We've migrated our app from the old marketplace to the new one. After a few days we've received an email that we don't comply with an SSO policy - the user is not recognized after he installs the application.
In the old app we had a specific setup link, that was opened for the user after he installed the app - thus making him recognizable. Is there such a function in the market? Is there some sort of a callback for the installation event in the new marketplace?
P.S. the guy from Google told me to post technical questions on Stackoverflow and that "Our developer relations team monitors that forum and will be able to assist you."
EDIT:
There's the Additional app setup link in this after-installation popup (which clearly no user will click):
Is there a way to call the URL that of the Additional app setup in the background, without needing the user to click an obscure link?
That was an intentional design change which is different than how it used to work in v1 of the marketplace.
If you need interactive setup, best thing to do is put in a check on login to see if the domain has been configured. You can use the licensing API to check for a marketplace install record or directory API to check user permissions if those matter for your use case.
If you just need to run a background task, you can periodically poll the licensing API to detect new installations of the app. This shouldn't be done too often, so if you need to do things before a user logs you're still better off going with a check on login to route them to the setup flow as needed.
Related
I am trying to download the history messages for a specific Slack app, let's say MLflow.
I found a few open-source tools on Github but none of them actually work for me. It seems that slack has disabled ways for non-admin to create the access token since May 2020. Is there any way for the scraping script to work without tokens? WHat else can I do now?
You can try the app called Backupery for Slack
Disclaimer: I'm the developer of the app and the app is not free, but a free trial is available.
The app can help you to export any conversation from your Slack workspace, including direct messages between you and an app. For example, if I need to export the conversation between me and Jira Cloud app, I just need to select the conversation and export it:
Please also note, the app will automatically create an access token for you. By default, Primary Owner, Owners, Admins and Full Members are allowed to install any applications for Slack (and create access tokens). However, a workspace Admin or Owner may limit installations to pre-approved apps - in this case you will not be able to use the app as it will not be possible to install it.
What is the best approach to manage app ownership in Slack?
Currently all devs in our team create their apps under their own Slack accounts. The risk with this is if they leave the company and their account gets closed then the apps they created will cease to work.
This must be a common solution but I couldn't find a definitive document with a good solution.
What would you recommend?
Here is what I would suggest for managing ownership of app development.
For this discussion we need to distinguish between
creating a Slack app
installing a Slack app.
Those are different concepts which need to be handled in different ways.
Creating a Slack app
A new Slack app is always created in a workspace and belongs to the user that created it. If that user leaves the workspace (or goes on a longer vacation) the Slack app can no longer be managed.
This risk can be mitigated by adding collaborators to every Slack app. Collaborators have the same rights (e.g. delete an app) and will keep their access when the initial creator is deactivated.
As the documentation states:
Slack apps are owned and contained by the team they are created on.
Slack apps may have multiple App Collaborators associated with it, and they can review & manage the application record. They can also add or remove other collaborators.
To further mitigate the risk of losing access to Slack app it might be prudent to create a dummy admin user that has to be added to every Slack app as collaborator. That way you won't loose access to your Slack app even if multiple users leave the workspace.
Installing a Slack app
When the creator or collaborator of a Slack app gets deactivated his app will automatically be uninstalled if he was also the installer. As it says in the documentation:
One caveat: this exception doesn't apply to the folks who created an
app or were added as an App Collaborator. When they leave, the app is
still uninstalled. Same goes for when an app uses additional scopes
beyond the ones listed above, taking on the behavior of a user.
One way to avoid this situation is to use a dummy admin account for app installation instead of the actual user.
I am a developer and to use the marketing API I must have an app. I have this app and it is currently in development mode. Is it necessary to make this app public?
My initial thinking was 'no' and I have been successfully using the API via this app for a while now and have not experienced any limitations until recently. When trying to change the status of an Ad to active I got an error message that suggests the problem could be due to the app being in development mode.
FWIW I am able to successfully change Ad status to paused most of the time, however, more often when I try to activate an Ad, it fails, although it does succeed sometimes. As such, I believe I am using the API correctly. It seems to be more of an Ad state issue, or, perhaps an app state issue. Most of the time the error messages I receive from the API are not helpful. I did get one today that suggests the possibility that my app needs to be public.
Here is the error just in case it helps:
[{"code":400,"body":"{\"error\":{\"message\":\"Invalid parameter\",\"type\":\"OAuthException\",\"code\":100,\"error_data\":{\"blame_field\":\"targeting invalid fbid 141898914497\"},\"error_subcode\":1487133,\"is_transient\":false,\"error_user_title\":\"Can't Set Exclusion Targeting\",\"error_user_msg\":\"You may not be able to select a connection to exclude in your targeting because you're not an admin of this Page or app, or because the app is in developer mode, or the event is in the past. If you want to run your ad with exclusion targeting, please request admin access from the owner of the Page or app or move your app out of developer mode to link it to the ad. If you want to select an event for exclusion targeting, please make sure the event end time is in the future.\",\"fbtrace_id\":\"Dqzily7dOQa\"}}"}]
Thank you for any help or insight into this issue.
Just to resolve this, the answer is no, the app does not have to be public in order to use the API. The problem turned out to be an access permission issue on the account in question.
We are working on a Slack app that doesn't work well when it is installed by a non-admin user. For example, if we invite a user to a channel using channels.invite we get a not_in_channel error (of course, when the installer user is not in the channel), what doesn't happen when the installer is an admin.
I see each team can configure who can install apps, but I don't see any option to indicate that the app must be installed by an admin user and throw an error if you aren't and admin of the team your are trying to install the app into. Is there a way to do that?
I think I found the answer. We need to ask for the admin scope.
Instead of asking for the admin scope I strongly recommend to ask for specific scopes (during installation) that the app needs to perform its functionality. e.g. for channels.Invite its channels:write.
Then the app also works when installed by a non-admin, provided that the user has the necessary permissions.
To learn more about the permissions system check out the official documentation on the topic.
I've created a test listing for Google Apps Marketplace (GAMv2) and have specified a setup url. When testing using the "TEST INSTALL FLOW" button, the authorization screen pops up and clicking the "Accept" button takes me to a popup that confirms the application has been added. There's a "Launch app" button and a "Manage app" link on this 2nd popup. The "Launch app" button goes to the setup url that I entered in the listing definition.
Isn't the install flow supposed to redirect there automatically? I've seen other questions where this behaviour seems to be working on and off:
Google Marketplace App Install Flow
Google Apps Marketplace SDK install does not forward user to Setup URL
Google app marketplace sdk setup url stopped working
There's also this page in the marketplace documentation which says it is supposed to redirect:
https://developers.google.com/google-apps/marketplace/eap/oauthwalkthrough
Are other people having this problem?
In v1 of the marketplace, yes, set up links were automatically included in the linear install flow. In the new install flow set up links are presented separately. They're presented to users, but there is no guarantee that that a user will click it. Even in V1 there were some cases where a user could end up bypassing the setup link.
There are some improvements that can be made to encourage admins to revisit the setup if they skipped it. In either case, apps should be tolerant of these cases and adapt.
My recommendation is to check on login and enter the setup flow if it hasn't yet been performed. You can use the licensing API to check if the domain has installed from the marketplace or not. If you need to enforce things like requiring admin permissions, you can add further checks to see if the current user is an admin for the domain and give non-admin users a polite message indicating the app isn't ready for them to use yet.