1) It looks like a 3rd party is in control of the slack redirect when requesting an OAuth token for your account. This has the client scope which means it has access to pretty much everything. Is it possible to run this redirect service ourselves on a server we can control?
2) There is telemetry being utilized that sends data to mixpanel. From looking at the code it does seem possible to turn this off and we would need to make sure that is the case.
1) It looks like a 3rd party is in control of the slack redirect when requesting an OAuth token for your account. This has the client scope which means it has access to pretty much everything. Is it possible to run this redirect service ourselves on a server we can control?
2) There is telemetry being utilized that sends data to mixpanel. From looking at the code it does seem possible to turn this off and we would need to make sure that is the case.