Problem statement
Recently we removed deprecated identity.* user scopes from our Slack Application. That caused the inability to use Slack OAuth-based social connection for our application.
We have tried creating a new custom connection based on the migration instructions from Slack (Sign in with Slack | Slack), but it didn’t work, upon login, we’re seeing the error ‘Invalid user ID’ - most likely caused by Slack sending user data differently (at least it’s something we faced for internal dev SIWS flow).
We also tried to use the connection from the marketplace
https://marketplace.auth0.com/integrations/sign-in-with-slack
but it looks like it’s using legacy scopes as well. Is there a way to use Auth0 connection for new(er) SIWS flow or we should bring identity.* scopes back to our Slack App?
Solution
A new custom Social OIDC connection should be created using endpoints shown in the Slack .well-known endpoint here: https://slack.com/.well-known/openid-configuration
The Fetch User Profile Script that currently works (but only maps ‘email’ and ‘user_id’ fields, it can be extended by referring to the userinfo() endpoint documentation from Slack: openid.connect.userInfo method | Slack ) as below:
function(accessToken, ctx, cb) {
request.get(
{
url: 'https://slack.com/api/openid.connect.userInfo';,
headers: {
'Authorization': 'Bearer ' + accessToken,
}
},
(err, resp, body) => {
if (err) {
return cb(err);
}
if (resp.statusCode !== 200) {
return cb(new Error(body));
}
let bodyParsed;
try {
bodyParsed = JSON.parse(body);
} catch (jsonError) {
return cb(new Error(body));
}
const profile = {
user_id: bodyParsed["https://slack.com/user_id""],
email: bodyParsed.email
};
cb(null, profile);
}
);
}