Closed srbcheema1 closed 1 year ago
Hi @srbcheema1, thanks for asking the question. You don't need to have such a workaround. When your installation_store manages user tokens too and the user associated with the request has installed the app with user scopes, his/her user token is available in context
object (under context.autorize_result
too). Thus, your listener can be like this:
@app.message("hello")
def update_status(message, client, context: BoltContext):
client.users_profile_set(
token=context.user_token, # override the token only for this method call
user=message["user"],
profile={
"status_text": "riding the train home",
"status_emoji": ":mountain_railway:",
"status_expiration": 1532627506,
},
)
I hope this helps.
Thanks for the help @seratch It is not pretty straight forward to figure this out as the function client.user_profile_set doesn't take "token" as a direct parameter. Is there any documentation that I can refer for this ?
@srbcheema1 I hear you on that. Every single Slack Web API has its requirements on the necessary scopes. So, to learn such, you can check API doc’s “required scopes” section: https://api.slack.com/methods/users.profile.set
If everything is clear now, would you mind if we close this issue?
@srbcheema1 I hear you on that. Every single Slack Web API has its requirements on the necessary scopes.
I am familiar with this.
It is not pretty straight forward to figure this out as the function client.user_profile_set doesn't take "token" as a direct parameter. Is there any documentation that I can refer for this ?
Rephrasing my question: How to know that client.user_profile_set
function can take token
as input? Any documentation you can quote that can tell me token can be passed to this function.
@srbcheema1 As you may already notice, context.token
and the token that is embodied in client
is primarily a bot token. So, as long as your app requests a bot token (and this is the expected setting for most apps), the token is always a bot token. This means that the token is not useable for the Web APIs that accept only a user token.
Please note that most of the common operations you can do with Slack's Web APIs can be done with a bot token but the specific API you wanted to use this time accepts only a user token. The logic to pick the primary token up may need to be clearly mentioned somewhere in the advanced topic sections. We will consider the improvement.
Do you have anything else to confirm here?
Thanks for the response @seratch
The logic to pick the primary token up may need to be clearly mentioned somewhere in the advanced topic sections.
Yeah this would help developers understand the logic.
Closing here, nothing pending from my end.
https://github.com/slackapi/bolt-python/blob/8334d17ddac15b6e41cc15a6cce533745c20ba7d/slack_bolt/middleware/authorization/multi_teams_authorization.py#L83-L87
In these lines, bot token always take precedence over user token.
The following code gives me error "not_allowed_token_type" when I try to set profile of an authorized user.
So when this function is triggered by a user by typing hello in a group, it provides client with bot token, while I want to use user-token to update his profile.
Error I am getting is:
For now I am using this hack:
This hack works for me now but I would like to know what should be the correct way of getting user-token in context.client.token in a handler function. OR How to use both bot-token and user-token in a handler-functions of slack-bolt app using oauth_settings ?
Versions: