-
Notifications
You must be signed in to change notification settings - Fork 398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Update to Slack OAuth V2 #1591
Conversation
Hi @kangmingtay and @hf! There is an end-of-life for creating Legacy Slack Apps on June 4th. I'm hoping we can check in by then so that Supabase will still support Slack OAuth. Please let me know if there are any additional updates you would like to see. |
246dcc3
to
36304f2
Compare
As requested @kangmingtay I undid the changes to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for the quick turnaround @zhawtof! i'll test this out later this week and if it's all good, we can merge it in
it would be nice if you can make a PR to update the slack oauth docs too - you can take a look at what we did for the linkedin oauth docs when we had to update the provider to support the new API
Updated the docs @kangmingtay. Hopefully, the PR is now good to go. After this change, I want to reference a new issue missing in Supabase Auth around Slack. The legacy system allowed users to add additional scopes but with Sign In With Slack, that capability is no longer allowed. Details are here. It's generally recommended that those scopes be added in subsequent requests. Because Supabase supports users with multiple login providers merging into one common user, an additional provider should be created for OAuth 2.0 that does not follow the OIDC protocol. This would allow developers to have SIWS, where a user can log in with a single-click experience, and OAuth 2.0 (w/out OIDC), where a user has a 2-step process for approving the additional scopes. That way, all relevant scopes can be configured for the same user in Supabase. This should be created in a separate ticket if we agree. |
I'm not too sure i understand this fully - are you referring to this note by slack:
so it seems to me that if you need to request for a token with user scopes and granular bot scopes, you need to make 2 separate oauth requests with each set of scopes?
Would be keen to hear how you plan to achieve this. |
Pull Request Test Coverage Report for Build 9452537318Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
Thanks for cleaning up my tests @kangmingtay. I'll also have to look at the OAuth2 flow without OIDC in a few weeks. We'll likely be a first consumer after I get SIWS working in my own Supabase app. On that note, I am wondering what the expected timeline for merging and releasing this in an upcoming Supabase might be. I appreciate the support, and hopefully, this helps some Slack devs out there. |
@zhawtof it will probably be some time next week or after - merging the PR doesn't reflect that the version will be deployed on the platform immediately for this PR specifically, we also need some time to make changes on the UI + backend to support the new configs added, as well as roll out any comms necessary to let folks know that we've added a new slack provider and plan to deprecate the old one. |
🤖 I have created a release *beep* *boop* --- ## [2.154.0](v2.153.0...v2.154.0) (2024-06-12) ### Features * add max length check for email ([#1508](#1508)) ([f9c13c0](f9c13c0)) * add support for Slack OAuth V2 ([#1591](#1591)) ([bb99251](bb99251)) * encrypt sensitive columns ([#1593](#1593)) ([e4a4758](e4a4758)) * upgrade otel to v1.26 ([#1585](#1585)) ([cdd13ad](cdd13ad)) * use largest avatar from spotify instead ([#1210](#1210)) ([4f9994b](4f9994b)), closes [#1209](#1209) ### Bug Fixes * define search path in auth functions ([#1616](#1616)) ([357bda2](357bda2)) * enable rls & update grants for auth tables ([#1617](#1617)) ([28967aa](28967aa)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## What kind of change does this PR introduce? - Updates the Slack OAuth provider with the new Sign In With Slack V2. - Creates a test for Slack, improving test coverage - Moves the old Slack provider to slack_legacy. Some users might still rely on this provider after the creation of legacy apps is disallowed on June 4th. ## What is the current behavior? Fixes supabase#1294 Current behavior uses the original Slack OAuth V1 which is sunsetting June 4th according to [the changelog](https://api.slack.com/changelog/2024-04-discontinuing-new-creation-of-classic-slack-apps-and-custom-bots) ## What is the new behavior? New behavior now leverages the new [Sign In With Slack](https://api.slack.com/authentication/sign-in-with-slack) (SIWS) on OAuth V2 for Slack authentication. ## Additional context A ticket should be created for ending support on slack_legacy. --------- Co-authored-by: Kang Ming <[email protected]>
