I am building a slack app that I am planning to distribute to multiple organizations / workspaces. I use the bot token that I get using the Slack Oauth2 flow (https://api.slack.com/authentication/oauth-v2) . The bot token has the correct scopes and lets me do things on the workspace. I have some features that need a user token, for example, setting reminders for a user, which needs a user token. This is set when the user does some interaction with the app, like installing it for the first time or opening the home page or a button click. How do I obtain the user token, how do I store / reuse them?
Also, how do I manage the bot token for different workspaces / organizations?
My backend / app is essentially a Python flask app. Thanks!
I tried setting the reminder with the bot token and I get this error,
slack_sdk.errors.SlackApiError: The request to the Slack API failed. (url: https://www.slack.com/api/reminders.list) The server responded with: {'ok': False, 'error': 'not_allowed_token_type'}
How do I obtain the user token, how do I store / reuse them?
When a user installs your app using Slack Oauth2 flow, you should get the following token response from Slack:
{
"ok": true,
"access_token": "xoxb-<...>", <---BOT TOKEN
"token_type": "bot",
<...>
"authed_user": {
"access_token": "xoxp-1234", <---USER TOKEN
"token_type": "user"
<...>
}
}
Use the user token when you need to perform operation on behalf of the user who installed your app, and use the bot token when you perform operation as a bot. Each user who installed your app will have their own user token. Store the token in some safe place as advised by Slack docs: https://api.slack.com/authentication/best-practices
Also, how do I manage the bot token for different workspaces /
organizations?
Each workspace that has your app installed will have their own bot token. So you need to have an ability to distinguish the tokens for different workspaces.