I am creating a slack bot and want to be able to link the slack user with the github account.
Is there a way I can link the 2 either via slack or github API's?
I was thinking if of storing users slack username and github username in a JSON object, i.e.:
{
"slack_username": "JoeBlogs",
"github_username": "JoeBlogs123"
}
In order to do this, I would need to retrieve the users' username from slack API when the user authorises the app / bot.
I was thinking if I add a redirect_url to my slack app then it would redirect user to http://example.com/redirect if the users data is sent along to this redirect url, I would be able save it in a database of sorts.
If I then did the same with the github API then I could reference database in order to find slack users JoeBlogs github account and vice versa.
Is it possible to use the redirect_url like this? I couldn't see any user data being sent to but maybe it is nested somewhere I couldn't see it?
Is there a better way to link the 2 accounts?
Assuming you are using Install button to install your Slack app into the workspace, this is a payload which will be sent to your response_url:
{
"access_token": "xoxp-XXXXXXXX-XXXXXXXX-XXXXX",
"scope": "incoming-webhook,commands,bot",
"team_name": "Team Installing Your Hook",
"team_id": "XXXXXXXXXX",
"incoming_webhook": {
"url": "https://hooks.slack.com/TXXXXX/BXXXXX/XXXXXXXXXX",
"channel": "#channel-it-will-post-to",
"configuration_url": "https://teamname.slack.com/services/BXXXXX"
},
"bot":{
"bot_user_id":"UTTTTTTTTTTR",
"bot_access_token":"xoxb-XXXXXXXXXXXX-TTTTTTTTTTTTTT"
}
}
See for details.
Then, using access_token in combination with users.identity API method you will get basic information about Slack user (playing with the scopes you requested during the install process you can get different fields of Slack user identity).
Related
Use case
I have JIRA where users can create issues/cards. Whenever a user creates the card, I would like to mention the creator in the slack channel.
I created a slack bot and webhook URL. Added the webhook URL in JIRA and it's sending the message.
Message that will be sent from JIRA
Hi, <#issue> ,
Please look into this issue `{{issue.summary}}`
{{issue.url.customer}}.
Reporter - {{issue.reporter.emailAddress}}
JIRA can give me only the reporter email address, but to mention the user in slack i need the user id of slack.
Is there any way we can achieve the same?
There is this API : users.lookupByEmail
you can use this to fetch userId, but given that you are using just Webhook URL, you'll need to implement additional code.
I'm building my first Slack bot and I've got the basics mostly working... sending API requests, receiving commands and events, etc. But the part I'm left a bit confused about is what I'm supposed to do with the "Bot User OAuth Access Token".
The token appears to be shared across teams/workspaces, but it is returned to be during authentication of individual users with a call to /oauth.v2.access. Currently I'm storing the returned credentials payload in a table that has three columns:
My app's internal user ID
The Slack user ID embedded in the payload as authed_user.id
The entire JSON payload itself (jsonb in postgres if you're curious)
This allows me to initiate new API calls for actions that take place in my app (find by internal user ID) and also for interactions within Slack (find by Slack user ID).
What has left me a bit puzzled is what the convention is for when a user interacts with my bot that hasn't added my app. This can happen when a person ("Jose") adds my app and then their colleague ("Mary") discovers it in Slack and views the home screen, sends it a message, etc.
In order to take some action, such as prompt for the user to install my app, I need a token. Of course I have a token for Jose but not for Mary. I also have Jose's team ID stored in my table and Mary's team ID as part of the incoming event. So technically I could do something like this to get a working token to interact with Mary:
select credential_json from slack_credentials
where credential_json->>'type' = 'bot' and credential_json->'team'->>'id' = :marysTeamId
... which would pull out the bot token I captured when Jose added the app. This works, but it feels very wrong. I suppose if I just stored bot tokens in a separate table that looked like this:
The Slack team ID embedded in the payload as team.id
A subset of the JSON payload (ex: access_token, scope, bot_user_id, etc but not authed_user)
Then it wouldn't feel so yucky. But the docs + API ergonomics don't suggest this is a common approach either. So I'm curious what others do. If I don't hear anything back, I suppose my plan is to break out the bot tokens into a team-centric table.
Thanks!
The basic concept of Slack apps is that they are installed per workspace, not per user.
So while it's true that the app's token is derived from the user who installed your app to a new workspace, most the apps function are available to all users of the workspace.
e.g. slash commands will work for every user in every channel
e.g. posts of your app will be visible to all users of the related channel.
