search

slackapi / deno-slack-sdk

SDK for building Run on Slack apps using Deno
https://api.slack.com/automation
MIT License
159 stars 27 forks source link

Question about external-auth add: passing querystring parameters through OAuth2Provider #177

Closed firmbase-tal closed 1 year ago

firmbase-tal commented 1 year ago

Hi, I've been trying to set up the 0Auth2Provider to receive the auth tokens, however I'm currently not very successful in my attempts. I have been following this guide: https://api.slack.com/automation/external-auth

My provider config:

export const MyProvider = DefineOAuth2Provider({
    provider_key: "my-provider",
    provider_type: Schema.providers.oauth2.CUSTOM,
    options: {
      "provider_name": "my-provider",
      "authorization_url": "https://my-domain/authorize",
      "token_url": "https://my-domain/oauth/token",
      "client_id": "<my client id>",
      "scope": [
        "https://localhost:8000/"
      ],
      "authorization_url_extras": {
        "prompt": "consent",
        "access_type": "offline",
        "organization": "<my org id>",
         "state": "",
      },
      "identity_config": {
        "url": "https://my-domain/userinfo",
        "account_identifier": "$.email",
      },
    },
});

I have successfully added the auth secret using slack external-auth add-secret --provider my-provider --secret "<my secret>". However, when I try to run slack external-auth add I receive the following error from the callback url: oauth2_exchange_error. I have added the callback url to the auth0 configuration and the slack domain to CORS and Web Origins.

The weird thing is that when going through fiddler I don't see a request to my token_url. despite no errors from my provider, who referred back to the callback after authorize succeeded. I was wondering if you might have any insight as to what I'm doing wrong.

Thanks in advance, and thank you for your hard work.

filmaj commented 1 year ago

What's the best way for me to try to reproduce this? You mentioned:

I have added the callback url to the auth0 configuration and the slack domain to CORS and Web Origins.

Maybe I try to set up a similar integration on my end?

firmbase-tal commented 1 year ago

Sure, I'm using Auth0 with orgs, in the auth0 management web page, on the relevant orgs application settings, I have added the slack callback url as specified in the linked guide to the Allowed Callback URLs section, and then added domain of the url to the Allowed Web Origins and to the Allowed Origins (CORS) sections. The results are as I have described. Using slack cli version 2.1.0

firmbase-tal commented 1 year ago

I think I understand the problem now.
We are using the organizations parameter in the authorize url, as a result the token request needs to include the same parameter as far as I understand. The slack redirect uri has no knowledge of the organization, and therefore cannot pass it, resulting in the error.
In the meantime I figured out an alternative to setting up the authentication, so it's a non-issue for me.