Creating a Custom OAuth Application
Creating a Custom OAuth Application
CData embeds OAuth Application Credentials with CData branding that can be used when connecting to Slack via a desktop application or a headless machine. (For information on getting and setting the OAuthAccessToken and other configuration parameters, see the Desktop Authentication section of Creating the Data Source Name.)However, you must create a custom OAuth application to connect to Slack via the Web. And since custom OAuth applications seamlessly support all three commonly-used auth flows, you might want to create custom OAuth applications (use your own OAuth Application Credentials) for those auth flows anyway.
Custom OAuth applications are useful if you want to:
- control branding of the authentication dialog;
- control the redirect URI that the application redirects the user to after the user authenticates; or
- customize the permissions that you are requesting from the user.
Procedure
To obtain the OAuth credentials OAuthClientId, OAuthClientSecret, and CallbackURL, you must create an OAuth application. This involves creating the application itself, setting a callback URL for the application, and configuring permission scopes.
Create the Application
Creating the OAuth application obtains two OAuth client credentials: OAuthClientId and OAuthClientSecret.
- Go to https://api.slack.com/apps.
- Click Create New App > From scratch.
- Specify a name and workspace for the application, then click Create App. The Client Id and Client Secret are listed in the App Credentials section, under Basic Information.
- Record the Client Id and Client Secret for future use.
Set a Callback URL
After creating your application, define its CallbackURL:
- In your application settings, navigate to Features > OAuth & Permissions.
- In the Redirect URLs section, click Add a New Redirect URL.
- Set the callback URL to http://127.0.0.1:33333, or another port of your choice.
- Record the URL.
Configure Permission Scopes
In order to use all possible features, you must specify the required scopes within the application itself.
To configure the appropriate scopes within the OAuth application:
- In your app settings, navigate to Features > OAuth & Permissions > Scopes.
- Navigate to User Token Scopes if you are authenticating a normal user or Bot Token Scopes if you are authenticating a bot user.
- Click Add an OAuth Scope to open a scope selector called Add permission by Scope or API method....
- Select the desired scope from the list.
- Repeat steps 3-4 until you have added your desired scopes.
Required Scopes for Modern Apps (V2 OAuth 2.0):
If you have set OAuthVersion to v2 (Slack's "V2" implementation of OAuth 2.0), enable the following scopes.
- calls:read
- calls:write
- channels:read
- channels:history
- channels:write
- chat:write
- dnd:read
- dnd:write
- files:read
- files:write
- groups:read
- groups:history
- groups:write
- im:read
- im:history
- im:write
- links:read
- links:write
- mpim:read
- mpim:history
- mpim:write
- pins:read
- pins:write
- reactions:read
- reactions:write
- reminders:read
- reminders:write
- search:read
- stars:read
- stars:write
- team:read
- usergroups:read
- usergroups:write
- users:read
- users:read.email
- users.profile:write
These values are all sent as default scopes in the GetOAuthAuthorizationURL and GetOAuthAccessToken procedures.
Required Scopes for "Sign in with Slack" Apps (OpenID Connect):
If you have set OAuthVersion to openid (the "Sign in with Slack" OpenID Connect flow), only specify the following scopes:
- openid
- profile
Distributing Your Custom OAuth Application
To make your OAuth application available to users in other workspaces and enable them to install it:- In your application settings (Settings section), click Manage Distribution.
- Complete the procedures to set a callback URL and configure permissions.
- Click Activate Public Distribution.