I will give this issue a shot 🤠

A question: is it expected that the handleCallback method could potentially run an "auth test" using both a bot and a user token in one invocation of handleCallback? I ask this because the way the tests run through the v2 success callback test scenario currently, I think due to the way the response is mocked out, both a access_token for a bot user as well as an authed_user access token are provided. Is this expected?

If it is, then I can expand these tests to verify that the WebClientOptions as well as the the correct access token type(s) are forwarded along during API calls.

Thanks for any info!

hmm. It seems like this code could use a bit of improvement. I think the second authResult in the section i highlighted should be moved into the if statement.

          if (v2Resp.is_enterprise_install && v2Installation.enterpriseUrl === undefined) {
            const authResult = await runAuthTest(v2Resp.authed_user.access_token, this.clientOptions);
            v2Installation.enterpriseUrl = authResult.url;
          }

I don't think authResult should ever have to run more than once.

@stevengill when you say "the second authResult in the section I highlighted", which one do you mean? I see three authResult constructions:

• as part of the v1 auth flow
• as part of the v2 bot install flow
• as part of the v2 user install flow

Move 472 to 475.

The v2 user install flow. Being in that if statement would mean it would only run in the circumstance that it is a v2 app and no bot token (only user token).