Skip to content

Support Slack v2 OAuth in components #18744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 13 commits into
base: master
Choose a base branch
from
Draft

Support Slack v2 OAuth in components #18744

wants to merge 13 commits into from

Conversation

js07
Copy link
Collaborator

@js07 js07 commented Oct 13, 2025

WHY

js07 added 12 commits October 13, 2025 16:13
@js07
Update Slack actions to support Slack v2 OAuth
e68de1f 
- List users by real name in dropdowns
- List users by real name in action summary
- List files using bot token if available
- Get files using bot token if available
- Show configuration error if bot is not a member of the channel
- Add `addToChannel` prop to Send Message actions
- Check user's access to channel in message actions
- Use RTS API to search messages in Find Message action
- List only channels, not DMs, in 'file' actions
- List only channels, not DMs, in 'message' triggers
- Handle permission error fetching message in New Reaction trigger

Context:

In Slack's v2 OAuth flow, user access tokens and bot access tokens are
issued with separate scopes. User tokens are used to perform actions on
behalf of a user, while bot tokens are used for actions performed by the
app itself. To send a message to a private channel or DM, the bot must
be a member of that channel.

Due to permission restrictions, some endpoints require bot tokens for
access, such as viewing messages in DMs and listing files. As a result,
access to messages and files in DMs is no longer supported.
@js07
pass through as_user unless false and a bot token is available
2f2719a 
This allows us to support both existing and new Slack connections
created with Slack's v2 OAuth flow, with or without the deprecated
perspectival chat:write:user and chat:write:bot scopes:

| Slack auth | Token Types | Scopes                | as_user Values  |
|------------|-------------|-----------------------|-----------------|
| v1         | user        | chat:write:bot, :user | true, false     |
| v2         | user, bot   | chat:write:bot, :user | true, false     |
| v2         | user, bot   | chat:write            | true            |

In v2, when the chat:write scope is requested, it replaces
chat:write:bot and chat:write:user. Without the chat:write:bot scope,
as_user cannot be false; user tokens always post as the user, and bot
tokens always post as the bot. In v2, with or without the chat:write:bot
scope, we can use the bot token if as_user is false since it will have
permission to post as itself. And we MAY pass through as_user if it's
true since Slack allows it even when it's superfluous. However, we MUST
pass through as_user if it's true AND the user token still has the
chat:write:bot scope since otherwise the message will post as the bot
user instead of the user.

See:
https://docs.slack.dev/reference/methods/chat.postMessage/#legacy_as_user
@js07
refactor: simplify special case handling of API error
e5597ae
@js07
make addToChannel required for Send Message actions
3aa0773 
so it is shown in the component form by default so users aren't suprised
by the new invite behavior
@js07
don't throw error when adding app to channels fails
2126d8e
@js07
delete New Direct Message trigger
8eb39ec 
it's no longer supported for new auths since they will not have the
im:history scope
@js07
delete the Verify Slack Signature action
ce6dba8 
as requested by Slack
@js07
Use assistant search API in Find Message action
8b99a4e 
Fallback to search.messages API method if missing scopese
@js07
Support configuring base URL for Slack API requests
2476e2c 
Future-proofs Slack components to support proxying requests
@js07
update pnpm-lock.yaml
074b23e
@js07
minor refactor of bot token usage
ccc2353 
add/update logged messages when unable to add app to channel
@js07
Bump version numbers for Slack components to reflect recent updates
8717ff3 
The following components have new minor versions:

- delete-message
- find-message
- get-file
- list-files
- reply-to-a-message
- send-block-kit-message
- send-large-message
- send-message
- send-message-advanced
- send-message-to-channel
- send-message-to-user-or-group
- update-message
- new-keyword-mention
- new-message-in-channels
- new-user-mention

All other Slack components have new patch versions.
@vercel Vercel
Copy link

vercel bot commented Oct 13, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments
Project Deployment Preview Comments Updated (UTC)
pipedream-docs Ignored Ignored Oct 13, 2025 8:52pm
pipedream-docs-redirect-do-not-edit Ignored Ignored Oct 13, 2025 8:52pm

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 13, 2025

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch slack-v2-support

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@js07