I want to create a Slack bot which will monitor incoming messages of channel, and respond to those messages based on the content using Events and Web API.
In Events API, the verification URL which I am currently using requires Shibboleth login i.e I need to put in username and password if I want to access that URL through browser.
How do I have Slack send its request to that URL? Currently Slack gets HTTP 500 error from the server, and also my server doesn't get any hit.
After talking to Slack help chat, I was told that Slack can't do auth. I was suggested to use proxy of some kind, but I ended up removing the Shibboleth from my server. Slack does sign every request it sends, so to have server respond to attackers, verify each request is from Slack before responding.
Related
I have a Power App and Power Automate solution integrated with Docusign using their REST API's.
My issue is that I have users log into Docusign from a link which when completed and authenticated, returns an https response (authorization code) on the redirect uri. I want to be able to 'capture' the authorization code within Power Automate.
I want to avoid using custom connectors as they seem unreliable when using Oauth2 authentication and the users access token has expired. My preference is to use the HTTP REST API steps in Power Automate instead.
With a redirect to https://localhost:3000/auth/docusign/callback, I get the following https response:
https://localhost:3000/auth/docusign/callback?code=eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQoAAAABAAYABwAAlzFclSfZSAgAACO4o5Un2UgCAOid-3Oz8jJHsDvIUG5hRR8VAAEAAAAYAAEAAAAFAAAADQAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4IgAkAAAAZjA5Y2U4NDQtM2U5Yy00NjEzLTkwNzctNGY5MmFhY2NjZTc4NwBBDjKOCdhvSaNUWiI7O-21MAAAkAfAlCfZSA.zrYv2gsNFPVWHZpoO7-_5o4Ika3DxQpbNqlPUHiOvYFVL5igRnbZHh2V7OmN0bff7Tf14QF3pWaBAATozpIgzgj21m3ZjLbhY5J42eR1msXmoXjbBggibGC_FqbprVCzjSCvjbvMlwgEwda7LApdSWwr49ON9KhdN84qWD9sacJJvdi3Oi1KInImlVB_2rTpCLFhMD98PBv6b074yTqLOfwV31QT-6si8xLtk3G2vtn2gFZigXQxIA18b6tC-BM3NOILV1zwZNa1pstxxG2W8jJByUQlAux3d1GuS4vnDu_nr54mXULV0vY7txLFRiJA5w_E7Nlu2dlaOa5_DmfpNg
I want to intercept the code=eyJ0e........ in my flow.
I have tried setting up an http request and using the unique endpoint, used that as a redirect endpoint to send it to a receiving HTTP request flow. Docusign did not like the http request URL as a redirect.
I have to think this is a very simple thing to do and probably has to do with how the redirect/callback is configured in Power Automate. There maybe third party solutions that can act as a redirect intermediary which I can then GET with an API call. All ideas appreciated.
I was playing with Microsoft Bot Framework locally which works fine if I use MSFT bot emulator for testing (both in C# .Net Core and Node.js) but I cannot figure out how to test it using Postman api calls.
Do I really need to register bot first at MSFT even when it is run locally to be able to get authentication ?
Normally, there is a Connector Service between the client and a bot. It is possible to bypass the connector services, and post directly to the bot but there are a few things to keep in mind. One of the issues you will run into is the activity.ServiceUrl is expected to be the callback base url for return messages: ref BotFrameworkAdapter#L843 Without a valid ServiceUrl, bot replies will all end in exceptions, since there is no valid place to send the responses. You can setup a MockChannel to receive these bot replies. Once it is setup, just ensure your ServiceUrl of the message sent to the bot is pointing to that MockChannel.
Sometimes I use the Emulator's Connector Service with PostMan. This can be done without having a MicrosoftAppId and MicrosoftAppPassword. You'll see the endpoint the Emulator Connector Service is listening on within the Log when you open a Live Chat tab:
This would then be the baseurl to use for PostMan.
Create Conversation:
(note: the emulator expects an Authorization header with a Bearer token, but the value does not matter since we aren't using a MicrosoftAppId and MicrosoftAppPassword)
Post Message:
Get Messages:
A bot running on localhost should be testable via any HTTP client such as Postman as long as your forming the requests correctly which really only means you just need a payload that is a valid activity representation.
What you might need to check is whether or not you have any app credentials configured on your bot when you're running in localhost. If those are set then you would need to actually properly authenticate against your localhost instance as well, which the emulator will do, but you likely don't want to do when you're just trying to hit it with something like Postman. So, just make sure to clear out the app credentials when running in localhost mode to make your life easier.
If you're not running with any app credentials, then you'll need to update your question with more details about exactly what payload your sending, how your bot is configured, etc and I'll be happy to update my answer.
I want to to use Springs Server Sent Events to update specific parts in a Angular frontend. I want that only authorized user can subscribe to the Server Sent Events. That's not the problem but how can I check if the user is still authorized to retrieve the push messages after e.g. the session is expired?
I'm also using JWT Token based authorisation so that the server doesn't know when the token expires. What is a good practice here? Should I save the token alongside with the SseEmitter and check it before each push?
Thanks!
So, I am working on the API and a website where I am sending a request from my backend server to that API and my API gives response through PUSHER to the front-end directly and once the front-end receives all the responses from the pusher in contacts the back-end so that the database can be updated. Now instead of receiving the final update from the front-end i want the pusher to directly contact my backend so that the database can be updated
So I came across the webhooks functionality that pusher provides in order to communicate to the backend server.Pusher generates only 3 events viz. channel existence, presence and client event. But I want the pusher to generate webhook request when the API message is being pushed into the pusher, so that I can access the response for storing into the database.
Pusher does not provide this functionality. WebHooks are designed to inform your application of changes to the state of channels, not as means of arbitrary communication from Pusher to your server.
On top of this, it sounds like you want to notify your server once the client has received all events. Pusher does not know exactly when the client receives events. The only place where you can be sure the client has received an event is on the client itself.
Your current solution of sending a request directly from your client to the server sounds like the correct approach.
I'm building a custom slack app with botkit framework and I'm trying to add a interaction button in my Bot/App.
I don't really catch one thing, as the botkit framework provides a way to have a webhook entry and setuped server to receive oauth requests and slack's requests for interactive buttons callbacks, does having a secured server with Https, certificate and all that stuff is mandatory for slack's API to perform POST requests on my server after hitting a interactive button?
Yes, a valid and non-self-signed SSL certificate is required to receive inbound requests on your server when message buttons are clicked by users. The certificate is also required for a few other outbound operations performed by Slack, like slash command executions and the Events API.
While in development, many developers use a tool like ngrok to proxy their requests, though it's not really appropriate for production use.