Slack Login Plugin


(4xposed) #1

The plugin works as expected and will complete registration for new users that Sign up with Slack, so you won’t get just an already filled-in registration form

Installation:
Register a new Slack API application at: Slack API: Applications | Slack if you haven’t already
For the Redirect URL: http(s)://example.com/auth/slack/callback

Set the following environment variables (you can do that on the app.yml file inside env:)

Warning: the CLIENT_ID should be a String (as it has a dot and otherwise Rails will consider it a FixNum and take away the last two digits)

SLACK_CLIENT_ID: 'CLIENT_ID'
SLACK_CLIENT_SECRET: 'CLIENT_SECRET'
SLACK_TEAM_ID: 'SLACK_TEAM_ID' (optional)

If no SLACK_TEAM_ID enviroment variable is set up it will ask the user the team with which he/she wants to sign up to Discourse

To install add the plugin URL to your container’s app.yml.

hooks:
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - mkdir -p plugins
          - git clone https://github.com/discourse/docker_manager.git
          - git clone https://github.com/4xposed/oauth-slack-discourse.git

Rebuild the container:

cd /var/discourse
./launcher rebuild app

Difficulty enabling login plugins
How to recategorize a plugin?
[Paid] WP + Discourse user authentication for IRC or other chat
(4xposed) #2

I added support to lock the sign in with slack to an specific team by setting the environment variable SLACK_TEAM_ID, if the variable is not set it will work as it used to and let the user choose what team to sign in with.


(Erlend Sogge Heggen) #3

@codinghorror maybe do a shoutout to twitter.com/slackhq about this?


(4xposed) #4

I updated the plugin to add the #name, etc… tags as someone contacted me about it (it was breaking the Plugins section in the Admin panel)


(Mittineague) #5

That page needs plugins to have the name and version specified or it will break.
If a link to the plugin’s “home” page is desired, the url should be included.
Personally, I’d like that page to show about too.

Anyway, they look like mere comments, but they are similar to GreaseMonkey comments in that they are used for more than providing info to devs.

# name: PLUGIN_NAME_HERE 
# about: SHORT_DESCRIPTION_HERE
# version: 0.1 
# authors: Mittineague 
# url: http://localhost.com:4000

(4xposed) #6

Thanks @Mittineague!!

I’m gonna add the url now :smile:


(Jeff Atwood) #7

OK I shouted out on twitter!


(4xposed) #8

@codinghorror thanks for the shoutout!


(Nick Grossman) #9

I’ve been working on a separate “login with slack” workflow – and what I found is that it only works if the Slack network is configured to allow integration configurations by non-admins (see screenshot below)

Did you notice the same thing, and/or is there a way around that?

Thanks,
Nick


(4xposed) #10

Nick you say it only works if Slack is configured to allow integration by non-admins, but in your screenshot you have integration limited only to admins.

Make sure who registers the new app for the “login with slack” is a team administrator and it should work.

I set it up on a team where integrations are allowed only to team admins and it works just fine.


Obsolete imgur image link images
(Kane York) #11

Looks like that setting is just for integrations that post to a channel, though.


(4xposed) #12

That’s exactly right, the integrations setting should only affect integrations that post to channels and not authentication.

I would recommend Nick just to use my plugin if it fits his needs as I’ve saw it work trouble free in more than a few discourse installations.


(Nick Grossman) #13

Sorry for the late reply here.

Thanks. What is strange is now I can’t replicate the behavior I was seeing earlier – where if that check box was checked, then only admins are able to login with slack. I swear to god that was happening, and I even talked to a friend on the slack product team about it.

But I did a test – both with your plugin on my discourse instance, and with our app (try it: https://quackpad.io), with that setting checked (the default), and then sending a regular non-admin user to the login with slack workflow, and it worked.

I’ll take it!

Thanks – and great plugin
Nick


(James Cobalt) #14

I’m doing something wrong. It seems to work except when returning to the site it asks you to create an account and while it has your Slack username there the email field is empty and greyed out. The Create Account button is hence also greyed out.

If I use Inspector to remove the “disabled” class on the field I can enter an email address and sign up like you’d expect.


(James Cobalt) #16

There was a change to the API permissions:

Apps created after January 4th, 2017 must request both the users:read and users:read.email OAuth permission scopes when using the OAuth app installation flow to enable access to the email field of user objects returned by this method.

Slack also suggests using the new Identity scope rather than IdentiFy & Users going forward.


(James Cobalt) #17

I was able to get it to work by changing my permissions in the app as well as adding users:read.email to the scope:
omniauth.provider :slack, CLIENT_ID, CLIENT_SECRET, scope: 'identify, users:read, users:read.email', team: TEAM_ID


(Jorge Camargo) #18

Login with Slack using this plugin stopped working for my discourse site (we noticed this week, it had been working for months…). The error I’m getting from /logs:

(slack) Authentication failure! invalid_credentials: OAuth2::Error, bad_redirect_uri: 
{"ok":false,"error":"bad_redirect_uri"}

And the error I get in the browser after trying to sign in is:

Sorry, there was an error authorizing your account. Perhaps you did not approve authorization?

Coincidentally I updated our discourse instance last sunday, but now I’m not sure if it was caused by a change in Slack’s API (and we just noticed it this week) or something in discourse changed.

I edited the plugin to include users:read.email in the scope but it’s still not working.

Any ideas?


(James Cobalt) #19

Did you also update your app permissions on Slack’s site to include ‘users: read email’?


(Jorge Camargo) #20

Yep - did you change anything else in the plugin apart from adding users:read.email ?


(James Cobalt) #21

Not in the plugin, but I did have to change some things in my ngnx config. Have you gotten other oauth plugins working?

In my journey, a server config issue that threw a bad redirect error for Facebook SSO was doing the same for Slack’s SSO. The Slack app-permissions change was the last step in a long line of troubleshooting for me, so it could be something else for you too. I can’t remember everything I did for my setup, but the main thing was getting a reverse proxy setup per Discourse’s recommendation and changing some proxy_set_header settings.