Slack: RTM Error - received unmapped event msg=invalid_auth code=401

Question

Slack: RTM Error - received unmapped event msg=invalid_auth code=401

Closed this issue 9 months ago · 3 comments

Hi,

Sometime during last week, I've noticed that matterircd slack support stopped working for me, with reocurring logging like this:

slack-go/slack2023/09/26 19:26:23 websocket_managed_conn.go:86: RTM connection succeeded on try 0
slack-go/slack2023/09/26 19:26:24 websocket_managed_conn.go:411: Incoming Event: {"type":"error","error":{"msg":"invalid_auth","code":401,"source":"gatewayserver-fra-44"}}
slack-go/slack2023/09/26 19:26:24 websocket_managed_conn.go:501: RTM Error - received unmapped event "error": {"type":"error","error":{"msg":"invalid_auth","code":401,"source":"gatewayserver-fra-44"}}
slack-go/slack2023/09/26 19:26:24 websocket_managed_conn.go:243: killing connection signaled
...

slack-go/slack2023/09/26 19:27:24 websocket_managed_conn.go:86: RTM connection succeeded on try 1
slack-go/slack2023/09/26 19:27:25 websocket_managed_conn.go:411: Incoming Event: {"type":"error","error":{"msg":"invalid_auth","code":401,"source":"gatewayserver-lhr-2"}}
slack-go/slack2023/09/26 19:27:25 websocket_managed_conn.go:501: RTM Error - received unmapped event "error": {"type":"error","error":{"msg":"invalid_auth","code":401,"source":"gatewayserver-lhr-2"}}
slack-go/slack2023/09/26 19:27:25 websocket_managed_conn.go:243: killing connection signaled
slack-go/slack2023/09/26 19:27:25 websocket_managed_conn.go:205: Connecting to RTM

Eventually rate-limiting seem to be added to such messages:

slack-go/slack2023/09/25 07:11:57 websocket_managed_conn.go:181: Connecting to RTM
slack-go/slack2023/09/25 07:11:57 rtm.go:71: Using URL: wss://wss-primary.slack.com/websocket/LEGACY_BOT:94c5a4615eb29a760a543cb2a10820c0
slack-go/slack2023/09/25 07:11:57 websocket_managed_conn.go:197: Dialing to websocket on url wss://wss-primary.slack.com/websocket/LEGACY_BOT:94c5a4615eb29a760a543cb2a10820c0
slack-go/slack2023/09/25 07:11:57 websocket_managed_conn.go:62: RTM connection succeeded on try 8765
slack-go/slack2023/09/25 07:11:58 websocket_managed_conn.go:387: Incoming Event: {"type":"error","error":{"msg":"invalid_auth","code":401,"source":"gatewayserver-fra-44"}}
slack-go/slack2023/09/25 07:11:58 websocket_managed_conn.go:477: RTM Error - received unmapped event "error": {"type":"error","error":{"msg":"invalid_auth","code":401,"source":"gatewayserver-fra-44"}}
slack-go/slack2023/09/25 07:11:58 websocket_managed_conn.go:219: killing connection signaled
slack-go/slack2023/09/25 07:11:58 websocket_managed_conn.go:181: Connecting to RTM
slack-go/slack2023/09/25 07:11:58 rtm.go:67: Failed to connect to RTM: slack rate limit exceeded, retry after 1m0s
slack-go/slack2023/09/25 07:11:58 websocket_managed_conn.go:185: Failed to start or connect to RTM: slack rate limit exceeded, retry after 1m0s
slack-go/slack2023/09/25 07:11:58 websocket_managed_conn.go:151: reconnection 1 failed: slack rate limit exceeded, retry after 1m0s reconnecting in 1m0s

Tried re-authorizing using tokens from the current browser session, and while matterircd's "slack" user sends login OK token used: xoxc-...|d=xoxd-...; messages (really wish it wouldn't be sending auth credentials in plaintext to me like that), and sending messages to slack seem to work, I think receiving msgs does not work, as these errors don't seem to go away, though I didn't test it today (don't have any special slack-for-testing setup).

I was always only using "slack sso login / xoxc tokens" authentication method (two tokens from browser's cookie/post-request), and don't think I had similar issue within about a year of running matterircd.

Tested with 0.25 and 0.27.1 - both seem to have same issue.
Debug log from starting 0.25 to the message, in case it might be useful, with anything sensitive redacted inline: matterircd.debug.2023-09-26.log

Not sure what else to try with this issue, is it likely to be a change in Slack's "LEGACY_BOT" API endpoint, which slack-go seem to be trying to use? (it sounds like something that might've been deprecated)
I've looked at slack-go/slack issues and PRs, but haven't been able to find anything relevant there.

Thanks.

Answer 1 · 2023-09-26T16:31:09.000Z

After a bunch more experimentation, I've also got general login errors (not getting to login OK), and at this point not convinced that it's not just me, my slack account, and/or my weird irc setup.
So unless someone bumps into same issue, it's probably not worth looking into. Sorry for the noise.

Answer 2 · 2023-09-26T20:47:19.000Z

Not a slack user here but here's my 2c.

It's likely tokens (or auth cookie) have a lifetime / expiry time and the token used probably expired.

Answer 3 · 2023-09-26T23:42:08.000Z

Yeah, that was my first thought as well (as also mentioned in the msg - "Tried re-authorizing using tokens from the current browser session"), but didn't seem to help, with that strange "login OK" but apparently not-ok result.
But iirc that's only after matterircd restart, while straight-up "login " to "slack" initially timed-out (maybe because of some rate-limiting).

I've also noticed that I had an old token sent by ZNC in PASS after that, and after putting fresh token in both places, I couldn't reproduce even "login OK" result.
And then I also vaguely remembered that I had issue with copying those with- and without- url-encoding, so maybe I messed that up...

So I think it's probably my fault somewhere, and maybe after hammering slack with expired token for days, there's just some straight-up anti-bruteforce rate-limiting in action, which is why I thought to close this and only reopen if I'll try all the things in more rigorous order :)