Not_Authed Issue with Token Parameter vs Header Authorization Bearer

Question

Not_Authed Issue with Token Parameter vs Header Authorization Bearer

lf73 opened this issue 4 years ago · 8 comments

All requests result in a not_authed result. My existing code was working until I had to delete and recreate an app in Slack due to a user change. I have noticed that the BOT token is now longer.

Using the Slack API tester, I can successfully post a message to a channel. I compared what is sent in the Slack API test with what is being sent through the "SlackAPI" in C# using Fiddler. I found that Token is being used as a parameter versus using the recommended Authorization Bearer as an HTTP header.

Can SlackAPI be adjusted to use the Authorization Bearer?

Answer 1 · 2021-02-28T19:46:25.000Z

https://api.slack.com/web#authentication does indicate that while a bearer token is preferred &Token = should work.

The format of my original token
xoxb-123456789012-abcalphanumericabcacbddd

And new token
xoxb-12345678901-1234567890123-abcalphanumericgfdgsdgff

So perhaps this might be a bug in Slack not allowing the proper length in their parameter.

Answer 2 · 2021-02-28T22:18:03.000Z

Received a response from Slack Tech Support than Token is no longer supported for newly created apps.

https://api.slack.com/changelog/2021-02-24-how-we-broke-your-slack-app

Web API method authentication changes
Newly created Slack apps and custom integrations may no longer send token as a query string parameter and must send it instead as a POST parameter or better yet, a HTTP Authorization header. Existing apps may continue doing what they already do.

Here's what you need to know.
If you create a new app or legacy custom integration-based bot (or hubot), you'll need to send token to us the preferred way.
If you use a rare kind of blueprint-based app, newly created apps from that blueprint must also follow this rule.
There is no impact to existing apps.

Answer 3 · 2021-03-04T01:28:01.000Z

I believe I encountered this problem as well trying to post a message using a newly created app. Calls to SlackClient.PostMessage result in a PostMessageResponse with error 'invalid_auth'. Using the 'Tester' tab on the Slack website (https://api.slack.com/methods/chat.postMessage/test) works fine for the new app.

Answer 4 · 2021-03-05T14:45:29.000Z

Pull request is created.
#270

Answer 5 · 2021-03-11T17:38:33.000Z

Thanks for the PR @ifonya105 . I also walked into this issue today. Good to see someone had taken the time to investigate and fix :-). Hope it will be merged soon!

Answer 6 · 2021-03-18T20:04:50.000Z

Yep.. blocking issue. First experience with C# and slack today, and this really killed it. At least there is a fix :)

Answer 7 · 2021-03-24T03:00:59.000Z

Yesterday was also my first attempt at Slack integration with C#. Also blocked.

Answer 8 · 2021-03-29T13:28:26.000Z

Pull request is approved.
Thank you to all the participants!