`tokens_revoked` event received after `app_uninstalled` event

matthewsecrist commented 3 years ago

Description

There are times that the tokens_revoked event will be received after the app_uninstalled event. If I delete the workspace configuration from my installation store when the app_uninstalled event happens, the tokens_revoked events will throw errors.

What type of issue is this? (place an `x` in one of the `[ ]`)

[x] bug
[ ] enhancement (feature request)
[x] question
[ ] documentation related
[ ] testing related
[ ] discussion

Requirements (place an `x` in each of the `[ ]`)

[x] I've read and understood the Contributing guidelines and have done my best effort to follow them.
[x] I've read and agree to the Code of Conduct.
[x] I've searched for any related issues and avoided creating a duplicate issue.

Bug Report

Filling out the following details about bugs will help us solve your issue sooner.

Reproducible in:

package version: 2.4.1

node version:

OS version(s):

Steps to reproduce:

Set up an app with both user and bot scopes, able to be installed with oauth (https://slack.dev/bolt-js/concepts#authenticating-oauth) and handle the app_uninstalled event by immediately deleting the workspace installation.
Install the app to your workspace.
Remove the app from the workspace (note, you may need to do this multiple times to trigger it)

Expected result:

I expect that the tokens_revoked events come before the app_uninstalled events.

Actual result:

It seems that the tokens_revoked events come after the app_uninstalled event, which means when they come in, the workspace configuration is gone, and errors are thrown.

Attachments:

20:15:37.994Z  INFO slack-app: Fetching installation for <REDACTED_TEAM_ID>
[DEBUG]  bolt-app ack() begin
[DEBUG]  bolt-app ack() response sent
POST /slack/events 200 2.643 ms - 0
20:15:37.996Z  INFO slack-app: Incoming event: app_uninstalled (type=app_uninstalled)
20:15:37.997Z  INFO slack-app: Deleting installation for <REDACTED_TEAM_ID>
20:15:38.253Z  INFO slack-app: Fetching installation for <REDACTED_TEAM_ID>
[WARN]  bolt-app Authorization of incoming event did not succeed. No listeners will be called.
20:15:38.255Z ERROR slack-app: Bolt error
  error: {
    "code": "slack_oauth_installer_authorization_error"
  }
20:15:38.272Z  INFO slack-app: Fetching installation for <REDACTED_TEAM_ID>
[WARN]  bolt-app Authorization of incoming event did not succeed. No listeners will be called.
20:15:38.275Z ERROR slack-app: Bolt error
  error: {
    "code": "slack_oauth_installer_authorization_error"
  }
[ERROR]  bolt-app An incoming event was not acknowledged within 3 seconds. Ensure that the ack() argument is called in a listener.
[ERROR]  bolt-app An incoming event was not acknowledged within 3 seconds. Ensure that the ack() argument is called in a listener.
20:15:41.330Z  INFO slack-app: Fetching installation for <REDACTED_TEAM_ID>
[WARN]  bolt-app Authorization of incoming event did not succeed. No listeners will be called.
20:15:41.332Z ERROR slack-app: Bolt error
  error: {
    "code": "slack_oauth_installer_authorization_error"
  }
20:15:41.425Z  INFO slack-app: Fetching installation for <REDACTED_TEAM_ID>
[WARN]  bolt-app Authorization of incoming event did not succeed. No listeners will be called.
20:15:41.427Z ERROR slack-app: Bolt error
  error: {
    "code": "slack_oauth_installer_authorization_error"
  }
[ERROR]  bolt-app An incoming event was not acknowledged within 3 seconds. Ensure that the ack() argument is called in a listener.
[ERROR]  bolt-app An incoming event was not acknowledged within 3 seconds. Ensure that the ack() argument is called in a listener.

stevengill commented 3 years ago

Hey @matthewsecrist

I have definitely run into this before. I wrote the OAuth package and the support for it in bolt-js. This isn't a bug in the library but an issue with how the platform dispatches events. I don't believe there are currently plans to fix this.

Question for you, what work are you doing during the token_revoked event and app_uninstalled event?

matthewsecrist commented 3 years ago

Reading those links, it makes sense.

@stevengill For the token_revoked, I remove the stored user configurations in the database, and for app_uninstalled, I remove the workspace configuration as well as associated user configurations, just to make sure everything is cleaned up.

slackapi / bolt-js