abdolence
commented
2 months ago Hey,
I don't think it is mysterious. I think Slack devs didn't intent that external application can use user session tokens.
Anyway, personally I can't see harm to support this undocumented way to work with Slack, so let's merge it. I'll do small refactoring myself in that place to get rid of unwrap calls - I prefer not to have them in the source code.
Thanks
User session token (
xoxc-...) requires a special cookie (d=xoxd-...) to be set for all requests. This PR adds support of setting a custom cookie to support such cookies.See https://papermtn.co.uk/retrieving-and-using-slack-cookies-for-authentication/ for information, as
xoxc-..tokens are mysteriously not documented in official Slack docs.