Rotation of Slack Bot authorisation tokens

Yesterday I wrote a conclusion about this post Slack - send message as bot - #26 by Saravicius

Only today I I realised I use BOT TOKEN which has an expiration time. Tried to find a way to solve that, and seems that might be a common issue by using Slack and n8n or I might be wrong.

Seems Slack provides Bot Oauth Token which is expiring. And “Refresh token” is not expiring, but now allowed to be used.

How do you guys use Slack in general to get authorised as BOT? As you all know, Oauth with users isn’t very helpful, because messages come by “ME” and notifications don’t appear in channels.

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:

Hey @Saravicius,

I have been using the same bot token for over a year now with no expiration :thinking: Which token type are you using is it the access / api token or are you trying to use the oauth credential with it?

I find several type of tokens:

1. App-Level Tokens in BASIC INFORMATION area

2. Oauth and Refresh tokens for USER and BOT in " OAuth & Permissions" section

3. App configuration tokens

So in general all REFRESH tokens are endless, but is not supportable by n8n (returns “not_allowed_token"type” and all “Oauth” tokens expires.

Maybe I am missing something, but I passed all api.slack.com area of my app and found nothing except my provided tokens.

Seems here is the answers. After deleting an app, I found that I have OPTED IN to “Advanced token security via token rotation” earlier and forgot about that. This turns token rotation. And it’s an irreversible action.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.