Creating a Custom OAuth Application
Creating a Custom OAuth Application
CData embeds OAuth Application Credentials with CData branding that can be used when connecting to Slack via a desktop application or a headless machine. (For information on getting and setting the OAuthAccessToken and other configuration parameters, see the Desktop Authentication section of Establishing a Connection.)However, you must create a custom OAuth application to connect to Slack via the Web. And since custom OAuth applications seamlessly support all three commonly-used auth flows, you might want to create custom OAuth applications (use your own OAuth Application Credentials) for those auth flows anyway.
Custom OAuth applications are useful if you want to:
- control branding of the authentication dialog;
- control the redirect URI that the application redirects the user to after the user authenticates; or
- customize the permissions that you are requesting from the user.
Procedure
To obtain the OAuth credentials OAuthClientId, OAuthClientSecret, and CallbackURL, you must create an OAuth application. This involves creating the application itself, setting a callback URL for the application, and configuring permission scopes.
Create the Application
Creating the OAuth application obtains two OAuth client credentials: OAuthClientId and OAuthClientSecret.
- Go to https://api.slack.com/apps.
- Click Create New App > From scratch.
- Specify a name and workspace for the application, select a workspace, then click Create App. Your new app's Basic Information > App Credentials page opens.
- If you intend to authenticate with OAuth 2.0 (when AuthScheme is set to OAuth), record the Client Id and Client Secret for future use.
Set a Callback URL
After creating your application, define its CallbackURL:
- In your application settings, navigate to Features > OAuth & Permissions.
- In the Redirect URLs section, click Add a New Redirect URL.
- Set the callback URL to https://127.0.0.1:33333, or another port of your choice, then click Add > Save URLs.
- Record the URL.
Configure Permission Scopes
In order to use all possible features, you must specify the required scopes within the application itself.
To configure the appropriate scopes within the OAuth application:
- In your app settings, navigate to Features > OAuth & Permissions > Scopes.
- Navigate to User Token Scopes if you are authenticating a normal user or Bot Token Scopes if you are authenticating a bot user.
- Click Add an OAuth Scope to open a scope selector called Add permission by Scope or API method....
- Select the desired scope from the list.
- Repeat steps 3-4 until you have added your desired scopes.
Required Scopes for Modern Apps (V2 OAuth 2.0):
If you have set OAuthVersion to v2 (Slack's "V2" implementation of OAuth 2.0), enable the following scopes.
- calls:read
- calls:write
- channels:read
- channels:history
- channels:write
- chat:write
- dnd:read
- dnd:write
- files:read
- files:write
- groups:read
- groups:history
- groups:write
- im:read
- im:history
- im:write
- links:read
- links:write
- mpim:read
- mpim:history
- mpim:write
- pins:read
- pins:write
- reactions:read
- reactions:write
- reminders:read
- reminders:write
- search:read
- stars:read
- stars:write
- team:read
- usergroups:read
- usergroups:write
- users:read
- users:read.email
- users.profile:write
Required Scopes for "Sign in with Slack" Apps (OpenID Connect):
If you have set OAuthVersion to openid (the "Sign in with Slack" OpenID Connect flow), only specify the following scopes:
- openid
- profile
Obtaining an OAuth Token (Token Authentication Only)
If you intend to authenticate via token authentication (when AuthScheme is set to Token), perform the following steps to generate an OAuth Token:
- Navigate to Features > OAuth & Permissions > OAuth Tokens and click Install to <workspace name>. The token confirmation page opens.
- From the token confirmation page, click Allow. You are then redirected back to the OAuth & Permissions page.
- The OAuth token can now be found in OAuth Tokens > User OAuth Token. Note the token value for later use.
Distributing Your Custom OAuth Application
If you want to make your OAuth application available to users in other workspaces and enable them to install it:- In your application settings (Settings section), click Manage Distribution.
- Click Activate Public Distribution.