search

slackapi / bolt-python

A framework to build Slack apps using Python
https://slack.dev/bolt-python/
MIT License
1.06k stars 245 forks source link

Incorporating django example in my app #1009

Closed emilmajkowski closed 7 months ago

emilmajkowski commented 9 months ago

Hello,

I have incorporated slack-bolt Django example in my Django project. I can successfully install the app using /slack/install. However, I have challenges with customisation.

My app is initialised as in the django example

app = App(
    signing_secret=signing_secret,
    oauth_settings=OAuthSettings(
        client_id=client_id,
        client_secret=client_secret,
        scopes=scopes,
        user_scopes=user_scopes,

        # If you want to test token rotation, enabling the following line will make it easy
        # token_rotation_expiration_minutes=1000000,
        installation_store=DjangoInstallationStore(
            client_id=client_id,
            logger=logger,
        ),
        state_store=DjangoOAuthStateStore(
            expiration_seconds=120,
            logger=logger,
        ),
    ),
)

Challenge 1:

I would like the installation flow to be triggered from the /profile page of my app. I generated the Slack install button and placed it inside of my app /profile page. Please note that the profile page is available to the user after authentication.

When the user gets redirected, the Slack page shows up, user clicks Allow and is redirected back to the /slack/oauth_redirect The error shows up with information that Slack installation was triggered from a different URL than /slack/install.

I tried to set the installation_url in my app as follows app.oauth_flow.install_path = '/profile' app.oauth_flow.settings.install_path = '/profile' but it didn't work

The only way I could make it work was to disable the state validation app.oauth_flow.settings.state_validation_enabled = False

Question 1: How do I set up a custom URL from which Slack app installation can be triggered?

Question 2: How do I generate the URL in a way that state is properly managed? (Currently I simply use the generated install button HTML code in my django template).

I will appreciate a code example showing how to do it.

Challenge 2:

When the user approves the Slack app scopes, user is redirected back to /oauth_redirect to complete the app installation (save the data the database). I would like the user to be redirected back to the /profile page after all the settings are saved with additional query string parameters for successful and failed installation.

I tried setting up the following but it doesn't work app.oauth_flow.settings.redirect_uri = "/profile" app.oauth_flow.settings.success_url = "/profile?slack_install=1" app.oauth_flow.settings.failure_url = "/profile?slack_install=0"

Question: How do I redirect the user back to my app URL from bolt django /oauth_redierect page?

Reproducible in:

The slack_bolt version

slack-bolt==1.18.1

Python runtime version

Python 3.9.5

OS info

ProductName: macOS ProductVersion: 14.2.1 BuildVersion: 23C71 Darwin Kernel Version 23.2.0: Wed Nov 15 21:53:34 PST 2023; root:xnu-10002.61.3~2/RELEASE_ARM64_T8103

seratch commented 9 months ago

Hi @emilmajkowski, thanks for asking the questions.

Challenge 1: Question 1: How do I set up a custom URL from which Slack app installation can be triggered?

install_path needs to be served by your Bolt app, not your arbitrary URL. You can customize the path by modifying this url configuration: https://github.com/slackapi/bolt-python/blob/v1.18.1/examples/django/oauth_app/urls.py#L23

Question 2: How do I generate the URL in a way that state is properly managed? (Currently I simply use the generated install button HTML code in my django template).

Also, indeed https://api.slack.com/authentication/oauth-v2#buttongen is the quickest way to start the OAuth flow, but Bolt framework is more opinionated to use OAuth state parameter for better security. Thus, instead of using the slack.com URL directly, please always start your OAuth flow with install_path you set by the above way. In other words, you can reuse the image of the install button but please replace the URL with install_path to redirect users with a valid state parameter for security.

Challenge 2:

Question: How do I redirect the user back to my app URL from bolt django /oauth_redierect page?

You can use callback_options for it. Refer to https://github.com/slackapi/bolt-python/blob/v1.18.1/examples/oauth_app_settings.py#L36 for more details.

I hope this helps.

github-actions[bot] commented 7 months ago

👋 It looks like this issue has been open for 30 days with no activity. We'll mark this as stale for now, and wait 10 days for an update or for further comment before closing this issue out. If you think this issue needs to be prioritized, please comment to get the thread going again! Maintainers also review issues marked as stale on a regular basis and comment or adjust status if the issue needs to be reprioritized.

github-actions[bot] commented 7 months ago

As this issue has been inactive for more than one month, we will be closing it. Thank you to all the participants! If you would like to raise a related issue, please create a new issue which includes your specific details and references this issue number.