I’m trying to use auth0 to fetch some additional scopes for Slack. The documentation is here:
There are two Slack connectors built into Auth0: the deprecated OAuth 2.0 connector, which doesn’t have the scopes I need (and is deprecated), and also the Sign In With Slack connector, which also doesn’t have the scopes I need. So I figured I would create a custom connector.
Authorization URL: Something went wrong when authorizing this app. | Slack
Token URL: https://slack.com/api/oauth.v2.access
Scopes: identity.basic,identity.email,identity.avatar,identity.team
(I actually need several additional scopes: users:read,users:read.email,search:read, which is why I’m not using the standard connector, but I can easily demonstrate with just the identity.* ones.
When that custom connector is run, it passes all of those scopes in the scope parameter – which seems right, but according to the Slack docs, some of the scopes (all of them in my case) need to go into a user_scope parameter instead.
https://slack.com/oauth/v2/authorize?login_hint=&prompt=login&response_type=code&redirect_uri=xxxx&scope=identity.basic,identity.email,identity.avatar,identity.team&state=xxxx&client_id=xxxx
So the scope here should be user_scope, and scope= can probably be omitted (it definitely works when it’s blank).
I saw this post: Pass additional scopes/permissions to a Social Connection
It suggests using the management API to patch the requests. I could do that, but would that work to add an additional parameter, rather than change an existing one? Is there a different solution?
.