DEV Community

Cover image for OAuth with slack
Nikhil Devarasetty
Nikhil Devarasetty

Posted on

OAuth with slack

๐Ÿค” What is OAuth? ๐Ÿ‘‡
OAuth is a protocol that lets your app request authorization to private details.

With slack we can implement OAuth for the required scopes, to access the workspace channels, members, conversations, calls, listen to events, etc...

Ohh, ๐Ÿค” What are scopes then? ๐Ÿ‘‡
Scopes are used to grant your app permission to perform functionality in Slack like,

  1. Call Web API methods, users.list, channels.read, channels.write, etc...
  2. Receive Events API events like, user joined, channel created, etc...

Then how to do it? ๐Ÿ‘‰ Follow the below steps

Create and Install app to workspace:

  1. Create slack workspace, by going to https://slack.com
  2. After that, create an app, by going to https://api.slack.com/apps, choosing respective workspace.
  3. After creating app, go to the created app and under OAuth & permissions section give the required scopes.
  4. After giving scopes you can able to install app to your workspace or publish it to slack open directory.

Performing OAuth

  1. To perform OAuth we need to generate authorization redirect url, to do so navigate to https://api.slack.com/authentication/sign-in-with-slack
  2. The url will look like,

    GET /openid/connect/authorize?
     response_type=code
     &scope=openid%20profile%20email
     &client_id=s6BhdRkqt3
     &state=af0ifjsldkj
     &team=T1234
     &nonce=abcd
     &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb 
    HTTP/1.1
    Host: https://slack.com
    
  3. The redirect_uri in above url, is the request handler for which slack to redirect with temporary access code.

  4. With that temporary access code we need to request for access-token using api slack.com/api/openid.connect.token?code={access_code}&client_id=###&client_secret=###&redirect_uri=###, for more details about api method, headers and parameter look into https://api.slack.com/methods/openid.connect.token

  5. With the access-token received, you can store it securely and use it whenever required.

Hurray! It's done ๐Ÿ˜‡

Conclusion:

  • I have provided basic walkthrough, please do explore https://api.slack.com/authentication/basics, for detailed explanation.
  • And explore the Refresh token concept, how to opt for it, refresh the access-token using refresh token.

Top comments (0)