Closed jota12x closed 3 weeks ago
Hi, @jota12x! Thank you for submitting this question π
We consulted internally about how long tokens delivered in the function_executed
event payload last for and this is what they said re: Why would this happen?:
The tokens expire 15 minutes after being issued and are revoked immediately when the step is completed, so whichever of those comes first. In most cases the step only takes a few seconds and then we immediately revoke the token.
To answer the other questions:
How can I control the expiration time of the access tokens?
As far as I know, there is no way to manipulate this with the APIs or SDKs - this is preset based on internal code.
Would implementing token rotation solve the problem? If so, why?
This scenario seems edge case-y, so I'm unsure if token rotation would solve this at all. Based on the token expiration criteria mentioned above where the tokens either expire 15 mins after being issued OR are revoked when the step is completed, I would first suggest looking into if complete()
is being called anywhere prior to the say()
function - it seems like something is signaling function completion within the resource certain that ends up skipping the remaining body of the function.
I hope this helps - let me know if you have further questions! π
@hello-ashleyintech Thank you for your prompt and throughout answer.
I would first suggest looking into if complete() is being called anywhere prior to the say() function - it seems like something is signaling function completion within the resource certain that ends up skipping the remaining body of the function.
Sorry, I forgot to add complete()
when pasting my code. I checked and only used it once after the second say() function. Leaving aside complete()
and fail()
, I only call the API twice, one per each say()
.
The tokens expire 15 minutes after being issued and are revoked immediately when the step is completed, so whichever of those comes first. In most cases the step only takes a few seconds and then we immediately revoke the token.
My lambda function runs for around two minutes. Is that too much? For instance, if I comment enough lines, the second message certainly reaches the API.
By the way, I ran my app in Socket mode, and it works as expected. Is there any difference for the token's handling in Socket mode? π€
@jota12x It does seems like something in the lambda function is running too long - could it be that it takes a while to actually initialize and start the Lambda function with its dependencies?
I recommend checking your code with these examples to make sure that it aligns with how you're calling your function.
By the way, I ran my app in Socket mode, and it works as expected. Is there any difference for the token's handling in Socket mode? π€
It could have something to do with Socket Mode requiring an app token. I'm not 100% sure on this though, but you can learn more about the app token vs. bot token here.
@hello-ashleyintech Thank you for the resources. I continued testing and realized that the token is revoked if the Lambda runs for more than one second. Maybe is related to this doc .
When building workflows using functions, there is a 60 second timeout for a deployed function and a 15 second timeout for a locally-run function.
So, is it possible to run lazy code inside a custom function or workflow step? π€ From what I checked, the documentation only refers to commands.
π It looks like this issue has been open for 30 days with no activity. We'll mark this as stale for now, and wait 10 days for an update or for further comment before closing this issue out. If you think this issue needs to be prioritized, please comment to get the thread going again! Maintainers also review issues marked as stale on a regular basis and comment or adjust status if the issue needs to be reprioritized.
I made my code work by implementing it as a command instead. I don't know what's wrong with custom functions yet, but will take a look in my free time.
Hi, I'm implementing a single-organization Slack app that receives data from a workflow form and creates some resources in AWS. To accomplish this, my app has a custom function that the code listens to, similar to this:
My app works locally, however when deploying it to Lambda, the Slack API revokes the access token after the AWS resource creation, resulting in the second message being ignored
Furthermore, if I remove the AWS processing, both messages are sent to the channel, so I suspect the problem lies on the expiration time for the access token. My questions are:
Reproducible in:
The
slack_bolt
versionslack-bolt 1.19.0rc1
Python runtime version
3.11.0 (Paste the output of
python --version
)OS info
arm64 (lambda)