MultiTeamsAuthorization issue with slash commands?

[timrourke]

Issue Type

• [x] Bug
• [ ] Enhancement / Feature request
• [x] Question
• [ ] Documentation

Description

While attempting to follow the example you shared with me on how to build a Scala application using Play, I'm receiving an error that states the following:

This app was not able to respond to your action. Please install this Slack app :bow:

It looks like this error message is coming from here: https://github.com/slackapi/java-slack-sdk/blob/v1.0.8/bolt/src/main/java/com/slack/api/bolt/middleware/builtin/MultiTeamsAuthorization.java#L88

Is it possible some request parameter for the SlashCommand is not being parsed correctly? Anything else I could be overlooking? I should note that the test app I'm playing with is on a free account, so enterprise_id is missing from the incoming request to my Bolt app.

Here's what the incoming request looks like:

POST /slack/events HTTP/1.1
Host: 98872139fcc4.ngrok.io
User-Agent: Slackbot 1.0 (+https://api.slack.com/robots)
Accept-Encoding: gzip,deflate
Accept: application/json,*/*
X-Slack-Signature: v0=OMITTED
X-Slack-Request-Timestamp: 1591843873
Content-Length: 385
Content-Type: application/x-www-form-urlencoded
X-Forwarded-Proto: https
X-Forwarded-For: 52.91.46.10

token=OMITTED&team_id=OMITTED&team_domain=OMITTED&channel_id=OMITTED&channel_name=directmessage&user_id=OMITTED&user_name=OMITTED&command=%2Fhello&text=&response_url=OMITTED&trigger_id=OMITTED

---

(only for a bug report)

The issue is reproducible in:

• Module Version: 1.0.8

• JDK Version:

openjdk version "1.8.0_232"
OpenJDK Runtime Environment (build 1.8.0_232-b09)
OpenJDK 64-Bit Server VM (build 25.232-b09, mixed mode)

The steps to reproduce are:

1. Install the app with a /hello slash command handler
2. Serve Play app with the code you proposed in your Play example (replacing your example slash command name with "/hello")
3. Use ngrok to expose local environment to Slack app
4. Configure Slack app to use ngrok URL
5. Run app with env vars for the creds specified in the Slack app's admin pages

The expected result is: See the string result I'm returning from the slash command handler appear

The actual result is: This app was not able to respond to your action. Please install this Slack app :bow:

---

Requirements (place an x in each of the [ ])

• [x] I've read and understood the Contributing guidelines and have done my best effort to follow them.
• [x] I've read and agree to the Code of Conduct.
• [x] I've searched for any related issues and avoided creating a duplicate issue.

[seratch]

@timrourke Hello again!

Is it intentional to enable MultiTeamsAuthorization for your apps? To know what it is, reading the following document should be helpful.

• https://api.slack.com/authentication/oauth-v2
• https://slack.dev/java-slack-sdk/guides/app-distribution

If you're fine with SingleTeamAuthorization, all you need are SLACK_BOT_TOKEN and SLACK_SIGNING_SECRET. If you have to keep other env variables for some reason, manually instantiating an AppConfig instance is an option.

• https://github.com/slackapi/java-slack-sdk/blob/v1.0.8/bolt/src/main/java/com/slack/api/bolt/AppConfig.java#L63-L65
• https://github.com/slackapi/java-slack-sdk/blob/v1.0.8/bolt/src/main/java/com/slack/api/bolt/App.java#L90-L91

If you're intentionally trying MultiTeamsAuthorization and having difficulties to enable it, checking this guide should be helpful. In summary, 1) your app needs to support the OAuth flow to acquire tokens from multiple workspaces, and 2) needs to enable InstallationService (the default one works with the local file system) to fetch valid tokens for incoming requests towards /slack/events.

[timrourke]

Thanks again @seratch, that did the trick! I think the behavior of the application automatically configuring itself to expect multi-teams authorization because of the presence of additional environment variables is a little bit surprising, though probably useful.

Is this behavior documented somewhere that I failed to see? If not, is this something that would benefit from being clarified in documentation somewhere? I could imagine other first-time users like me trying to be thorough as they build a Slack app, and might also add a pile of configuration they don't need (yet) to their code?

[seratch]

When we talk about the additional env variables, all of them are listed here: https://slack.dev/java-slack-sdk/guides/app-distribution#slack-config-for-distributing-your-slack-app

I don't believe many developers can be confused with this behavior. They won't be able to get to know the env variable names without reading the above page. If a developer goes with manual AppConfig initialization, they may encounter the side-effect caused by having both clientId and clientSecret in it. That said, I don't think it's not a common path for many beginners.

I may add some guide about this in a document page in the future but I don't think it's urgent for now. Thanks for your feedback here. Your inputs are always helpful.

[wawo9193]

Hi @seratch, I've been trying to solve an issue that is similar to this one mentioned. However, I am trying to do multi teams authorization capabilities and I am somewhat of a beginner.

I have all of the environment variables set, and decided the AWS S3 route might be best for me. I save the installer files containing the json installer objects to my S3 with /installer/<enterprise-id>-<team-id>-<user-id>, I've tried both the authed user id and the bot user id for the user-id in the path but neither solved the issue. For the bot files containing the bot json objects, I'm saving them to bot/<enterprise-id>-<team-id>

I do have my state service implemented like from the documentation example

// Store valid state parameter values in Amazon S3 storage
OAuthStateService stateService = new AmazonS3OAuthStateService(awsS3BucketName);
// This service is necessary only for OAuth flow apps
oauthApp.service(stateService);

But I do not create a state file, I didn't see anything about doing that so I'm assuming this is enough.

After clicking on the 'Allow' button to go to the slack redirect uri, I am able to successfully retrieve the access token. Yet, when I try to test out a slash command, I get the 'Please install this Slack app' message.

Some extra information, when I submit the slash command on the server side log, I get a POST request to /slack/events with a 200 http response.

Am I supposed to do anything else to get the app installed to someone's workspace? After the exchange to get the access token, am I supposed to restart the main api App so that the installation service is properly loaded? I am still learning but I feel like I've tried just about everything I can think of.

Let me know of any other information I could provide, thank you.