I am building a Slack App and planning to distribute it in the Slack App Directory so that other users can install it. I am using Slash commands for this app. Now when I get my API called after some user type my Slash command then I want to access some of the user information using WEB APIs. But to access the info I need user token to call the WEB API. With Slash command request object I am not getting any user token. So my question is how can I get the user token at this time to access the information. Do I need to save this when user installs the app or do I need to provide the Add to Slack button for this?
Yes, your app will receive the access token for a team / workspace only as result of a successful installation process and should then store it together with the team ID for later use. Each slash request includes the team ID which allows you identify the correct access token for each team.
There are two approaches for installing Slack apps, which can be chosen on the "Manage your apps" pages under "Basic Information". Here is how it looks:
Installation from landing page
Having your own website with a "Add to Slack" button is the easiest way to to that. You website will then need to handle the installation process, which basically is a Oauth flow. You should also make sure to request the right permissions, so that you can later access the API methods that you need. This installation approach is called "Installation from landing page".
Installation from App Directory
Another way to install your app is "Install from App Directory". This will allow users to start the OAuth process directly from the App directory, instead of having to click a "Add to Slack button" on a website. Its has the same effect as clicking a custom "Add to Slack button", so you still need a website behind it to handle the full OAuth flow.
Important: This option is only available to apps that have been approved by Slack and are listed on the App directory.
Further Reading
Installation approaches
Oauth process with Slack
Related
I'm working on a Slack integration for our workspace that is within an Enterprise Grid. I have a workspace and I've created a Slack App with all possible OAuth scopes and have installed it in the workspace.
I'd like to automatically invite and remove users to our workspace using the app/bot. I should be able to do this with the Slack app/bot using the admin.users.invite and admin.users.remove API actions.
However, these two actions require the admin.users:write OAuth scope, which can only be used on an App that is installed organization-wide, so I can't use this scope on my workspace app:
The app requesting this scope must be installed by an admin or Owner of an Enterprise Grid organization. Also, the app must be installed on the entire org, not on an individual workspace.
Is there any other way I can have an automated system that invites/removes users to/from our workspace, without it being an organization-wide app? This is something I can do as a user through the Slack UI (and I'm not an organization admin, just a workspace admin), so one would think I should be able to do the same things via an app/bot that is installed and authorized to act on my behalf.
Unfortunately, the APIs currently provided by Slack are available for Org Owner & Org Admin roles.
The best course of action for you will be to collaborate with your org admins. Let them manage the app. It means you will not have access to token, but you can use the app as a user.
Create the app that will operate only on your workspace by using fixed teamId.
Ask the org admin to generate the admin token and update that in your app.
May be, if they find your app useful, it can be used across organization eventually.
Just looking for some general advice here.
I want to build a Slack app and publish it publicly to the Slack App Directory, for anyone to use. The basics of the app are:
When you paste a link to a specific domain in a Slack message, a bot will fetch additional information about that link from a Rest API my company built.
The roadblock I'm running into is that our Rest API uses Basic Auth for authentication, and I can't figure how or where in the Slack App setup flow to ask the user to enter their API key.
Does anyone have any advice on how to ask for user input when setting up a Slack app, so that the user can enter their API Key for our REST API?
Thanks!
OK, I will assume that the API key is individual to each user.
I would suggest to ask the API key as part of the installation process for your Slack app on your website and then store the connection between Slack user ID and API key as part of the installation process. It is in fact possible to have individual installations of the same Slack app to a workspace for each user. This is called "configurations" (e.g. the Twitter app for Slack is using this feature).
This requires each user who want to use the app to go through the installation process and also all users need to have permissions to install this particular Slack app (which can be configured by admin).
I received this error when trying to authorize my app with my own account:
Your project is trying to access scopes that need to go through the verification process.
