We are rebuilding our Slack APP using the new oAuth v2. The issue with v2 is that the conversations.list API only returns public channels, not private channels.
The scope we set is: channels:read,groups:read,mpim:read,chat:write,usergroups:read
The API method is : https://slack.com/api/conversations.list?type=public_channel,private_channel,mpim
Everything works with v1. But when we use a token granted by the v2 Oauth, the conversations.list only returns public channel. I suspect it is a problem with the scope, but its doc says that the usergroups:read is the right scope for getting private channels.
Has anyone had the same issue?
Anwser: use the user token staring with xoxp instead of bot token starting with xoxb. With Oauth v2, the user token is in [authed_user][access_token], and the bot token is returned directly as [access_token] in the json response.
Related
I created a new app registration and set scopes for Application.Read.All and User.Read.All. I exposed one custom scope as access_as_user. Using v2 token endpoint still giving v1 tokens that is the main issue now.
v1 token endpoint: https://login.microsoftonline.com/tenantid/oauth2/token
v2 token endpoint: https://login.microsoftonline.com/tenantid/oauth2/v2.0/token
Both endpoints giving tokens with same version i.e, version 1.0 Why so?
If I registered multitenant applications then it is giving tokens with version 2.0 with both endpoints.
My requirement is to get v2.0 tokens for single tenant applications. Any way to achieve this?
I tried to reproduce the same in my environment and got below results:
I registered one single tenant application and granted API permissions like below:
When I checked the Manifest of this application, accepted token version is null as below:
I generated the token for custom scope using v2.0 token endpoint via Postman like below:
POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:client_credentials
client_id:<appID>
client_secret:<secret>
scope: api://xxxxxxxxxxxxxxxxxxx/.default
Response:
When I decoded the above token in jwt.ms, token version is 1.0 as below:
To get v2.0 token, you need to change your application's Manifest like below:
When I generated the token again and decoded it, I got the token version as 2.0 as below:
In your case, change the accessTokenAcceptedVersion to 2 in your Manifest's file and generate the token again.
I am trying to Authorize via OAuth with Trello and I can't seem to get it right, even in postman.
I have followed their API docs and have got myself a developer key and I have used a little link they have in this article to get a valid auth token.
I tried including the API key and Auth token in the header and (in a separate test) in the body, as per their documentation.
Everything I try results in "unauthorized permission requested".
What am I doing wrong?
Ok so I had obviously made a mistake when trying the Header route.
It works now if I provide a header key called Authorization and the API key and Auth Token in the following format OAuth oauth_consumer_key="{{apiKey}}", oauth_token="{{apiToken}}".
I have my app in LinkedIn with all four default application permissions ticked. I am able to consume API v1 perfectly. When I authenticate with oAuth 2.0, my authentication is successful and I get auth2_token but I am not able to call the below endpoint.
https://api.linkedin.com/v2/me
Header: X-Restli-Protocol-Version : 2.0.0 Authorization : Bearer (
auth2_token )
I get the error
{
"serviceErrorCode": 100,
"message": "Not enough permissions to access: GET /me",
"status": 403
}
Am I missing something here?
I couldn't get access to https://api.linkedin.com/v2/me either but you can use the following URL sample to retrieve the data you need:
GET https://api.linkedin.com/v1/people/~:(id,num-connections,picture-url)?format=json
The available fields can be found here: LinkedIn basic profile fields
To access https://api.linkedin.com/v2/me, you need to have access to v2 API.
As of 14th of Jannuary or Linkedin Applications will automatically have access to v2 API.
As of March, 1st, Linkedin is going to deprecate its v1 API, so the call https://api.linkedin.com/v1/people/~:(id,num-connections,picture-url)?format=json will no longer work.
I am trying to get a list of all channels (public and private) to which I can post messages.
I am getting a list of public channels using channels.list and it is working well. It is returning me all the public channels to which I can post.
I am trying to get a list of private channels by using groups.list. The call is returning an OK response, but I am not getting any results.
I have created a private channel. I am the only member. This channel is not being returned by the group.list API call.
I have groups:read and channels:read oauth scopes.
This is being done using the Slacker python library.
Even the following curl call does not return me any private channels:
curl --data "token=xoxb-REDACTED" 'https://slack.com/api/groups.list'
How can I get a list of private channels I am part of using the Slack API?
UPDATE:
If I use the dev token in the above curl call, it does correctly return me my private channels.
When I look inside of Slack at the integrations, I see the integration with my dev app. It says that the dev app can Access information about user’s private channels, granted by 1 team member (among others). Something is amiss and I don't know where. It seems that the oauth token has an issue, but I don't know what.
The problem is that I was also requesting the bot oauth scope. When Slack finished authorizing my app, it was issuing a personal token and a bot token. The bot token does not have access to the private channels, while the personal one does.
I have made a slack app in which I have a bot. I have selected channels:history, channels:read, channels:write under my permission scope, and also I have passed scopes
"scope":"bot channel:history channel:read channel:write"
while doing my oauth2 verification (using python), and I got a response where the scope is
"scope":"identify,bot,channels:history,channels:read,channels:write"
along with client and bot access tokens.
Now when I do an api call to fetch history of a channel in which my bot is invited to, I get
{
ok: false,
error: 'missing_scope',
needed: 'channels:history',
provided: 'identify,bot:basic'
}
Can someone please tell me where I am going wrong. How can I PROVIDE the channels:history scope in my api call. This is really driving me nuts. Should I be using the client access token, ie xoxp-xxxx, instead of bot token, ie xoxb-xxxx ?'
Thanks!
For people having this problem in the future;
your integrated bot has full access to the slack api, whereas a bot in a slack app don't, as it will used publicly. When you successfully finish oauth2, you should get 2 tokens, user access token and bot token. The user token is used to read history from any channel/groups, and the bot access token is used to write to them. This means you constantly have to be switching from user token to bot access token in your app.
Also, remember that bot-user MUST be a member of a private channel which you want him to connect to.
Hope that helps.
Ps, if any found a better way going about this, feel free to answer below.
Since you did not mention it: You also need to specify all required scopes on the admin page for your Slack app under "Oauth & Permission Scopes".