I'm trying to obtain a list of private channels in Slack (on a per-user basis is fine), but I'm having trouble seeing this information. I installed my application into the workspace in Slack originally and got an OAuth token in the form xoxp-4............
App OAuth token
When I try to use the slack API (node SDK) then I only get the publicly listed channels.
await new WebClient(`xoxp-4.....`)
.conversations
.list({ exclude_archived: true })
).channels
I get the same if I try using the Slack API tester to grab a channel list.
User OAuth token
I've followed the OAuth 2.0 process to obtain a token for a given user (myself). I think I've done all this correctly (here's a response):
{
ok: true,
access_token: 'xoxp-4.........',
scope: 'identify,bot,commands,channels:history,groups:history,im:history,mpim:history,channels:read,emoji:read,groups:read,im:read,search:read,team:read,users:read,users:read.email,usergroups:read,users.profile:read,chat:write:user,chat:write:bot,links:read',
user_id: 'UD......',
team_name: '............',
team_id: '.......',
scopes: ['identify',
'bot',
'commands',
'channels:history',
'groups:history',
'im:history',
'mpim:history',
'channels:read',
'emoji:read',
'groups:read',
'im:read',
'search:read',
'team:read',
'users:read',
'users:read.email',
'usergroups:read',
'users.profile:read',
'chat:write:user',
'chat:write:bot',
'links:read'
]
}
Interestingly I discovered this provides me with exactly the same OAuth token if I goto the application management (I assume because it was me who installed the app to the workspace).
Obviously, because it's the same token, I don't get permissions to see the private channels still, even though as far as I'm aware I should be able to do everything I can do as a user?
Can anyone point me to what I might be missing?
The reason why you do not get the private channels is that you are not requesting them.
The conversations.list method will return public channels by default only. To also get private channels you need set the parameter types accordingly. e.g. types = public_channel,private_channel.
Similar with calling channels.list. Channels.list will only return public channels. If you want to get the private channels you need to call groups.list. (note that private channels are called groups in the API for historical reasons).
In general I would recommend using conversations.list, which is more powerful and the recommended approach to get all types of conversations.
Related
In Swagger I have had problems to configure the authorizations.
In Available authorizations there are two fields to fill:
subscription_key (apiKey)Provide your cognitive services subscription key here.Name: Ocp-Apim-Subscription-Key
token (apiKey)
Provide an access token from the JWT returned by the STS of this region. Make sure to add the management scope to the token by adding the following query string to the STS URL: ?scope=speechservicesmanagement
I did not find it clear where I have to get this info.
Could someone help me?
The two paramters can be found as follows:
1. subscription_key parameter: this can be found in Azure portal> Navigate to the Speech service that you must have created (Cognitive Service) or see here to create new Speech service > use the value from Key1
Mine looks like below :
Things to remember :
The speech to text api (especially conversational api) is supported only in specific regions, I chose centralus.
The pricing tier should be S0 Standard to get the apis working (atleast for conversation apis)
2. token (apiKey) parameter :
You will need to generate the token by sending a post request to the speech service endpoint (see image above for location of endpoint url).
Add your subscription key as a header.
The post request will generate the access token as response
Things to remember :
As instructed in swagger, remember to add the query string of '?scope=speechservicesmanagement' to your endpoint url before generating the token.
ex: https://centralus.api.cognitive.microsoft.com/sts/v1.0/issuetoken?scope=speechservicesmanagement
I want all public and private repos of a user. So I first authenticate that user using basic OAUTH while authenticating I am also adding "REPO" scope. So as per api documentation I shoud get all repos using that token but I am getting only public ones. Can any one give me an example using JAVASCRIPT fetch method to get user private repos using access_token ?
I’m trying out the Authentication component in Firebase.
A) I have a situation where the web client javascript code firebase-app.js and firebase-auth.js 3.3.0...
firebase.auth().onAuthStateChanged and
firebase.auth().currentUser
... return different expected logged in user values, than the jvm
client [com.firebase/firebase-client-jvm "2.5.2"]. The JVM client
returns null user data.
My JVM client code is taken from Firebase’s QuickStart Guide. In
the JVM client, neither onAuthStateChanged handler is called, nor
does firebaseObj.getAuth() return any data.
I’m wondering where the discrepancy is. The web client was initialized
with “codepairio.firebaseapp.com”.
var config = { ... authDomain: “<my-firebase-app>.firebaseapp.com"
};
firebase.initializeApp(config);
B) The java client was initialized with “https://.firebaseio.com”. I’m using this URL as it’s specified in the guide and mentioned here. Also, if you try
to use “.firebaseapp.com”, you’ll get an error:
“IllegalStateException For a custom firebase host you must first set your authentication server before using authentication features!”.
So with that out of the way, we have...
new Firebase("https://<my-firebase-app>.firebaseio.com”);
Any ideas on how to get them to observe the same source of truth?
====> [EDIT]
Ok, I've gotten a bit further. It turns out that I was using an older firebase API (A) than the latest (B).
A) https://www.firebase.com/docs/android/guide/user-auth.html
B) https://firebase.google.com/docs/auth/server/
So if we look at Firebase's documentation for how to handle user's, we see this:
A Firebase User object represents the account of a user who has signed
up to an app in your Firebase project. Apps usually have many
registered users, and every app in a Firebase project shares a user
database.
