travisghansen / node-red-slack

A node-red module to post to Slack.com
MIT License
22 stars 29 forks source link

invalid_auth #25

Open nicholaskillin opened 5 years ago

nicholaskillin commented 5 years ago

This is very likely user error and I apologize for the basic question. I installed this node in node-red running with Home Assistant. I have a slack app that is currently integrated and working with Home Assistant, but can only post messages. I was hoping this node could help me set my slack status as well.

I copied the oAuth token from my app that is already working (starts with xoxp) but when I deploy the node I get an invalid_auth error. I also tried using the verification token from that same Slack app but received the same auth error. Any ideas what I'm doing wrong? Thanks!

travisghansen commented 5 years ago

@nicholaskillin thanks for reporting! I never documented all the required scopes since it seemed most people were using bot tokens. My guess is the token you're using simply doesn't have permissions to do something the integration 'requires'. When the integration starts up we gather a list of channels, users, bots, teams, dnd info, and probably others (slackState data). After startup those datapoints are generally maintained/refreshed to make sure they remain current.

I doubt the token you have will ever work (meaning, it was issued with limited scopes), but I'd be happy to work with you to document what scopes are required and make sure the integration works with xoxp tokens (it may not be feasible but I'd like to try).

Alternatively, just get a bot token and you should be good to go.

nicholaskillin commented 5 years ago

Yeah, I'd be happy to work with you on this. I currently have chat:write:user, incoming-webhook, and users.profile:write enabled. I can add any scopes that you think would be necessary. Do you have a list of ones that you would suspect that I need that I can add?

travisghansen commented 5 years ago

Yeah give me a day or two to gather the current API calls up (just wrapped up a major life event so I'm fairly preoccupied currently). Also consider the integration allows for complete usage of the API (both rtm and web) so whatever scopes for methods you intend to use will also be required.

nicholaskillin commented 5 years ago

Yeah. I believe that I have all of the needed scopes already. I created this app basically so that I can update my profile status. I have Home Assistant watching one of my calendars for specific events, and when those events are 2 minutes out I want it to announce that the event is 2 minutes away via my Google Home (which is already working) and then set my slack status (so that my co-workers know that I'm on a phone call. I believe that the users.profile:write scope allows me to do that.

Would it be better for me to just add them all, then see if that works? If that does work then I could go through and remove them one at a time, saving each time to see which ones break the integration with Node Red.

Seems like a fair amount of work, but could get the data that we are looking for.

travisghansen commented 5 years ago

You can add them all and see if it works generally yeah.

If that fails then it doesn't make much sense to keep going. If it does work then awesome, but no need to go through and try them 1 by 1...the list is pretty small and I can gather them up pretty easily.

Just making sure it works generally would be great though. Thanks!

nicholaskillin commented 5 years ago

Welp, this may be harder than I thought. I added all of the scopes with the exception of the following:

admin auditlogs.read identity.avatar identity.basic identity.email identity.team

After doing that I reinstalled the slack app, refreshed node red and still received the same error. If there is anything I can pull error or debug logs from I'd be happy to do so.

Also, I get major life events. Hoping it's a good one and no rush on my end.

travisghansen commented 5 years ago

I make the users.identity web call which looks like it requires identity.basic. Add that and restart node red and see what you get.

travisghansen commented 5 years ago

Here are some crude notes of what's used for basic connection:

user scopes

rtm.connect - no scope require
conversations.list -    channels:read  groups:read  im:read  mpim:read
users.list - users:read
bots.info - users:read
team.info - team:read
users.identity - identity.basic
dnd.teamInfo - dnd:read
channels.info - channels:read
nicholaskillin commented 5 years ago

Hm, when I try and the identity.basic scope I get an error from slack saying

Invalid permissions requested
Cannot request both identity scopes and other scopes at the same time

I don't think it's going to let me do that. Any thoughts or do you think that I should just switch to a bot token? If I use a bot taken I assume it's still possible to change my slack status?

nicholaskillin commented 5 years ago

Just answered my own question. Started playing around, added a bot token and was able to get it to connect. However, while trying to get the profile status updated I kept getting invalid_token_type. Then I stumbled upon this page which says that only the user token can be used for this method.

https://api.slack.com/methods/users.profile.set

nicholaskillin commented 5 years ago

And I was actually able to get this setup just now and working using a function node and an http request node. Looks like I don't need the slack nodes for what I am trying to do. Thanks!

travisghansen commented 5 years ago

Yeah pretty easy to do a raw http request. Be careful about exporting secrets if you ever export a flow.

All this info is good to know. Regardless of your setup I'm going to leave this issue open until a get a chance to at least research a little deeper and document limitations etc.

oakbrad commented 3 years ago

Here are some crude notes of what's used for basic connection:

user scopes

rtm.connect - no scope require
conversations.list -  channels:read  groups:read  im:read  mpim:read
users.list - users:read
bots.info - users:read
team.info - team:read
users.identity - identity.basic
dnd.teamInfo - dnd:read
channels.info - channels:read

I'm having the same issue. Adding these user scopers results in an error on the Slack end for "Invalid permissions request".

I was able to solve this by creating a "Classic Slack App" that does not have granular permissions and using the xoxb token it generates.

https://api.slack.com/apps?new_classic_app=1