Closed krissirk closed 3 years ago
Hi @krissirk - You're right that the documentation in this case is incorrect. As you've pointed out, the reminders:write
scope (and the reminders:read
) scopes are available on User token types only and should NOT be available as a selection for the bot token in the App Configuration pages or listed in documentation.
I'll share this with the internal team to get these corrected and will report back if we're notified that the issue is resolved. Thank you for raising this and helping to make our public docs better! 🥇
Further, even when you do provide a User token and call the method via the Web API, the "Slackbot" is what adds the reminder in Slack, which is confusing.
It was confusing to me too at first as to why an app with User token scoped with reminders:write
wouldn't just post AS the user and I had to think a little about it:
One way I look at it is from the perspective of what the app installer has actually authorized. In this case, the user grants permission for the application to create reminders on their behalf. A narrow reading of that, says that the user doesn't give the bot permission to create reminders AS them or post under their identity.
Let us know whether that's helpful!
Description
The add reminders method (as well as
complete
anddelete
) only accepts a User token; however, I can assign the reminders:write scope to the Bot token, which would never come into play - why include the Bot token here?Further, even when you do provide a User token and call the method via the Web API, the "Slackbot" is what adds the reminder in Slack, which is confusing. What is the interplay between the User and Bot token in this case of managing reminders via the API?
What type of issue is this? (place an
x
in one of the[ ]
)Requirements (place an
x
in each of the[ ]
)Bug Report
Filling out the following details about bugs will help us solve your issue sooner.
Reproducible in:
Development environment:
Steps to reproduce:
1. 2. 3.
Expected result:
What you expected to happen
Actual result:
What actually happened
Attachments:
Logs, screenshots, screencast, sample project, funny gif, etc. If attaching logs, please remove user data and tokens.