I've spent a couple of hours on that, and I think I'm going to become crazy!
I already did this kind of setup a year ago, but now, it's not working anymore. I'm just trying to get a xoxb token to use from my personal Slack bot on my personal workspace.
It should be easy, but I can't get it working. Each time I install the app, I have the notif on the Slack channel, but on the management side I don't have anything at all. Usually the button changes from Install to Reinstall, but mine stays stuck in Install.
If I add a OAuth permission under User Token Scopes, I can install the app but I only get a xoxp token. And even with my permissions under Bot Token Scopes, I don't have any xoxb token.
Am I missing something?
Thanks!
Late answer but still:
You have to click Install App to Workspace. For me it only created User OAuth Token. To get Bot User OAuth Token I clicked Reinstall to Workspace and only then it appears.
Related
I'm trying to create a bot that people can install in their workspaces and send/receive messages of some sort. The problem I'm running into is the documentation tells you to use the token generated for your workspace:
https://api.slack.com/bot-users#installing-bot
But this makes no sense, seeing as people would be installing the App/Bot on their workspace themselves, it's not like they would be giving me their token or anything. Surely I'm missing something. How am I meant to authenticate a bot against whatever workspace it is installed in a purely API driven way?
There is no "workspace agnostic" Slack token. Every token is linked to a specific workspace and user.
The usual approach is that you provide an installation routine with Oauth 2.0 for your Slack app. When someone installs your app with that routine a new token is created internally that your app needs to collect and store. This is how every Slack app works.
Note that the installation has to be done once only for each workspace. The token does not expire.
Its simply when you install your Slack app on your own workspace only. That can be done directly from the Slack app management window and requires no installation routine. But then you obviously need to manually copy the generated token to your app.
I have been making a slack app for the users on my workspace. It is a sidebar that adds slack messaging functionality to our website, so that we don't have to leave the site to see our slack messages. I am having trouble trying to get bearer tokens for each user.
What I have been doing so far is following the Slack OAuth 2.0 Authentication flow in order to receive tokens for users. This worked for me in testing and it works for some of our users currently. However, some users see something completely different.
Instead of asking them for permission to use their slack profile, the slack.com/oauth/authorize is telling them they can't install the app because it isn't listed in the slack directory. However, this page should not be installing the app to the workspace. It is already installed. It should just be asking for their permission to use their profile.
Am I using the wrong page? Did I miss something I need to do?
The Oauth process in Slack is not only used to get an access token, but also always is regarded as installation process for the respective Slack app. So your users are basically (re-) installing your Slack app each time they run through the Slack Oauth process. This is the standard behavior and can not be changed.
If you want to continue using this process you can simple enable installation for your Slack app on the workspace for all users (click on approve on the app management page of your workspace for this particular app) and then your users will no longer get the error message. You may also need to enable distribution of your Slack app on the app management page.
Btw. installing the same Slack app by multiple users is the default approach for getting access tokens for individual users. Slack calls those additional installations "configurations" and you can see them listed on the app ages for your workspace.
Note that Slack access tokens obtained from the Oauth process do not expire. So you only have to let the user install your Slack app once and then store the Slack access token for the next time.
We are facing the below screen when trying to authenticate to Google. The app that we are trying to authenticate is used for internal development and we did not publish it to our users.
Any idea why this occurs?
We faced an Unverified App screen before (as below) but now the authentication is disabled.
OAuth Client Verification
Starting July 18, 2017, Google OAuth clients that request certain sensitive OAuth scopes will be subject to review by Google.
OAuth Client Verification
Starting July 18, 2017, Google OAuth clients that request certain sensitive OAuth scopes will be subject to review by Google.
Review is not required if you are only using it under the same account as created the project in Google Developer console. You can read more about this change in this help center article.
This change applies to Google OAuth web clients, including those used by all Apps Script projects. By verifying your app with Google, you can remove the unverified app screen from your authorization flow and give your users confidence that your app is non-malicious.
Once you have applied for verification it takes around a week and it should start working.
