npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@rewired/passport-slack

v1.0.6

Published

Slack authentication strategy for Passport

Downloads

22

Readme

@rewired/passport-slack

Passport strategy for authenticating with the Slack OAuth 2.0 API. This package is helpful to implement Add to Slack and Sign In with Slack for your applications.

Install

$ npm install --save passport @rewired/passport-slack

Usage

Create a Slack App

Before using this package, you must create a Slack App. You will be issued a Client ID and Client Secret, which need to be provided to the strategy. You will also need to configure a Redirect URL which matches a route in your node HTTP server.

Configure Strategy

The Slack strategy authenticates users using their Slack account and OAuth 2.0 access tokens. The Client ID and Client Secret obtained when creating your Slack App are supplied as options when creating the strategy. The strategy also requires a verify callback, which receives an access token for the user, the scopes for which the token was authorized, the team in which the user authorized your application, and optionally an authorization for a Bot User, an Incoming Webhook, and the user's profile. The verify callback must call done providing the value you want to assign to req.user in authenticated requests.

passport.use(
  new SlackStrategy(
    {
      clientID: SLACK_CLIENT_ID,
      clientSecret: SLACK_CLIENT_SECRET,
    },
    (
      accessToken,
      scopes,
      team,
      { bot, incomingWebhook },
      { user: userProfile, team: teamProfile },
      done
    ) => {
      // Create your desired user model and then call `done()`
      User.findOrCreate({ slackId: userProfile.id }, function (err, user) {
        return done(err, user);
      });
    }
  )
);

Authenticate Requests

Use passport.authenticate(), specifying the 'slack' strategy, to authenticate requests.

For example, as route middleware in an Express application:

// Visiting this route when not already authenticated with slack will redirect the user to slack.com
// and ask the user to authorize your application for the default scope (`identity.basic`).
app.get("/auth/slack", passport.authenticate("slack"));

// The user returns to the your site after the authorization above, and if it was successful
// the next route handler runs, otherwise the user is redirected to chosen failureRedirect.
app.get(
  "/auth/slack/callback",
  passport.authenticate("slack", { failureRedirect: "/login" }),
  function (req, res) {
    // Successful authentication, redirect home.
    res.redirect("/");
  }
);

Instead of the default scope (identity.basic - the least privileged scope for Sign In with Slack), you can specify your own as options for passport.authenticate().

// Sign In with Slack with multiple scopes for increased authorization. The user and team profiles
// in the verify callback will now have much more information
app.get(
  "/auth/slack",
  passport.authenticate("slack", {
    scope: [
      "identity.basic",
      "identity.email",
      "identity.team",
      "identity.avatar",
    ],
  })
);

// Add to Slack with many services. The extra argument in the verify callback will now contain
// authorization data for the Bot User and Incoming Webhook.
app.get(
  "/auth/slack",
  passport.authenticate("slack", {
    scope: ["incoming-webhook", "commands", "bot"],
  })
);

If your application is already aware of a Slack Team ID that you intend the user to authenticate in, you can specify this ahead of time and save the user from having to select from all Slack Teams they may already be signed into.

app.get(
  "/auth/slack",
  passport.authenticate("slack", {
    team: SLACK_TEAM_ID,
  })
);

Examples

See the example directory for a simple Sign in With Slack server.

FAQ

How do I ask a user for additional permissions?

TODO

How is this module different from the existing passport-slack?

The existing module is a great start on adapting Slack workflows for OAuth. On closer look, I realized that the way Slack does OAuth is a little different from most providers. For example, Slack uses OAuth for Slack App installation, which is more than just authentication. I saw an opportunity to improve the developer ergonomics around making a library that aligns better with those Slack-specific use cases. Here are some of the key differences:

  • scope and team are options at "authorization-time", rather than when you instantiate the Strategy.
  • the verify callback's arguments are designed for the response you receive from Slack's oauth.access Web API method. the useless refreshToken is removed, and data about additional service authorization (like Incoming Webhooks, Slack Commands, etc) are provided.
  • documented all options (including those inherited from the super classes of SlackStrategy).
  • remove logs to the console.
  • authored in ES2016 so more modern syntax can be used, while still transpiling to and distributing ES5. along with modern syntax, the source is linted to adopt consistent code style.
  • removed unnecessary dependency of the OAuth 1.0 package.