-
Notifications
You must be signed in to change notification settings - Fork 401
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: buildSource
does not take into account authorizations
array when sourcing user_id
during user-token retrieval/authorization
#2271
Comments
So I understand correctly: your app requires user tokens, yes? Presumably to have access to private multi-person DMs that do not include your app? If so, have you seen our documentation on user tokens in OAuth? I assume your app requires each user to run through the OAuth flow. If so, check the docs out. Your Installation Store implementation will need to take into account the user ID for each |
You got it right @filmaj. |
Is there a field on the |
Yeah, I could only find relevant information in {
"token": "...",
"team_id": "T05UK5GDLLF",
"context_team_id": "T07E4UY2V3N",
"context_enterprise_id": null,
"api_app_id": "...",
"event": {
"type": "member_joined_channel",
"user": "U07EF4VQKJM", // Invited user. Didn't install the app. This gets passed to `fetchInstallation()`.
"channel": "C07NDDC2KL6",
"channel_type": "C",
"team": "T07E4UY2V3N",
"inviter": "U07DN185RRD", // Inviter user. Omitted.
"event_ts": "1727111934.000800"
},
"type": "event_callback",
"event_id": "Ev07N7H18B39",
"event_time": 1727111934,
"authorizations": [
{
"enterprise_id": null,
"team_id": "T05UK5GDLLF",
"user_id": "U05UT2A9H6J", // The correct user id, the one who installed the slack app.
"is_bot": false,
"is_enterprise_install": false
}
],
"is_ext_shared_channel": true,
"event_context": "..."
} Does passing the whole |
Thanks for that. I think you are right that this is a bug in how user IDs are extracted during In this code, which extracts the relevant However, in this code, which extracts the relevant That's my admittedly-quick assessment. Going to set this as a bug that needs fixing. However, a proper fix may need to wait until bolt v4 is released (we are actively working on it), because it feels to me this could be a risky change. Specifically, I feel like there is potential for this adversely affecting other kinds of events. Would need good test coverage to ensure everything works as expected. |
buildSource
does not take into account authorizations
array when sourcing user_id
during user-token retrieval/authorization
@seratch does the above assessment look correct to you? |
Hey there,
We're developing a Slack app, allowing multiple installations per team, and we've run into a problem when using events.
@slack/bolt
version3.21.4
Node.js runtime version
v20.15.0
Steps to reproduce:
member_joined_channel
user event.member_joined_channel
is fired, and after thebuildSource()
function,installationStore.fetchInstallation()
is called with the user_id equivalent to Carol's id (insideauthorize()
).source
object which installation to use.After debugging for a while it seems that we can use the
authorizations
property inbody
to know which installation is authorized, but it doesn't seem to be passed tofetchInstallation()
.Is there any reason for this, or another way to solve the problem?
The text was updated successfully, but these errors were encountered: