how Slack's security architecture is designed. In general it is not possible for any Slack app to monitor all private and direct messaging channel, even if the installing use is an admin / owner.
A common workaround for private channels is to retrieve messages for a bot user and make sure that bot user is a member of all private channels you need to monitor. However, this workaround is not very practical for direct message conversations.

Turns out it is an issue with scopes, following is the message I received from slack support team, they are awesome.
Hi Sasikanth,
Thanks for getting back to me. I took a look and it seems that there was some change with the scopes requested when user2 installed the "My App Name" app.
Here are the scopes that each of these users received upon installing the "My App Name":
user1: im:history,users:read,chat:write:user
user2: users:read,chat:write:user
You'll notice that user 1 above has the im:history scope, whereas user 2 above does not. It's mentioned on the doc for the message.im event type (https://api.slack.com/events/message.im) that the im:history scope is needed.
That's the reason why you're not receiving the message.im event type for DMs sent to user 2.
I hope that helps to explain the issue. What you'll need to do is remove the authorization for user2 from: (my dev app url) and have that user reinstall the app with the appropriate scopes.

Related

DM to any user on Slack using Slack API

I'm trying to send Direct Messages (DMs) to a user on Slack using chat.postMessage using Bot token. But I'm only able to send messages to the users that are in my workspace.
How can I send message to any user on another workspaces?
When I try to do so, I get: "error": "channel_not_found"
I've that user's UserID (U02....), user's email and my Bot token.
When you create a bot/app in Slack, you grant it OAuth Scopes which provide the bot access to certain information in your Slack instance. So for example, I expect you have added the users:read Bot Token Scope to your Slack app, so that it can determine the users, and userId's in your workspace.
However, this scope restricts the bot to only see users in your workspace.
There's a couple of ways around this though:
Solution 1 - Slack Connect
Now in Slack, you can message users in other workspaces with a feature called Slack Connect.
You'll first need to establish a connection with the user you want the bot to message. This can be arranged via an invite process, and once completed that userId should become available to the bot. You can use that userId in the channel field of the chat.postMessage API to direct message the user from the other workspace.
Solution 2 - Org Level App
If you are on an Enterprise version of Slack, you should have multiple workspaces within a company, that are all linked by an enterpriseId.
In this case, a possible solution might be to create what is known as an Org Level App to have access to information across multiple workspaces. More information on Org Level apps can be found here.

Is there a way to keep my Slack App from being used in Channels?

Is there a way to keep my Slack App from being used in Channels?
I only want the current user to be able to interact with the App directly and it not to show in any channels.
When setting up a app in MS Teams using App Studio there is a option that lets you limit the App to "Personal" I'm looking for something similar in Slack.
I am not sure what use cases you want to prohibit exactly, but in general your app can check each incoming request and decide if and how it wants to react to it.
For example you will always get the user ID of who sent the slash command or message to the bot. You can use that to filter our users that should not have access.
Update
To restrict your app the the app channel you need to do the following:
When receiving a request from the user, first open a direct message channel to the user from the bot user. That will always give you the channel ID of the app channel.
Then reply with a direct message in that app channel
or alternatively check if the received request is from the app channel and ask the user to only talk in app channel if it is not.
See also this answer on how this works in detail.

Slack App API - Can I subscribe to and monitor all #username mentions for the current user?

When someone mentions a specific username by their handle in Slack, the user typically gets notified about that mention by Slack. I would like to make a Slack app that subscribes to those notifications for the current user. Any time a user gets notified that they were directly mentioned, I'd like to be informed of that in my app, along with the contents of that message.
I've looked through the API docs for quite a while and I can't seem to find support for this functionality. Am I missing something? Can this be done?
There is no event in the Slack Event API that handles mentions of users (although if you create a slack bot you can handle mentions of the slack bot's user with the app_mention event).
You can still listen for the message event and manually look through the text for any #UserMentions and handle them there. Note that this will only work for channels that the Slackbot has been granted access to.

Open direct message channel to a user with a Slack Workspace token?

I'm working on a new Workspace app for Slack. I have a use case where I need to send notifications to users in Slack, through a direct message (or IM). Since the chat.postMessage endpoint requires a channel ID, I can get the existing IM channels using conversations.list and send them the notification.
However, if the user hasn't yet opened an IM channel from their side, I need to create one. It seems that neither Web API endpoints (conversations.open or im.open) support Workspace tokens. I keep getting not_allowed_token_type error response. I can create a public channel with conversations.create, but that's not what I need.
Is there another to open an IM channel to a user when using a Workspace token?
Took me awhile to figure this out. You need to add/request the conversations.app_home:create scope to your permissions. Then you can just specify the user ID as the channel arg in a chat.postMessage call.

Slack bot getting information from threads and messages?

Slack bots can get information about messages that have just been posted with the "messages" event. So why can't they get information about all the messages in a thread?
So for example when someone makes a reply to a message in a thread a message event is fired with the subtype of "message_replied" however the text fields of all of the messages in the result are out of scope for the bot.
Is there a way to access this information? I have tried using things like channels.replies and conversations.replies but the results of those are out of scope for the bot too. Requiring the channels:history scope.
I would settle for the bot being able to read the content of its own messages only.
You can access threads with your bot via API method conversations.replies (or the pendant methods) by using the user token from your Slack app. A Slack app with bot users always has both a user token (with rights inherited from the original installer) and a bot token.
As the documentation says in section Threading messages:
While Slack app-based bot users can't access these methods directly,
user tokens granted with the correlating scope can.

Resources