-
Notifications
You must be signed in to change notification settings - Fork 380
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token rotation in Bolt - What needs to be done? #1395
Comments
Hi @RomainCscn, thanks for asking the question!
Yes for rotating the tokens when handling requests from Slack API server. When your app receives a request from Slack and the associated tokens in database are expiring or already expired, bolt-js (and its underlying
Indeed, the document should have some information, but perhaps, checking the code won't take so much time. Here is the lines of code that actually does the rotation for you: In addition to migrating your app code to bolt-js, you may need to migrate the existing tokens in your database (if exists). Specifically, the existing tokens without corresponding refresh tokens need to be converted by performing Is everything clear now? |
Thanks for your reply @seratch. Crystal clear now! 👍 I'm just wondering, I'm my case, how this would be handled:
If I enable token rotation, as I'm using the token in a project different than the one where installations are stored, how what you describe above could work? |
If the Here is a simple example code: const { InstallProvider } = require('@slack/oauth');
const installer = new InstallProvider({
clientId: process.env.SLACK_CLIENT_ID,
clientSecret: process.env.SLACK_CLIENT_SECRET,
stateSecret: 'my-state-secret' // this does not matter for this use case, though
});
async function rotateTokenBeforeUsing(query) {
return await installer.authorize({
enterpriseId: query.enterpriseId,
teamId: query.teamId,
// if you have user tokens, this can be done too
// userId: query.userId,
});
} See also:
I hope this helps. |
Ok I understand. That's exactly what I needed: I can either schedule a cron job to do that or just call Thanks a lot @seratch. Last question, is this possible with |
@RomainCscn Yes, it is. |
Does |
@RomainCscn Ah, no it doesn't. |
Ok, thanks again @seratch. |
Description
Hello! For now, I'm using
@slack/oauth
to handle my OAuth installation (because the callback to persist data is unavailable in bolt see #1211).I'm planning to migrate my installation workflow over to
@slack/bolt
soon (as soon asv3.11
is released) and will take the opportunity to use token rotation.In the documentation, it is said that:
Does this mean that there is nothing to be done to handle token rotation? If I use OAuth with bolt with the various methods (
storeInstallation
,fetchInstallation
), the token will be updated automatically?Does this use
events
? I think I'm missing something here.Furthermore, I can't find any documentation on token rotation for
@slack/oauth
, is it not handled by this package?Thanks in advance!
What type of issue is this? (place an
x
in one of the[ ]
)Requirements (place an
x
in each of the[ ]
)The text was updated successfully, but these errors were encountered: