danschultzer
commented
3 years ago Thanks! Looks like they have switched over to OIDC which should make integration easier, I'm working on a PR that I'll push soon.
Closed MMore closed 2 years ago
danschultzer
commented
3 years ago Thanks! Looks like they have switched over to OIDC which should make integration easier, I'm working on a PR that I'll push soon.
danschultzer
commented
3 years ago I've opened #97 to upgrade to OIDC. This change introduce a breaking change as the sub field no longer returns the team id along with it.
However testing this it still asks the user to authorize every time, even after setting prompt=login or prompt=none.
MMore
commented
3 years ago Hmpf, I've asked back:
I think I may have misunderstood what you meant about Slack always asking for permission. It should be the case that Slack will ask for permission to access the resource, and that permission remains until the session times out, in which case Slack will prompt again. Also, we may prompt again if the user is accessing another resource that is on a different endpoint. [...] Yes, based on what you're describing, the Slack sign in flow is unfortunately different from the other sign in flows that you're accustomed to.
Too bad that we can't change it.... Thanks a lot for your effort though, I'll have a quick look on your PR!
danschultzer
commented
2 years ago I've released v0.2.0 with Slack using OIDC instead of OAuth 2.0. Not sure if this can be resolved though 😞
Hello!
When a user uses the "Sign in with Slack" functionality to authenticate, Slack always "asks" for permission. That confuses users. Usually the identity provider asks once and just redirects on subsequent sign ins.
I've asked Slack Support about it and they said:
I just wanted to track it here first. Probably I'll have some time to dig deeper about that in Assent. Any feedback is welcome :)