First off, thanks to all involved in both this fork and the original gem.
Love the team functionality...but I had some surprises using it. Would like to know if there's something wrong in my setup/usage and/or my fix(/workaround). Hope it's OK to ask here...
Setup
I have access to at least 2 Slack teams/workspaces. Let's call them TeamA and TeamB.
I also have at least 2 Slack identities:
- UserA has access to TeamA
- UserAB has access to both TeamA and TeamB
My Devise config picks up TeamA values
config.omniauth :slack,
ENV['SLACK_APP_CLIENT_ID'],
ENV['SLACK_APP_CLIENT_SECRET'],
scope: 'identity.basic, identity.email',
team: ENV['SLACK_OAUTH_TEAM_ID'],
team_domain: ENV['SLACK_OAUTH_TEAM_DOMAIN'] // 'teama'When either user is signed into TeamA, things work as expected—Slack asks if I want TeamA to grant my app permission to access basic and email info.
Weird(?) behavior
The weird thing is when UserAB is signed into only TeamB.
When that is the case and I start the flow, I see
- the address bar show
https://teama.slack.com/oauth?... briefly
- it change to
https://teamb.slack.com/oauth?...
- it asks permission against TeamB
If I grant permission, I get a token for UserAB in TeamB.
Expected? Unexpected?
Fix(/ Workaround?)
Double-check the Team ID in my callback controller and redirect back to the root page if there's a mismatch:
app/controllers/users/omniauth_callbacks.rb
module Users
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def slack
access_token = request.env['omniauth.auth']
if access_token.info['team_id'] != ENV['SLACK_OAUTH_TEAM_ID']
flash[:error] = t 'slack.wrong_workspace', team_domain: ENV['SLACK_OAUTH_TEAM_DOMAIN']
return redirect_to root_path
end
# proceed normally ...
end
# ...Seem reasonable?
TIA!
First off, thanks to all involved in both this fork and the original gem.
Love the team functionality...but I had some surprises using it. Would like to know if there's something wrong in my setup/usage and/or my fix(/workaround). Hope it's OK to ask here...
Setup
I have access to at least 2 Slack teams/workspaces. Let's call them TeamA and TeamB.
I also have at least 2 Slack identities:
My Devise config picks up TeamA values
When either user is signed into TeamA, things work as expected—Slack asks if I want TeamA to grant my app permission to access basic and email info.
Weird(?) behavior
The weird thing is when UserAB is signed into only TeamB.
When that is the case and I start the flow, I see
https://teama.slack.com/oauth?...brieflyhttps://teamb.slack.com/oauth?...If I grant permission, I get a token for UserAB in TeamB.
Expected? Unexpected?
Fix(/ Workaround?)
Double-check the Team ID in my callback controller and redirect back to the root page if there's a mismatch:
app/controllers/users/omniauth_callbacks.rb
Seem reasonable?
TIA!