I found this thread some time ago when this happened to us in our development project on Google Cloud Platform.
You can use a project for development without verification. No problem on that. But there are some limitations (more information here and here). Basically, we reached the limit of 100 users accessing the application. It was strange because we were testing with few accounts (5-6) until we found that, if you uninstall and install the application again, it counts as a new user. We were testing incremental authorization, so we uninstalled/installed the application a lot of times and we reached the quota.
When you reach this limit, you will see the message "Sign in with Google temporarily disabled for this app" and only users from the organization where the project is hosted can access the application. So we couldn't make test with our accounts from a demo domain or our Gmail accounts.
The only solution available was to pass the OAuth verification form (even if you didn't want to publish the application), but there were problems to do it. For example, it was mandatory to remove http://localhost from valid OAuth URLs. And more problems related with development.
❗ But this has changed recently. I have accessed to OAuth credentials screen in Google Cloud Platform (APIs & Services > Credentials > OAuth consent screen) during this week and now the page it's different. Now you don't need to specify "Authorised JavaScript origins" and "Authorised redirect URIs", you just need to specify your scopes for Google APIs and the Authorised domains. Then, at the bottom of the page you will find the button "Submit Verification" and the process will start. You will also find some information on the right:
About the consent screen
The consent screen tells your users who is requesting access to their data and what kind of data you're asking to
access.
OAuth Developer Verification
To protect you and your users, your
consent screen may need to be verified by Google. Without
verification, your users will see an additional page indicating that
your app is not verified by Google.
Verification is required if
Your application type is public, and You
add a sensitive scope Verification may take several days to complete.
You will receive email updates as it's processed.
Saving without publishing
Even though your consent screen is
unpublished, you can still test your application with users with the
following limitations:
Sensitive scopes are limited to 100 grant requests before verification
is required
Users see an additional page indicating that your app is
not verified by Google.
To include "Authorised Javascript Origins" and Authorised redirect URIs" you need to go to APIs & Services > Credentials and there click on your OAuth 2.0 client ID. There will be a form where you can add them.
In our case it took 1 day to get a response from Google. In the email there were some instructions to pass the verification. We had to reply the email with a video uploaded on YouTube addressing the following points:
How does user sign-up on your app and grants access to the sensitive scopes requested in verification?
OAuth consent screen as seen by end users
How does your application use the requested scopes to provide services to developers?
A test account email and the password for us to test the user sign-up process and validate the project's functionality.
We recorded a video showing points 1, 2 and 3 and sent them a test account for number 4.
After 1 day, we got another response from Google confirming that our project had been verified.
So finally the problem was solved! 🙂
I hope this could help people in the same situation. It was really annoying for us.
I had to go into my Google Apps Script settings and turn on the "Google Apps Script API" setting. Then I tried again, and the script executed correctly without issue.
I had used the script a couple of weeks ago and it worked fine, so something must have happened between then and now that changed it... Not sure what caused that setting to switch.
I need to create a slack token that would last for a very long period but all i can find are the test tokens and i don't know how to they even last for i tried to search in their documentation but all i could find were the bot tokens and test tokens, your help is very much appreciated, I used facebook's API and they got a way to generate a never expiring token is that available in slack?
As far as I know all of the tokens you can generate (and also those you receive when a team installs your app via OAuth) do not have an expiry date.
They are active for an indefinite amount of time.
You should be able to use them however long you want.
I am integrating the facebook SDK in my application for ios. When the user login via facebook I am getting the token, and using it to authenticate the user in my app. The token will also be used to get the user information and validate the user on the server.
My question is this:
If the user login using facebook with the same account but on another device.
1) A new token will be send for him?
2) if so, what happen to the old one? does it get expired?
I know I can test and see what happens but we are still in the planning phase and we can't afford to spend time on implementing tests. Searching on google about this issue didn't result in any clear answers. So I would appreciate if someone has info about it
Thanks a lot
To answer my own question in case someone is looking for it
1) A new token get sent
2) The old token still works