Therefore the best approach for storing tokens usually is with a primary key of Slack Team ID, Slack User ID.
And just to clarify. You do not need a token to prompt a user to install you app. Every app can be installed from webpage hosted by you (with the "Add to Slack button") or directly from the App Directory.
I am attempting to open a DM (Direct Message) with an arbitrary user using the im.open Slack API call. I am sending it a user's user_id that I obtain through their clicking of a consent button in order to begin a series of questions. I am sending data to the Slack API successfully along with receiving data. I am getting the following response...
{
"ok": false,
"error": "missing_scope",
"needed": "im:write",
"provided": "identify,incoming-webhook,chat:write:user,files:write:user",
}
I have went into the application's page and changed the scope of the app (I am not the owner, but have been given collaborator permissions by my team lead (the owner)). These are the current permissions...
I apologize for the poor quality of the image. The scopes are as follows...
identify
incoming-webhook
chat:write:user
files:write:user
im:write
After this change, I am still getting the same response from the Slack API. The following is what I am sending them (it's my user_id, and I don't mind).
{
"user": "U94155Z43"
}
Any help is appreciated. Thanks.
I needed to use the bot token "xoxb" instead of the user token "xoxp" which I had used for all other slack api calls.
Is it possible to get a twitter account's username from an instance of the Twitter REST client? Specifically, I would like to get the name for the twitter account associated with the client's access tokens and secrets.
I searched through the twitter gem documentation on rubydoc and looked at the Twitter API user object documentation but wasn't able to solve the problem. I did try using client.attributes, client.to_h and client.screen_name, but received an unknown method error.
For context, I'm currently working on a twitter bot that auto-replies to hashtags when it is looped into a conversation. We want to prevent the bot from tweeting at itself, so we are currently hard-coding in the bot name as an account not to tweet at. It would be helpful if we could replace the hard-coded name with something like client.account_name.
Thanks for reading.
Taking a look at the documentation for the client object of the twitter gem says it has a user method (Methods included from Users section) [1]. The documentation for the user method states it returns a Twitter::User object of the currently authenticated user [2]. This class inherits from BasicUser which is where the screen_name method exists [3].
client.user.screen_name
http://www.rubydoc.info/gems/twitter/Twitter/REST/Client
http://www.rubydoc.info/gems/twitter/Twitter/REST/Users#user-instance_method
http://www.rubydoc.info/gems/twitter/Twitter/BasicUser
You say
I would like to get the name for the twitter account associated with the client's access tokens and secrets
and
We want to prevent the bot from tweeting at itself, so we are currently hard-coding in the bot name as an account not to tweet at.
If I understand you correctly, you want to find out which application was used to send a tweet - so you can filter it out?
In each tweet, you will find an attribute called source. This shows which app the user sent the tweet with.
For example,
"created_at": "Sun Mar 11 11:25:05 +0000 2018",
"source": "\u003ca href=\"http:\/\/twitter.com\/download\/android\" rel=\"nofollow\"\u003eTwitter for Android\u003c\/a\u003e",
"in_reply_to_status_id_str": "972414342166654976",
That Tweet was sent using Twitter for Android's API keys.
And in this example:
"source": "\u003ca href=\"http:\/\/shkspr.mobi\/blog\/tag\/solar\/\" rel=\"nofollow\"\u003eEdent's Solar Panels\u003c\/a\u003e",
"in_reply_to_status_id": null,
The Tweet was sent from my personal API key.
Give your API key a unique name and URL. When you retrieve Tweets, check the source parameter, and don't reply to any which have been sent using your access token and secret.
I'd like to add a new user to ASANA programmatically. I already have the OAUTH App and the user token.
Looking at the API I can't find a way to "create a new user".
Is it possible to create a new user simple via API?
Otherwise, is it possible to "invite" a new user via given email? Like from the UI where you can put the EMAIL and the system send an invitation link!
I tried with:
https://app.asana.com/api/1.0/workspaces/[WORKSPACEID]/addUser?user=[NEW USER EMAIL]
But I get a BAD REQUEST in response:
{
"errors": [
{
"message": "Could not parse request data, invalid JSON",
"help": "For more information on API status codes and how to handle them, read the docs on errors: https://asana.com/developers/documentation/getting-started/errors"
}
]
}
Thank you very much
I've never tried to do that specifically, but recently I did attempt to add members to a project through the API. There was nothing in the documentation about it, and I was told that it wasn't a supported API operation.
I would guess that if there's no mention of this feature in the documentation that it's also not supported for a similar reason.