Crypto Nonce and Association Flow - Integrating Slack Bot with Internal Services
This is base note for the slack bot integration that TillWhen is being built on
for reference in future (in case I forget, how I did it)
This is just for the internal testing of the app in my workspace, the official
published slack bot will have the oauth flow.
The Base Flow
- Slash command send a request with the user_id in the post body that is used
to generate a login url with a cypto nonce involved.
- The login url redirects to the existing app which sends an app login request
if the session doesn't already exist and also takes care of pairing the slack
user id with the app's user id. If already paired then look at Step 4.
- If the user is paired for the first time with the service, a DM is sent to
the user confirming the association and also the nonce based login page will
show a pairing successful message.
- Generate an API Access token for the associated user to be used with the
slack bot's slash commands and use that to identify the session and even
block the session if needed.
The Changes needed in App
- Add an
integrations table (database) and tab(TillWhen Dashboard)
- Add an Integrations Login page to the flow (TillWhen App)
- Create API's for generating integration login , and api access tokens for
- Write an auth check middleware for integrations and assign it to each slash
- Make sure to prioritize expiry token on both API tokens and integration's