A Firebase User instance is independent from a Firebase Auth instance. This means that you can have several references to different
users within the same context and still call any of their methods.
But i) the notion of FirebaseAuth.getInstance().getCurrentUser() doesn't make sense if our app is dealing with multiple users. And further, the FirebaseAuth.getInstance().getCurrentUser() method doesn't even exist. The FirebaseAuth class file (in com.firebase/firebase-client-jvm "2.5.2"), doesn't reflect the documentation.
$ javap -classpath ~/.m2/repository/com/google/firebase/firebase-server-sdk/3.0.1/firebase-server-sdk-3.0.1.jar com.google.firebase.auth.FirebaseAuth
Compiled from "FirebaseAuth.java"
public class com.google.firebase.auth.FirebaseAuth {
public static com.google.firebase.auth.FirebaseAuth getInstance();
public static synchronized com.google.firebase.auth.FirebaseAuth getInstance(com.google.firebase.FirebaseApp);
public java.lang.String createCustomToken(java.lang.String);
public java.lang.String createCustomToken(java.lang.String, java.util.Map<java.lang.String, java.lang.Object>);
public com.google.firebase.tasks.Task<com.google.firebase.auth.FirebaseToken> verifyIdToken(java.lang.String);
static com.google.api.client.json.JsonFactory access$000();
static com.google.firebase.auth.internal.FirebaseTokenVerifier access$100(com.google.firebase.auth.FirebaseAuth);
static {};
}
C) So far, using Firebase's Authentication service, on the server is very opaque to me at the moment. Can someone clarify the semantics of handling multiple users, getting lists of logged in users, verifying users with request tokens, etc. Where's the working API for all this?
I actually got an answer back, from Firebase Support, on this. Turns out that, based on the documentation, the capabilities available for the server side (nodejs and java) in terms of authentication are only i) creating custom tokens and ii) verifying ID tokens. As of now, handling users or getting the current user is not supported yet.
For the creation and verifying tokens in the server side, you can refer to this guide for more information. You can also check these posts for more information.
Firebase Java client with custom authentication
Is it still possible to do server side verification of tokens in Firebase 3?
https://firebase.googleblog.com/2013/03/where-does-firebase-fit-in-your-app.html
Hth
I'm developing an application where backend is asp.net owin based.
In Startup.cs I have IAppBuilder.useCookieAuthentication() { ... }. After successfully authenticated, current user with its roles can be accessed via HttpContext in all my web api controllers.
My javascript client side needs a knowledge about these roles in order to know how to display specific items. For example: user having administrator role can see additional tabs.
My question is: what's the best way to 'transfer' these roles to client side. Is it by writing some endpoint which will return these roles, or any other way?
Thanks
I totally agree with #cassandrad !
But if you want to access it as plain text, than you have to provide your own implementation of TicketDataFormat in the CookieAuthenticationOptions
public class CustomAccessTokenFormat : ISecureDataFormat<AuthenticationTicket>
{
// If you want to do custom serialization and encryption
public string Protect(AuthenticationTicket ticket)
{
return "UserName|Role1|Role2|..."; // your raw text serialization goes here
}
// Deserilaize and decrypt the ticket
public AuthenticationTicket Unprotect(string strTicket)
{
return new AuthenticationTicket(null, null); // deserialize the plain text here into an AuthenticationTicket object
}
}
You don't need to pass information about roles or permission in “raw” state to the client-side. Instead, you should have AuthenticationTicket — the thing that holds all information protected and encrypted. So, if you are using correct implementation of OWIN middleware, there is no need to do something by yourself — middleware will add all the necessary data to your response(inside cookies), client only need to resend this information back to the server next time when he wants to access some resources on the server.
And yes, I'm implying that you shouldn't have any information about permissions on your client-side — it is not secure.
Can I access Google Analytics data using a service account in a client-side application? If not, are there other ways of achieving the same outcome?
Must be entirely client-side, and must not require users to authenticate (hence the desire to use a service account).
Yes you can in https://code.google.com/apis/console make sure you say that its a Service account it will give you a key file to download. With that you dont need a user to click ok to give you access.
For a service acccount to work you need to have a key file. Anyone that has access to that key file will then be able to access your Analytics data. Javascript is client sided which means you will need to send the key file. See the Problem? You are handing everyone access to your account. Even if you could get a service account to work using javascript for security reasons its probably not a very good idea.
You can use the official (and alpha) Google API for Node.js to generate the token. It's helpful if you have a service account.
On the server:
npm install -S googleapis
ES6:
import google from 'googleapis'
import googleServiceAccountKey from '/path/to/private/google-service-account-private-key.json' // see docs on how to generate a service account
const googleJWTClient = new google.auth.JWT(
googleServiceAccountKey.client_email,
null,
googleServiceAccountKey.private_key,
['https://www.googleapis.com/auth/analytics.readonly'], // You may need to specify scopes other than analytics
null,
)
googleJWTClient.authorize((error, access_token) => {
if (error) {
return console.error("Couldn't get access token", e)
}
// ... access_token ready to use to fetch data and return to client
// even serve access_token back to client for use in `gapi.analytics.auth.authorize`
})
If you went the "pass the access_token back to client" route:
gapi.analytics.auth.authorize({
'serverAuth': {
access_token // received from server, through Ajax request
}
})