From 9dbd372f08008463292576fbea8989acef506be3 Mon Sep 17 00:00:00 2001
From: Cathy Chen <cathykaichen@gmail.com>
Date: Sun, 6 Dec 2020 15:31:32 -0800
Subject: [PATCH] update(provider): Update Slack provider to use V2 OAuth
 endpoints (#895)

* Update Slack to v2 authorize urls, option for additional authorize params
* acessTokenGetter + documentation
---
 src/providers/slack.js              | 8 +++++---
 src/server/lib/oauth/callback.js    | 2 +-
 src/server/lib/signin/oauth.js      | 3 ++-
 www/docs/configuration/providers.md | 1 +
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/providers/slack.js b/src/providers/slack.js
index e52a37cd80..327a426194 100644
--- a/src/providers/slack.js
+++ b/src/providers/slack.js
@@ -4,10 +4,12 @@ export default (options) => {
     name: 'Slack',
     type: 'oauth',
     version: '2.0',
-    scope: 'identity.basic identity.email identity.avatar',
+    scope: [],
     params: { grant_type: 'authorization_code' },
-    accessTokenUrl: 'https://slack.com/api/oauth.access',
-    authorizationUrl: 'https://slack.com/oauth/authorize?response_type=code',
+    accessTokenUrl: 'https://slack.com/api/oauth.v2.access',
+    accessTokenGetter: (json) => json.authed_user.access_token,
+    authorizationUrl: 'https://slack.com/oauth/v2/authorize',
+    additionalAuthorizeParams: { user_scope: 'identity.basic,identity.email,identity.avatar' },
     profileUrl: 'https://slack.com/api/users.identity',
     profile: (profile) => {
       const { user } = profile
diff --git a/src/server/lib/oauth/callback.js b/src/server/lib/oauth/callback.js
index 6fb90b1229..e19020dfc1 100644
--- a/src/server/lib/oauth/callback.js
+++ b/src/server/lib/oauth/callback.js
@@ -247,7 +247,7 @@ async function _getOAuthAccessToken (code, provider, callback) {
         // Clients of these services suffer a minor performance cost.
         results = querystring.parse(data)
       }
-      const accessToken = results.access_token
+      const accessToken = provider.accessTokenGetter ? provider.accessTokenGetter(results) : results.access_token
       const refreshToken = results.refresh_token
       callback(null, accessToken, refreshToken, results)
     }
diff --git a/src/server/lib/signin/oauth.js b/src/server/lib/signin/oauth.js
index f1083aa4de..3584efe564 100644
--- a/src/server/lib/signin/oauth.js
+++ b/src/server/lib/signin/oauth.js
@@ -12,7 +12,8 @@ export default (provider, csrfToken, callback, authParams) => {
       redirect_uri: provider.callbackUrl,
       scope: provider.scope,
       // A hash of the NextAuth.js CSRF token is used as the state
-      state: createHash('sha256').update(csrfToken).digest('hex')
+      state: createHash('sha256').update(csrfToken).digest('hex'),
+      ...provider.additionalAuthorizeParams
     })
 
     // If the authorizationUrl specified in the config has query parameters on it
diff --git a/www/docs/configuration/providers.md b/www/docs/configuration/providers.md
index f3b5281c8a..9bbe09f992 100644
--- a/www/docs/configuration/providers.md
+++ b/www/docs/configuration/providers.md
@@ -138,6 +138,7 @@ providers: [
 |      scope       |       OAuth access scopes (expects array or string) |    No    |
 |      params      |       Additional authorization URL parameters       |    No    |
 |  accessTokenUrl  |        Endpoint to retrieve an access token         |   Yes    |
+|  accessTokenGetter  |   Default `(json) => json.access_token`          |    No    |
 | requestTokenUrl  |        Endpoint to retrieve a request token         |    No    |
 | authorizationUrl |   Endpoint to request authorization from the user   |   Yes    |
 |    profileUrl    |       Endpoint to retrieve the user's profile       |    No    |