Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

web-api token should be passed in header instead of body param #1132

Closed
5 tasks done
stevengill opened this issue Dec 9, 2020 · 3 comments · Fixed by #1337
Closed
5 tasks done

web-api token should be passed in header instead of body param #1132

stevengill opened this issue Dec 9, 2020 · 3 comments · Fixed by #1337
Assignees
@filmaj
Labels
enhancement M-T: A feature request for new functionality pkg:web-api applies to `@slack/web-api`
Milestone
web-api@6.5.0

Comments

@stevengill
Copy link
Member

Description

Slack's api is dropping support in Feb 2021 for token to be passed in as a body param. We should update web-api to always pass in token via header

What type of issue is this? (place an x in one of the [ ])

  • enhancement (feature request)

Requirements (place an x in each of the [ ])

  • I've read and understood the Contributing guidelines and have done my best effort to follow them.
  • I've read and agree to the Code of Conduct.
  • I've searched for any related issues and avoided creating a duplicate issue.

Packages:

Select all that apply:

  • @slack/web-api
@stevengill stevengill added enhancement M-T: A feature request for new functionality pkg:web-api applies to `@slack/web-api` labels Dec 9, 2020
@stevengill stevengill self-assigned this Dec 9, 2020
@seratch
Copy link
Member

seratch commented Dec 9, 2020

@stevengill I think it's great to always use Authorization header (Python & Java SDKs do so). But, just to clarify here, it's fine to use POST body params. The only thing we no longer recommend is to use querystrings.

Instead, apps must send tokens in the Authorization HTTP header or alternatively as a URL-encoded POST body parameter.
https://api.slack.com/changelog/2020-11-no-more-tokens-in-querystrings-for-newly-created-apps

@stevengill
Copy link
Member Author

ooo thanks @seratch! good to know. Still worth moving to using Authorization Header since it is needed for other token types (app Token)

This was referenced Jan 7, 2021
Closed
Open
@stevengill stevengill removed their assignment Mar 5, 2021
@seratch seratch added this to the web-api@6.3 milestone Mar 24, 2021
@seratch seratch modified the milestones: web-api@6.x, web-api@6.3 Apr 13, 2021
@seratch seratch modified the milestones: web-api@6.3, web-api@6.4 Jul 13, 2021
@srajiang srajiang modified the milestones: web-api@6.4, web-api@6.5.0 Aug 19, 2021
@filmaj filmaj self-assigned this Sep 14, 2021
@filmaj
Copy link
Contributor

filmaj commented Sep 14, 2021

Talking with @stevengill, need to make sure this code in socket mode client continue to work

filmaj added a commit that referenced this issue Sep 15, 2021
@filmaj
Move token sending to authorization header instead of body parameter. F…
be8e38e 
…ixes #1132.
@filmaj filmaj mentioned this issue Sep 15, 2021
Merged
seratch pushed a commit that referenced this issue Sep 17, 2021
@filmaj
Move token sending to authorization header instead of body parameter (#…
957c957 
…1337)

* Move token sending to authorization header instead of body parameter. Fixes #1132.
* Enable another level of overriding Authorization header via the apiCall() method options parameter.
srajiang pushed a commit that referenced this issue Dec 10, 2021
@filmaj @srajiang
Move token sending to authorization header instead of body parameter (#…
801c52c 
…1337)

* Move token sending to authorization header instead of body parameter. Fixes #1132.
* Enable another level of overriding Authorization header via the apiCall() method options parameter.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@filmaj filmaj

Labels
enhancement M-T: A feature request for new functionality pkg:web-api applies to `@slack/web-api`
Projects
None yet
Milestone
web-api@6.5.0
Development

Successfully merging a pull request may close this issue.

Move token sending to authorization header instead of body parameter slackapi/node-slack-sdk
4 participants
@seratch @filmaj @stevengill @srajiang