search

jsmestad / ueberauth_slack_v2

Slack OAuth V2 Überauth strategy that supports Bot and User tokens
MIT License
2 stars 8 forks source link

user_scope #1

Open chasers opened 3 years ago

chasers commented 3 years ago

Hey thanks for this!!

I can't seem to get user_scope to be generated when set via the config or when passing it via a url param. It's always null. I'm probably doing something wrong, but it looks like you have default_users_scope in the module doc and default_user_scope here: https://github.com/jsmestad/ueberauth_slack_v2/blob/master/lib/ueberauth/strategy/slack_v2.ex#L34

jsmestad commented 3 years ago

@chasers what do you have in your config?

For example here one from a project of mine:

config :ueberauth, Ueberauth,
  providers: [
    slack:
      {Ueberauth.Strategy.SlackV2,
       [
         default_scope: "",
         default_user_scope:
           Enum.join(
             [
               "chat:write",
               "users.profile:write",
               "users:read",
               "users:write"
             ],
             ","
           ),
         callback_url: Environment.get("SLACK_CALLBACK_URL")
       ]}
  ]
chasers commented 3 years ago

No need to support me on this really, it all works if I handroll the auth url ... it looks like it's generating the scopes correctly. Every time I touch oauth stuff I need to relearn it 😭. TL;DR when I use Ueberauth to generate the auth url it tries to auth the bot in the callback phase.

I'm trying to reimpliment the Slack sign in stuff...

When using Ueberauth to generate the auth urls I'm redirected to:

https://slack.com/oauth/v2/authorize?client_id=689539426144.1542831573764&redirect_uri=http%3A%2F%2Flocalhost%3A4000%2Fauth%2Fslack%2Fcallback&response_type=code&scope=app_mentions%3Aread&user_scopes=identity.basic%2Cidentity.avatar%2Cidentity.email%2Cidentity.team

So that actually seems to generate the correct scopes ... apologies. But it looks like it's trying to authenticate the bot and not the user because I get this from the callback phase.

%Ueberauth.Auth{
  credentials: %Ueberauth.Auth.Credentials{
    expires: false,
    expires_at: nil,
    other: %{
      has_2fa: nil,
      is_admin: false,
      is_owner: false,
      is_primary_owner: false,
      is_restricted: false,
      is_ultra_restricted: false,
      team: "Logflare",
      team_domain: nil,
      team_id: "TL9FVCJ48",
      team_url: "https://logflare.slack.com/",
      user: "logflare_staging",
      user_id: "U01FSS3ADM0"
    },
    refresh_token: nil,
    scopes: ["users:read", "incoming-webhook", "commands", "app_mentions:read"],
    secret: nil,
    token: "xoxb-689539426144-1536887353714-VJqwaM8chs6gLNrXexpTS5Sr",
    token_type: "bot"
  }

But when I roll my own authorize url it all works:

https://slack.com/oauth/v2/authorize?client_id=#{Application.get_env(:ueberauth, Ueberauth.Strategy.SlackV2.OAuth)[:client_id]}&install_redirect=update-to-granular-scopes&scope=&user_scope=identity.basic,identity.avatar,identity.email,identity.team&redirect_uri=#{LogflareWeb.Endpoint.url() <> "/auth/slack/callback"}&state=

My config looks like this:

config :ueberauth, Ueberauth,
  providers: [
    github: {Ueberauth.Strategy.Github, [default_scope: "user:email"]},
    google: {Ueberauth.Strategy.Google, []},
    slack:
      {Ueberauth.Strategy.SlackV2,
       [
         default_scope: "app_mentions:read",
         default_user_scope: "identity.basic,identity.avatar,identity.email,identity.team"
       ]}
  ],
  json_library: Jason
jsmestad commented 3 years ago

@chasers let me know if you hit any other issues. I have some commits on master to try and iron out how to parse the new Slack v2 data in all cases. I am sure there are a few changes to the OAuth::Client-related code that are unhandled.