Is there a receiver that supports web platform compatible Request/Response?

[gr2m]

I'm looking into creating a distributed Slack app that is deployed using Netlify. My understanding is that this means I need some kind of database to store the installations, as the app cannot retrieve an installation token using its app credentials and a team ID - or is there?

For the datastore I want to try out Netlify's own Blob API. That way I don't need to introduce yet another vendor

The problem I'm running into now is

• Using Netlify Blobs requires the new Netlify Functions v2 API: https://www.netlify.com/blog/introducing-netlify-functions-2-0/
• I don't know how to make the function that is handling all the Slack Install/OAuth Redirect/Events/Commands requests compatible with Netlify's new API. I think it's similar to what edge functions are doing or the browser native service worker API where I receive a web-platform compatible Request object and am expected to return a web-platform compatible Response object.

Is there an existing receiver I could use for that?

Here is my work in progress of making my existing demo GitHub+Slack integration a distributed Slack App: https://github.com/gr2m/github-app-slack-demo/pull/51

In particular, this is the Netlify Function I use for slack interactions: https://github.com/gr2m/github-app-slack-demo/blob/oauth-callback/netlify/functions/slack/index.js

I'd appreciate any help or advice 🙏🏼

[seratch]

Hi @gr2m, thanks for asking the question!

If you want to continue using bolt-js, the only solution is to use ExpressReceiver like you're already doing. Bolt's Receiver interface design does not fit the simple async function (Request) -> Response requirements, so unfortunately there is no chance to implement a straight-forward custom Receiver for it.

If you're open to exploring alternatives, one solution could be my personal project that fits your use case best: https://github.com/seratch/slack-edge

I hope this helps.

[filmaj]

To better answer your question, can you elaborate on what you mean by:

distributed Slack app

The 'distributed' term is loaded at Slack, so I want to make sure I understand.

My understanding is that this means I need some kind of database to store the installations, as the app cannot retrieve an installation token using its app credentials and a team ID - or is there?

In bolt land we have a concept for this: Installation Store. You can read more about this in the Authenticating with OAuth bolt docs. This enables 'distribution' of your app to multiple workspaces - even in a self-serve, install-on-demand manner by end-users - by providing bolt app developers an interface for storing installation data. Crucially, this data contains per-workspace access tokens issued to your app. When reacting to workspace-events, your app needs to be able to retrieve the workspace-specific tokens. Bolt relies on Installation Stores to resolve this lookup.

[gr2m]

@seratch

If you're open to exploring alternatives, one solution could be my personal project that fits your use case best: https://github.com/seratch/slack-edge

do you by chance know out of hand if any of the adapters would work with Netlify's edge functions? I think they use Deno under the hood? And does it support the OAuth install flow with the installation store API I can hook into?

[gr2m]

distributed Slack app

The 'distributed' term is loaded at Slack, so I want to make sure I understand.

I mean that I want my app to be installable on workspaces other than the one I registered the app in.

In bolt land we have a concept for this: Installation Store

Yes I saw that. Just want to confirm the second part of my question: I need some kind of data persistence if I want to use the OAuth install flow, correct? There is no way for an app to use e.g. an app-level token and a team_id to create an OAuth bot token on-demand?

[filmaj]

That's correct, the choice and responsibility of persistence mechanism is yours; slack simply offers the installation store as an interface. Bolt JS also provides two implementations of this interface, an in-memory one and a file one, but these are not recommended for production.

[gr2m]

And an OAuth bot token cannot be created programmatically once an app is installed in a workplace, correct? I can only receive the token once at the end of the OAuth install flow?

Basically I wonder if there is an equivalent of GitHub's API to create an installation access token for app installations: https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#create-an-installation-access-token-for-an-app

[filmaj]

There is no such equivalent. All token issuances are mediated by Oauth v2. Have a read through https://api.slack.com/authentication/oauth-v2, especially the section on token revocation. If for example the user who initially installed your app to a workspace is deactivated, the token for that workspace will be revoked. Additionally, since app scopes can shift over time, we prefer to let the full Oauth flow dictate access tokens.

[gr2m]

Thanks! I'll close the issue as there is nothing actionable left for the team.

[seratch]

@gr2m If you mean installation store using Netlify's blob store for slack-edge apps, you can implement your own like this one: https://github.com/seratch/slack-cloudflare-workers/blob/main/src/kv-installation-store.ts As for the function that handles a request, the example code on README should work without any adatper code.