Closed RScicomp closed 6 months ago
Hi @RScicomp, thanks for asking questions!
Does this mean that Signing secrets aren't used in SocketMode?
Yes, it does. With Socket Mode, your app communicates with Slack over a securely established WebSocket connection. So, unlike the HTTP requests to a publicly accessible endpoint, no need to verify a request signature. You can still pass signing secret string when initializing an app but actually it won't be used as you observed.
Is the middleware checking if the sender is actually slack using the signature each time this function runs? If not is there a way to do so, in particular with socketmode?
Yes, it is for Request URL style. As for Socket Mode, you don't need to worry about it for the above reason.
I hope this clarifies.
Yes that helps alot thanks for the clarification!
Hi! new to slack-bolt I had a general question about Socket Mode and Signing Secrets:
When reading the code behind app.py using Socket Mode I saw the comment:
Does this mean that Signing secrets aren't used in SocketMode? In general i see in examples that there are no requestverification / SignatureVerification calls - can i assume that slack bolt takes care of that when you declare an App Class?
Another question i have is say i do:
Is the middleware checking if the sender is actually slack using the signature each time this function runs?
If not is there a way to do so, in particular with socketmode?