Trying to work around Slack OAuth2 missing scopes

Questions
,
1

Describe the problem/error/question

I’m trying to manage invite users to a private channel that the authorized user has access to. However the Slack OAuth2 credentials is not requesting the needed scopes even though the Slack App has the User Scopes set in the Apps configuration. The list of user scopes is hard coded in the credentials.
Slack Node “Invite users to a channel” is not having sufficient scopes, as the scope list requested for the auth token is hard coded in the node. The scopes needed are groups:write.invites and groups:write.

So I decided to work around this and use the HTTPrequest node with a Generic OAuth2 credential. Following the Slack docs I’ve set the Auth URI Query parameters:
user_scope=groups:read usergroups:read usergroups:write channels:write.invites groups:write.invites groups:write

The thing now is: Slack returns two tokens, a bot token (which is the default access_token field) and the user token in an additional field. The HTTPReqest Node only uses the default access_token where as the Slack Nodes use the authed_user.access_token(See Installing with OAuth | Slack Developer Docs).

How do I get n8n to work with the user token and not limit the scopes that I need to call all APIs?

I’m running on cloud so no custom nodes etc.

What is the error message (if any)?


"error": 
"missing_scope",
"needed": 
"groups:write.invites,groups:write",
"provided": 
"identify,channels:history,groups:history,im:history,mpim:history,channels:read,files:read,groups:read,im:read,mpim:read,reactions:read,search:read,stars:read,users:read,usergroups:read,users.profile:read,channels:write,chat:write,files:write,reactions:write,stars:write,usergroups:write,users.profile:write"

Please share your workflow

Share the output returned by the last node

Information on your n8n setup

  • n8n version: 1.119.1
  • Database (default: SQLite): -
  • n8n EXECUTIONS_PROCESS setting (default: own, main): -
  • Running n8n via (Docker, npm, n8n cloud, desktop app): cloud
  • Operating system: -
2

I was able to successfully add a user to a private channel by creating an App in slack, installing it and using the User OAuth Token as a Slack API credential.

The steps I followed were:

  1. Create an application at api.slack.com

  2. Choose From scratch, supply an App Name and your workspace.

  3. Features > OAuth & Permissions > User Token Scopes add:
    groups:write
    groups:write.invites

  4. Scroll back up to OAuth Tokens on the same page (you may need to navigate to another section and back to OAuth & Permissions or do a browser refresh) and the green Install to becomes active. Click on the button.

  5. Follow the Allow the app to access slack dialog and Allow.

  6. Then you get a User OAuth Token to use an Slack Access Token credential, copy this value.

  7. In the Invite a user to a channel Slack node click on Credential to connect with and Create new credential.

  8. Connect using Access Token and paste in the User OAuth Token from step 6.
    and it should test successfully then close the dialog.

    image
    image1190×500 20.6 KB

  9. Fill out the remaining fields in the Invite a use to a channel and you should see a response like these when testing it out:

    image
    image1815×1053 59.5 KB

1 Like
3

Thanks Gede,
that did the trick for now.
However this only works for the channels of the Admin user that installed the App in the workspace in the first place and not for a user that would follow the grant flow via OAuth. I was hoping there were a possibility to use a different user as well, that isn’t an App Admin in Slack.

4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.