
Slack OAuth2 strategy for Passport

Primary LanguageJavaScriptMIT LicenseMIT


Passport strategy for authenticating with Slack using the OAuth 2.0 API.


$ npm install passport-slack


Configure Strategy

The Slack authentication strategy authenticates users using a Slack account and OAuth 2.0 tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

passport.use(new SlackStrategy({
    clientID: CLIENT_ID,
    clientSecret: CLIENT_SECRET
  function(accessToken, refreshToken, profile, done) {
    User.findOrCreate({ SlackId: profile.id }, function (err, user) {
      return done(err, user);

Authenticate Requests

Use passport.authorize() (or passport.authenticate() if you want to authenticate with Slack and affect req.user and user session), specifying the 'slack' strategy, to authenticate requests.

For example, as route middleware in an Express application:


  passport.authorize('slack', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.


By default passport-slack strategy will try to retrieve user profile from Slack. This requires users:read scope. To completely avoid getting profile, pass skipUserProfile option to strategy or if you just need basic user info, pass extendedUserProfile: false to strategy instead:

passport.use(new SlackStrategy({
		clientID: settings.clientID,
		clientSecret: app.settings.clientSecret,
		callbackURL: app.settings.callbackURL,
		scope: 'incoming-webhook',
		skipUserProfile: true
	}, ()=>{})

Or if you want to get basic profile:

passport.use(new SlackStrategy({
		clientID: settings.clientID,
		clientSecret: app.settings.clientSecret,
		callbackURL: app.settings.callbackURL,
		scope: 'incoming-webhook users:read',
    extendedUserProfile: false
	}, ()=>{})



The MIT License

Copyright (c) 2014 Michael Pearson