search

HubSpot / slack-client

An asynchronous HTTP client for Slack's web API
Apache License 2.0
114 stars 53 forks source link

Query parameter authentication fails for new Slack apps #248

Open lightbody opened 2 years ago

lightbody commented 2 years ago

Much of this API client relies on passing in the token as a query parameter (?token=...). We have found that Slack has stopped supporting that method of authentication for any newly created app, though interestingly is still supporting it if the app was created at some point in the past.

For a specific example, we've seen it reliably with users.profile.get:

https://api.slack.com/methods/users.profile.get

The authentication works fine using the officially documented approach:

Tokens should be passed as an HTTP Authorization header or alternatively, as a POST parameter.

And it also works using the query parameter approach by this client for "legacy" apps, but it definitely does not work for newly created apps.

I'll also note: the API docs now indicate that users.profile.get should be a GET while this client uses POST. It wouldn't surprise me if that is related and/or will also be an issue down the road.

bbaga commented 2 years ago

I just ran into this issue as well.