Here’s the code snippet that your code receiving endpoint can run to get the access token: def callback response = Slack::Web::_access( client_id: ENV, client_secret: ENV, code: params, redirect_uri: slack_callback_url ) response.inspect Team.find_or_create_by(id: response.team_id).update( name: response.team_name, access_token: response.access_token, # encrypted using this ) redirect_to root_path, notice: 'Successfully connected' end To make my life easier, I’m using the Slack-ruby-client gem to help interact with the Slack API. It’s a simple API call to Slack, and they will give us the holy access token we need to interact with the team’s Slack. Wait, what? no worries, it’s much simpler than it sounds. Now you need to exchange the code param with an access token from the Slack API. Ok, I got the code param, what do I do now? This redirect_uri must match the one you configure in this page (If no redirect_uri is specified, the “add to Slack” button will default to the redirect URL you specify in this app settings page.) If there is a match, the request will hit your endpoint, with an important parameter called code which will translate to the team’s access token. After allowing your app to get the required scopes (more about this below), Slack will send a request to the redirect_uri you specified in your “Add to Slack” button. When a user installs the app via the “Add to Slack” button, they will go through a consent screen. I’ll present the sections in the part in the same order I think you should configure your own app. To make your app public, you will use this screen as well. It’s also important to know that Slack apps usually start their life as available only to your team and not to the public. to_i slack_signature = request.headers raise 'Validation Error ' unless timestamp.present? & slack_signature.present? head :unauthorized if request_too_old? (timestamp ) body = sig_basestring = " v0: # &redirect_uri="%> You can read up on it here or just use this example implementation: # use this as a before_action in your controller def validate_slack_token timestamp = request.headers. There is a very specific recipe for verifying that a request came from Slack where you concatenate the timestamp and the request body, and then sign it with your secret, and then check the results. In order to make sure a request your server got is from Slack and not some random attacker, Slack will include two important headers: X-Slack-Request-Timestamp and X-Slack-Signature in all their HTTP requests. It’s a good security practice to place these in environment variables, not in the code, and absolutely make sure they don’t reach your remote repository! The Client ID is embedded in the “Add to Slack” button. It might sound counter-intuitive, but when a team installs your app, you will have to use this id-secret combination to fetch their specific OAuth token, which you will use in later communications about that team. You can read more about this here, later.īoth the Client ID and Client Secret are used when communicating with Slack’s backend about stuff that’s not in the context of a specific team. It's required that a plugin export a default function that will be called during initialization.The app ID is used to help Slack suggest your bot when a link to your domain is shared in a conversation. A plugin can also subscribe to be called whenever a message has not been handled by any command (for example, as a fallback). Each plugin can define any number of commands that it supports (a command can only be supported by a single plugin). They handle all the platform-specific tasks like listening for new messages and transforming them into a standard message object for the bot service. The clients are how users interface with the bot service. The same bot service can be utilized through different clients. The Whatsapp client is also configured this way. See the config package documentation for more information. The bot uses a JSON configuration file located in the. Currently there's no security to restrict access to this endpoint so be aware that anyone could post messages to the bot. This makes it really easy to have any number of interfaces tied to the same bot service. The bot then will run that message through any commands that are supported and sends back the response. The bot service starts a web server on port 3000 (which is configurable) and accepts POST requests on "/message" with the body being JSON data representing a message object.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |