Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

redirectUri not being passed into installUrlOptions #1115

Closed
5 of 10 tasks
srajiang opened this issue Sep 15, 2021 · 2 comments · Fixed by #1116
Closed
5 of 10 tasks

redirectUri not being passed into installUrlOptions #1115

srajiang opened this issue Sep 15, 2021 · 2 comments · Fixed by #1116
Assignees
@srajiang
Labels
bug M-T: confirmed bug report. Issues are confirmed when the reproduction steps are documented
Milestone
3.7.0

Comments

@srajiang
Copy link
Member

srajiang commented Sep 15, 2021
edited

Description

We haven't been passing redirect_uri.

installRedirectUri can be passed as an option under installerOptions field during App initialization. The intended behavior is for this field to be Included in the request url parameters sent to the Slack v2 authorize endpoint. Currently this is not happening because the installUrlOptions does not include this parameter. You can verify this by checking the install url generated by the Add to Slack Button

Moreover when the path is properly passed, the our recommended relative path format in the docs e.g. /slack/redirect is invalid because it doesn't match the URI set on the Slack config side, and doesn't conform to Slack API format for the redirect_uri parameter from the oauth.v2.access method) (I confirmed this error by trying to hit this endpoint with a relative url). that Slack gives you an error page instead of properly redirecting to the OAuth page.

Per api docs, either redirect_uri in the params OR redirect_uri set in the Slack App config OR both can be supplied. If both are supplied, they also have to match exactly.

What type of issue is this? (place an x in one of the [ ])

  • bug
  • enhancement (feature request)
  • question
  • documentation related
  • example code related
  • testing related
  • discussion

Requirements (place an x in each of the [ ])

  • I've read and understood the Contributing guidelines and have done my best effort to follow them.
  • I've read and agree to the Code of Conduct.
  • I've searched for any related issues and avoided creating a duplicate issue.

Bug Report

Filling out the following details about bugs will help us solve your issue sooner.

Reproducible in:

package version: @slack/bolt 3..6.0

Steps to reproduce:

  1. Init app
const app = new App({
  signingSecret: process.env.SLACK_SIGNING_SECRET,
  clientId: process.env.SLACK_CLIENT_ID,
  clientSecret: process.env.SLACK_CLIENT_SECRET,
  installerOptions: {
    redirectUriPath: '/slack/redirect',
  },
  stateSecret: 'my-state-secret',
  scopes: ['chat:write'],
  logLevel: LogLevel.DEBUG
});
  1. Launch the app and visit the /slack/install path
  2. Confirm the redirect_uri field isn't defined

Expected result:

What you expected to happen - redirectUri passed in the oauth/v2/authorize request from client.

Actual result:

What actually happened redirect_uri is empty.

Attachments:

Logs, screenshots, screencast, sample project, funny gif, etc.
@srajiang srajiang added bug M-T: confirmed bug report. Issues are confirmed when the reproduction steps are documented needs info An issue that is claimed to be a bug and hasn't been reproduced, or otherwise needs more info and removed needs info An issue that is claimed to be a bug and hasn't been reproduced, or otherwise needs more info labels Sep 15, 2021
@srajiang srajiang added this to the 3.7.0 milestone Sep 15, 2021
@srajiang srajiang mentioned this issue Sep 16, 2021
Merged
6 tasks
@srajiang srajiang self-assigned this Sep 16, 2021
@emrah-b
Copy link

emrah-b commented Nov 3, 2022

I still have the issue with 3.11.3 What version is this issue fixed in?

@hello-ashleyintech
Copy link
Contributor

hello-ashleyintech commented Nov 3, 2022
edited

Hi, @emrah-b! It looks like the fix for this issue was included in the release for 3.7.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@srajiang srajiang

Labels
bug M-T: confirmed bug report. Issues are confirmed when the reproduction steps are documented
Projects
None yet
Milestone
3.7.0
Development

Successfully merging a pull request may close this issue.

Add option to disable state verification, fix redirect uri bug srajiang/bolt-js
3 participants
@emrah-b @hello-ashleyintech @srajiang