🤖 I have created a release *beep* *boop* --- ## [2.154.0](supabase/auth@v2.153.0...v2.154.0) (2024-06-12) ### Features * add max length check for email ([supabase#1508](supabase#1508)) ([f9c13c0](supabase@f9c13c0)) * add support for Slack OAuth V2 ([supabase#1591](supabase#1591)) ([bb99251](supabase@bb99251)) * encrypt sensitive columns ([supabase#1593](supabase#1593)) ([e4a4758](supabase@e4a4758)) * upgrade otel to v1.26 ([supabase#1585](supabase#1585)) ([cdd13ad](supabase@cdd13ad)) * use largest avatar from spotify instead ([supabase#1210](supabase#1210)) ([4f9994b](supabase@4f9994b)), closes [supabase#1209](supabase#1209) ### Bug Fixes * define search path in auth functions ([supabase#1616](supabase#1616)) ([357bda2](supabase@357bda2)) * enable rls & update grants for auth tables ([supabase#1617](supabase#1617)) ([28967aa](supabase@28967aa)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## What kind of change does this PR introduce? - Updates the Slack OAuth provider with the new Sign In With Slack V2. - Creates a test for Slack, improving test coverage - Moves the old Slack provider to slack_legacy. Some users might still rely on this provider after the creation of legacy apps is disallowed on June 4th. ## What is the current behavior? Fixes supabase#1294 Current behavior uses the original Slack OAuth V1 which is sunsetting June 4th according to [the changelog](https://api.slack.com/changelog/2024-04-discontinuing-new-creation-of-classic-slack-apps-and-custom-bots) ## What is the new behavior? New behavior now leverages the new [Sign In With Slack](https://api.slack.com/authentication/sign-in-with-slack) (SIWS) on OAuth V2 for Slack authentication. ## Additional context A ticket should be created for ending support on slack_legacy. --------- Co-authored-by: Kang Ming <[email protected]>
🤖 I have created a release *beep* *boop* --- ## [2.154.0](supabase/auth@v2.153.0...v2.154.0) (2024-06-12) ### Features * add max length check for email ([supabase#1508](supabase#1508)) ([f9c13c0](supabase@f9c13c0)) * add support for Slack OAuth V2 ([supabase#1591](supabase#1591)) ([bb99251](supabase@bb99251)) * encrypt sensitive columns ([supabase#1593](supabase#1593)) ([e4a4758](supabase@e4a4758)) * upgrade otel to v1.26 ([supabase#1585](supabase#1585)) ([cdd13ad](supabase@cdd13ad)) * use largest avatar from spotify instead ([supabase#1210](supabase#1210)) ([4f9994b](supabase@4f9994b)), closes [supabase#1209](supabase#1209) ### Bug Fixes * define search path in auth functions ([supabase#1616](supabase#1616)) ([357bda2](supabase@357bda2)) * enable rls & update grants for auth tables ([supabase#1617](supabase#1617)) ([28967aa](supabase@28967aa)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## What kind of change does this PR introduce? - Updates the Slack OAuth provider with the new Sign In With Slack V2. - Creates a test for Slack, improving test coverage - Moves the old Slack provider to slack_legacy. Some users might still rely on this provider after the creation of legacy apps is disallowed on June 4th. ## What is the current behavior? Fixes supabase#1294 Current behavior uses the original Slack OAuth V1 which is sunsetting June 4th according to [the changelog](https://api.slack.com/changelog/2024-04-discontinuing-new-creation-of-classic-slack-apps-and-custom-bots) ## What is the new behavior? New behavior now leverages the new [Sign In With Slack](https://api.slack.com/authentication/sign-in-with-slack) (SIWS) on OAuth V2 for Slack authentication. ## Additional context A ticket should be created for ending support on slack_legacy. --------- Co-authored-by: Kang Ming <[email protected]>
🤖 I have created a release *beep* *boop* --- ## [2.154.0](supabase/auth@v2.153.0...v2.154.0) (2024-06-12) ### Features * add max length check for email ([supabase#1508](supabase#1508)) ([f9c13c0](supabase@f9c13c0)) * add support for Slack OAuth V2 ([supabase#1591](supabase#1591)) ([bb99251](supabase@bb99251)) * encrypt sensitive columns ([supabase#1593](supabase#1593)) ([e4a4758](supabase@e4a4758)) * upgrade otel to v1.26 ([supabase#1585](supabase#1585)) ([cdd13ad](supabase@cdd13ad)) * use largest avatar from spotify instead ([supabase#1210](supabase#1210)) ([4f9994b](supabase@4f9994b)), closes [supabase#1209](supabase#1209) ### Bug Fixes * define search path in auth functions ([supabase#1616](supabase#1616)) ([357bda2](supabase@357bda2)) * enable rls & update grants for auth tables ([supabase#1617](supabase#1617)) ([28967aa](supabase@28967aa)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
What kind of change does this PR introduce?
What is the current behavior?
Fixes #1294
Current behavior uses the original Slack OAuth V1 which is sunsetting June 4th according to the changelog
What is the new behavior?
New behavior now leverages the new Sign In With Slack (SIWS) on OAuth V2 for Slack authentication.
Additional context
A ticket should be created for ending support on slack_legacy.