Hidden profile fields in Bolt.js

[nachtgold]

Description

I played around with https://api.slack.com/methods/users.profile.get and user and bot tokens because the users.profile:read scope exists for both. I found out, that the user token also returns hidden profile fields and the bot token doesn't (I didn't found anything about that in the webs/docs).

I like to see and use the hidden fields but Bolt.js is normally initialised with the bot token.

What is the preferred way in Bolt.js to work (read/set) with hidden profile fields?

What type of issue is this? (place an x in one of the [ ])

• [ ] bug
• [ ] enhancement (feature request)
• [x] question
• [ ] documentation related
• [ ] example code related
• [ ] testing related
• [ ] discussion

Requirements (place an x in each of the [ ])

• [x] I've read and understood the Contributing guidelines and have done my best effort to follow them.
• [x] I've read and agree to the Code of Conduct.
• [x] I've searched for any related issues and avoided creating a duplicate issue.

[mwbrooks]

Hey @nachtgold, thanks for reaching out and it's great that you're playing around with Bolt.js 👋🏻

You're correct that the Bot and User Tokens will return different profile data. You can also add additional user scopes, such as users:read.email to access more detail specific profile info.

If you want to access specific profile data then you'll need Bolt to manage User Tokens. You can do this by implementing the OAuth Authorization and use the Installation Store to store the user tokens into your database. Bolt can do a lot of the heavy lifting for you to help you out. If you're just testing things out and not ready for a database, then you can also start with the built-in file store.

Here are two working examples of Bolt.js using OAuth:

• https://github.com/slackapi/bolt-js/tree/main/examples/oauth
• https://github.com/slackapi/bolt-js/tree/main/examples/oauth-express-receiver

Hope that helps! Michael

[nachtgold]

Hi @mwbrooks, ok thank you for your clarification. I thought, I can prevent implementing OAuth by using the Slack app provided generic user token.

[nachtgold]

Hi @mwbrooks App.ts#L1457-L1459 is selecting botToken if it is there. So I cannot use API with a userToken, because a botToken is always there.

Is it a good idea to change that method to select user before bot?

Because I found no API, which is only able to be queried with a bot token. But, as you confirmed, sometimes the resultset changes based on the token type. Is it worth to write a smarter token selection?

Update: it isn't a good idea to just switch the tokens, because now the bot is talking in my name 🙃 Update2: I use token: context.userToken in every api call now, where I want to force a specific token