{invalid=https://www.googleapis.com/auth/contacts}
If you need to use one of these scopes, submit a verification request. Learn More
When I use a different account, the error message is different:
This app hasn’t been verified to access:
{invalid=https://www.googleapis.com/auth/contacts}
Are you the developer? If this project needs these scopes, sign in to an account with access to edit your project and try again.
If not, contact the developer for help.
As per the announcement on May 11, 2017, publicly available applications with access to certain user data must pass review. If you see an access error for your app, submit a request using our OAuth Developer Verification form.
For personal-use apps and those you are testing, join the Google group Risky Access Permissions By Unreviewed Apps, which allows you to approve data access for personal and testing accounts. See the Google API Services User Data Policy for more information.
UPDATE: Corrected broken link to form.
I've created a test listing for Google Apps Marketplace (GAMv2) and have specified a setup url. When testing using the "TEST INSTALL FLOW" button, the authorization screen pops up and clicking the "Accept" button takes me to a popup that confirms the application has been added. There's a "Launch app" button and a "Manage app" link on this 2nd popup. The "Launch app" button goes to the setup url that I entered in the listing definition.
Isn't the install flow supposed to redirect there automatically? I've seen other questions where this behaviour seems to be working on and off:
Google Marketplace App Install Flow
Google Apps Marketplace SDK install does not forward user to Setup URL
Google app marketplace sdk setup url stopped working
There's also this page in the marketplace documentation which says it is supposed to redirect:
https://developers.google.com/google-apps/marketplace/eap/oauthwalkthrough
Are other people having this problem?
In v1 of the marketplace, yes, set up links were automatically included in the linear install flow. In the new install flow set up links are presented separately. They're presented to users, but there is no guarantee that that a user will click it. Even in V1 there were some cases where a user could end up bypassing the setup link.
There are some improvements that can be made to encourage admins to revisit the setup if they skipped it. In either case, apps should be tolerant of these cases and adapt.
My recommendation is to check on login and enter the setup flow if it hasn't yet been performed. You can use the licensing API to check if the domain has installed from the marketplace or not. If you need to enforce things like requiring admin permissions, you can add further checks to see if the current user is an admin for the domain and give non-admin users a polite message indicating the app isn't ready for them to use yet.
I’m new with the marketplace and I’m developing an application to replace google's login with my app, which uses strong authentication.
To use it you don’t need to install anything, it’s only a matter of configuration of your google app. When you try to access mail.google.com/a/yourdomain.com it will redirect to our application where the validation process occurs, and after validating it will return to google web site.
Same happens with logout and password change, you will be redirected to my app.
When a user needs to change the account password, we use google admin api to change it, of course, it requieres a previous authorization from a domain user with administration privileges.
Question is, how to publish an application like this on the market place?, I don’t see how to do it according to the new regulations from november 19th, for example, the application type and the fact that it should be an installable listing.
Someone who can give me a hint or example.
Thanks in advance.
Fernando.
--- EDITED --- to answer to Koma
The thing is, we already have the application, what we're doing now is to do some changes to make it ready to use it with google apps.
There’s an option in the security section called “set up single sign-on (SSO)” where you configure 3 URL’s for:
Sign-in page URL (URL for signing in to your system and Google Apps)
Sign-out page URL (URL to redirect users to when they sign out)
Change password URL (URL to let users change their password in your system; when defined here, this URL is shown even when Single Sign-on is not enabled)
When you a user needs to change your account’s password you will be redirected to our application (because google have delegated that responsibility to Us). There, through OAUTH and Google Admin API, we will change the password for your google user.
We want to be listed in google’s marketplace as a solution for strong authentication delegating that functionality to our application, but we don’t see how because the user that will use our solution doesn’t need to install anything, and according to what I understand we are forced to upload something to be listed
Does that make sense to you?
From what I read, you want to replace authentication with your own. That's not feasible with a market place app.
You need to implement a SAML identity provider
https://developers.google.com/google-apps/sso/saml_reference_implementation