Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using this without legacy tokens? #136

Open
cdrage opened this Issue Apr 16, 2018 · 18 comments

Comments

Projects
None yet
8 participants
@cdrage
Copy link

cdrage commented Apr 16, 2018

Is there any way possible of using this without having to use a legacy token? For teams such as kubernetes.slack.com unfortunately there's no way to get one (they don't allow it).

@erroneousboat erroneousboat self-assigned this Apr 17, 2018

@erroneousboat

This comment has been minimized.

Copy link
Owner

erroneousboat commented Apr 17, 2018

Related: nlopes/slack#184

@erroneousboat erroneousboat added this to the 0.4.1 milestone Apr 17, 2018

@metzlar

This comment has been minimized.

Copy link

metzlar commented Apr 23, 2018

+1 for this feature. Using an oauth robot token doesn't allow me to reply and send messages as 'me'

@erroneousboat

This comment has been minimized.

Copy link
Owner

erroneousboat commented Apr 24, 2018

This depends on whether the slack api will allow additional methods of authentication and if nlopes/slack will support it.

@ventz

This comment has been minimized.

Copy link

ventz commented Apr 30, 2018

Weechat's slack plugin does this via an interesting method which can be copied here:

https://github.com/wee-slack/wee-slack/blob/89864b5ab952b426e77cd76cc0941035335063df/wee_slack.py#L3107

Basically they generate a "fake url" oauth request, and then the user copies the authenticated oauth token, and provides that to complete the login. After that, the session is saved and it's done.

@erroneousboat

This comment has been minimized.

Copy link
Owner

erroneousboat commented Apr 30, 2018

@erroneousboat

This comment has been minimized.

Copy link
Owner

erroneousboat commented Jun 16, 2018

The following procedure should allow slack-term usage without the use of legacy token, could you guys perhaps test if it works?


  1. Go to the following page: https://slack.com/oauth/authorize?client_id=91899392594.382712253827&scope=client

  2. Select the workspace to which you want slack-term to provide access to.

  3. Click "Authorize", this will redirect you, this redirect will fail, which is expected.

  4. Copy the code portion of the URL. http://not.a.host?code=[code-will-be-here]&state=

  5. In your terminal issue the following command, inserting the code at the right location:

$ curl -s "https://slack.com/api/oauth.access?client_id=91899392594.382712253827&client_secret=c7986be41b6ddb478041d1848dad5f6e&code=[code-goes-here]"
  1. From the response, copy the access_token and place it in your .slack-term
@dragon788

This comment has been minimized.

Copy link

dragon788 commented Jun 26, 2018

The curl command could perhaps be slightly improved in output if you have jq installed by adding | jq -r .access_token to the end of your command. This outputs just the token without the other stuff, it might even be possible to inject it into the config file, but that could get magical.

@dragon788

This comment has been minimized.

Copy link

dragon788 commented Jun 26, 2018

Also, I did test these commands and they work great, the only slightly painful part is the code is single use, so once it has been redeemed you need to go through the process again, but it doesn't appear to revoke the old token so it is fairly safe.

I ended up using CODE="theCodeFromUrl"; curl -s "https://slack.com/...?code=$CODE" so that I could change the code with CODE="newCode" without having to repaste it into the command every time.

I'm wondering whether it is much of a security concern that the initial response portion after the redirect to GitHub probably shows up in their logs, but it is only useful once, and it is very unlikely anybody except a malicious browser extension could really do anything with it before a user utilizes it and if you've installed a bad extension you are probably at risk of many other avenues like your full credentials being compromised.

UPDATE:
So it appears that doing it the Oauth way registers slack-term as an application rather than granting it access to your personal account, this may be desirable but might not work if you don't have administrator privileges to the Slack where you are trying to use slack-term.

@erroneousboat

This comment has been minimized.

Copy link
Owner

erroneousboat commented Jun 26, 2018

@dragon788 You're right I've changed the redirect url and updated the instructions. Thanks for testing it out, and I'll have a look at your suggestions.

@terabyte

This comment has been minimized.

Copy link

terabyte commented Oct 15, 2018

Here is another useful trick for the linux users to grab a token from a logged in browser session - I tested this and it works with both firefox and google-chrome.

$ sudo apt-get install gdb
<...>
$ for i in $(ps auxwwwfg | grep firefox | grep -v grep | cut -c9-15); do gcore -o $i.core $i; done
$ cat *.core |  grep -ao 'xoxs-[-0-9a-f]*' | sort | uniq -c | sort
<output...>
$ rm *.core

In the "output" area you will see a list of strings that start "xoxs-<...>" plus the number of times they occur. There will usually only be one or two, depending on how many times you are logged into slack. You can snatch these and put them straight into your ~/.slack-term file.

@erroneousboat

This comment has been minimized.

Copy link
Owner

erroneousboat commented Oct 27, 2018

Closing this, because the workaround has been added to the wiki.

https://github.com/erroneousboat/slack-term/wiki#running-slack-term-without-legacy-tokens

@cdrage

This comment has been minimized.

Copy link
Author

cdrage commented Nov 6, 2018

Can we re-open this? The problem that I was originally facing is allow this in organizations that do not allow new applications.. Or perhaps add the:

$ sudo apt-get install gdb
<...>
$ for i in $(ps auxwwwfg | grep firefox | grep -v grep | cut -c9-15); do gcore -o $i.core $i; done
$ cat *.core |  grep -ao 'xoxs-[-0-9a-f]*' | sort | uniq -c | sort
<output...>
$ rm *.core

Instructions to the wiki?

Unfortunately since I do not have authorization to add slack-term to the Kubernetes wiki I have to use the above instructions 👍

@erroneousboat

This comment has been minimized.

Copy link
Owner

erroneousboat commented Nov 6, 2018

Have you tried #136 (comment) ? That allows you to create a slack token without the organization adding an application. I've added the additional instructions to the wiki.

@cdrage

This comment has been minimized.

Copy link
Author

cdrage commented Nov 6, 2018

@erroneousboat Yup. You have to have permission to the org to actually add the slack-term client.

See the attached image

screenshot from 2018-11-06 13-52-12

@erroneousboat

This comment has been minimized.

Copy link
Owner

erroneousboat commented Nov 6, 2018

Ok, cool I'll reopen the issue.

@erroneousboat erroneousboat reopened this Nov 6, 2018

@ventz

This comment has been minimized.

Copy link

ventz commented Nov 6, 2018

Hi,

Just wanted to point out that there are 2 different issues mixing here.

The Apologies, but you are not authorized to install slack-term is completely different than the legacy tokens vs new oAuth tokens.

The "authorized to install" simply means that the slack organization has locked down who can install Add-ons. (usually for security or because they have a free account and only have 5, and this will take up one of them). The oAuth keys install the same as a "bot" and so it takes up one of the "Integration slots".

So that said -- this is completely as expected.

@alexfornuto

This comment has been minimized.

Copy link

alexfornuto commented Dec 20, 2018

I was able to use the solution provided by @terabyte, but would love to see a feature added wherein we could auth from the client itself.

@erroneousboat erroneousboat added question and removed enhancement labels Dec 22, 2018

@erroneousboat erroneousboat removed this from the v0.4.1 milestone Dec 22, 2018

@erroneousboat erroneousboat removed their assignment Feb 20, 2019

@Sevastyan

This comment has been minimized.

Copy link

Sevastyan commented Mar 9, 2019

Any ETA on this? This issue is a deal-breaker for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.