@advisr/passport-slack-oauth2
Advanced tools
[Passport](https://github.com/jaredhanson/passport) strategy for authenticating with [Slack](https://slack.com) using the OAuth 2.0 API.
Passport strategy for authenticating with Slack using the OAuth 2.0 API.
Updated to support Sign in with Slack by default.
$ npm install passport-slack-oauth2
{
"provider": "slack",
"id": "U123XXXXX",
"displayName": "John Agan",
"user": {
"name": "John Agan",
"id": "U123XXXXX",
"email": "johnagan@testing.com",
"image_24": "https://secure.gravatar.com/avatar/123abcd123bc12b3c.jpg?s=24&d=https%3A%2F%2Fa.slack-edge.com%2F66f9%2Fimg%2Favatars%2Fava_0000-24.png",
"image_32": "https://secure.gravatar.com/avatar/123abcd123bc12b3c.jpg?s=32&d=https%3A%2F%2Fa.slack-edge.com%2F66f9%2Fimg%2Favatars%2Fava_0000-32.png",
"image_48": "https://secure.gravatar.com/avatar/123abcd123bc12b3c.jpg?s=48&d=https%3A%2F%2Fa.slack-edge.com%2F66f9%2Fimg%2Favatars%2Fava_0000-48.png",
"image_72": "https://secure.gravatar.com/avatar/123abcd123bc12b3c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2F66f9%2Fimg%2Favatars%2Fava_0000-72.png",
"image_192": "https://secure.gravatar.com/avatar/123abcd123bc12b3c.jpg?s=192&d=https%3A%2F%2Fa.slack-edge.com%2F7fa9%2Fimg%2Favatars%2Fava_0000-192.png",
"image_512": "https://secure.gravatar.com/avatar/123abcd123bc12b3c.jpg?s=512&d=https%3A%2F%2Fa.slack-edge.com%2F7fa9%2Fimg%2Favatars%2Fava_0000-512.png"
"image_1024": "https://secure.gravatar.com/avatar/123abcd123bc12b3c.jpg?s=512&d=https%3A%2F%2Fa.slack-edge.com%2F7fa9%2Fimg%2Favatars%2Fava_0000-1024.png"
},
"team": {
"id": "T123XXXX",
"name": "My Awesome Team",
"domain": "my-awesome-team",
"image_34": "https://a.slack-edge.com/0000/img/avatars-teams/ava_0000-00.png",
"image_44": "https://a.slack-edge.com/00a0/img/avatars-teams/ava_0000-00.png",
"image_68": "https://a.slack-edge.com/00a0/img/avatars-teams/ava_0000-00.png",
"image_88": "https://a.slack-edge.com/00a0/img/avatars-teams/ava_0000-00.png",
"image_102": "https://a.slack-edge.com/00a0/img/avatars-teams/ava_0000-000.png",
"image_132": "https://a.slack-edge.com/00a0/img/avatars-teams/ava_0000-000.png",
"image_230": "https://a.slack-edge.com/0a0a0/img/avatars-teams/ava_0000-000.png",
"image_default": true
}
}
The Slack authentication strategy authenticates users using a Slack
account and OAuth 2.0 tokens. The strategy requires a verify callback, which
accepts these credentials and calls done providing a user, as well as
options specifying a client ID, client secret, and callback URL.
passport.use(new SlackStrategy({
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
skipUserProfile: false, // default
scope: ['users:read'] // default, bot token scope
scope: ['identity.basic', 'identity.email', 'identity.avatar', 'identity.team'] // default, user token scope
},
(accessToken, refreshToken, profile, done) => {
// optionally persist user data into a database
done(null, profile);
}
));
In order to access multiple tokens within the OAuth2 Token Response, provide a verify callback with 5 parameters.
passport.use(new SlackStrategy({
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
skipUserProfile: false, // default
scope: ['users:read'] // bot token scope, default
scope: ['identity.basic', 'identity.email', 'identity.avatar', 'identity.team'] // user token scope, default
},
(accessToken, refreshToken, params, profile, done) => { // 5 parameters
// optionally persist user data into a database
done(null, profile);
}
));
{
"id": "U123XXXXX",
"scope": "user-scope-1,user-scope-2",
"token_type": "user",
"access_token": "user-access-token",
"refresh_token": "user-refresh-token",
"authed_user": {
"id": "U123XXXXX",
"scope": "user-scope-1,user-scope-2",
"access_token": "user-access-token",
"token_type": "user"
},
"authed_bot": {
"id": "U987XXXXX",
"scope": "bot-scope-1,bot-scope-2",
"token_type": "bot",
"access_token": "bot-access-token",
"refresh_token": "bot-refresh-token"
}
}
{
"id": "U123XXXXX",
"scope": "user-scope-1,user-scope-2",
"token_type": "user",
"access_token": "user-access-token",
"refresh_token": "user-refresh-token",
"authed_user": {
"id": "U123XXXXX",
"scope": "user-scope-1,user-scope-2",
"access_token": "user-access-token",
"token_type": "user"
},
"authed_bot": {
}
}
{
"id": "U987XXXXX",
"scope": "bot-scope-1,bot-scope-2",
"token_type": "bot",
"access_token": "bot-access-token",
"refresh_token": "bot-refresh-token",
"authed_user": {
"id": "U123XXXXX",
},
"authed_bot": {
"id": "U987XXXXX",
"scope": "bot-scope-1,bot-scope-2",
"token_type": "bot",
"access_token": "bot-access-token",
"refresh_token": "bot-refresh-token",
}
}
Use passport.authenticate() (or passport.authorize() if you want to authenticate with Slack and NOT affect req.user and user session), specifying the 'slack' strategy, to
authenticate requests.
For example, as route middleware in an Express application:
app.get('/auth/slack', passport.authorize('slack'));
app.get('/auth/slack/callback',
passport.authenticate('slack', { failureRedirect: '/login' }),
(req, res) => res.redirect('/') // Successful authentication, redirect home.
);
By default passport-slack strategy will try to retrieve all user identity from Slack using the default scopes of identity.basic, identity.email, identity.avatar, and identity.team. To override these, set the user_scope parameter to an array of user scopes.
passport.use(new SlackStrategy({
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
scope: [], // no (bot) 'scope' defined, no bot tokens issued
user_scope: [
"identity.basic",
"channels:read",
"chat:write:user"
]
}, () => { });
By default passport-slack strategy will try to retrieve bot info from Slack using the default scopes of users:read. To override these, set the scope parameter to an array of bot scopes.
passport.use(new SlackStrategy({
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
scope: [
"users:read"
],
user_scope: [] // no 'user_scope' defined, no user tokens issued
}, () => { });
If you just need an access token and not user profile data, you can avoid getting profile info by setting skipUserProfile to true.
passport.use(new SlackStrategy({
clientID: CLIENT_ID,
clientSecret: CLIENT_SECRET,
scope: ['incoming-webhook'],
user_scope: ['incoming-webhook'],
skipUserProfile: true
}, () => { });
FAQs
[Passport](https://github.com/jaredhanson/passport) strategy for authenticating with [Slack](https://slack.com) using the OAuth 2.0 API.
The npm package @advisr/passport-slack-oauth2 receives a total of 283 weekly downloads. As such, @advisr/passport-slack-oauth2 popularity was classified as not popular.
We found that @advisr/passport-slack-oauth2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
require(esm) backported to Node.js 20, easing the transition to ESM-only packages and reducing complexity for developers as Node 18 nears end-of-life.
Security News
PyPI now supports iOS and Android wheels, making it easier for Python developers to distribute mobile packages.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.