slack-term
slack-term copied to clipboard
Using this without legacy tokens?
Is there any way possible of using this without having to use a legacy token? For teams such as kubernetes.slack.com unfortunately there's no way to get one (they don't allow it).
Related: https://github.com/nlopes/slack/issues/184
+1 for this feature. Using an oauth robot token doesn't allow me to reply and send messages as 'me'
This depends on whether the slack api will allow additional methods of authentication and if nlopes/slack will support it.
Weechat's slack plugin does this via an interesting method which can be copied here:
https://github.com/wee-slack/wee-slack/blob/89864b5ab952b426e77cd76cc0941035335063df/wee_slack.py#L3107
Basically they generate a "fake url" oauth request, and then the user copies the authenticated oauth token, and provides that to complete the login. After that, the session is saved and it's done.
Cool, thanks! I'll have a look at it.
On Mon, 30 Apr 2018, 19:56 Ventz Petkov, [email protected] wrote:
Weechat's slack plugin does this via an interesting method which can be copied here:
https://github.com/wee-slack/wee-slack/blob/89864b5ab952b426e77cd76cc0941035335063df/wee_slack.py#L3107
Basically they generate a "fake url" oauth request, and then the user copies the authenticated oauth token, and provides that to complete the login. After that, the session is saved and it's done.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/erroneousboat/slack-term/issues/136#issuecomment-385477809, or mute the thread https://github.com/notifications/unsubscribe-auth/ABf7fj2-VoxM8PljTPNZBbKyEqBpnbAPks5tt1AygaJpZM4TWv-H .
The following procedure should allow slack-term usage without the use of legacy token, could you guys perhaps test if it works?
-
Go to the following page: https://slack.com/oauth/authorize?client_id=91899392594.382712253827&scope=client
-
Select the workspace to which you want slack-term to provide access to.
-
Click "Authorize", this will redirect you, this redirect will fail, which is expected.
-
Copy the code portion of the URL. http://not.a.host?code=[code-will-be-here]&state=
-
In your terminal issue the following command, inserting the code at the right location:
$ curl -s "https://slack.com/api/oauth.access?client_id=91899392594.382712253827&client_secret=c7986be41b6ddb478041d1848dad5f6e&code=[code-goes-here]"
- From the response, copy the
access_token
and place it in your.slack-term
The curl command could perhaps be slightly improved in output if you have jq
installed by adding | jq -r .access_token
to the end of your command. This outputs just the token without the other stuff, it might even be possible to inject it into the config file, but that could get magical.
Also, I did test these commands and they work great, the only slightly painful part is the code is single use, so once it has been redeemed you need to go through the process again, but it doesn't appear to revoke the old token so it is fairly safe.
I ended up using CODE="theCodeFromUrl"; curl -s "https://slack.com/...?code=$CODE"
so that I could change the code with CODE="newCode"
without having to repaste it into the command every time.
I'm wondering whether it is much of a security concern that the initial response portion after the redirect to GitHub probably shows up in their logs, but it is only useful once, and it is very unlikely anybody except a malicious browser extension could really do anything with it before a user utilizes it and if you've installed a bad extension you are probably at risk of many other avenues like your full credentials being compromised.
UPDATE:
So it appears that doing it the Oauth way registers slack-term
as an application rather than granting it access to your personal account, this may be desirable but might not work if you don't have administrator privileges to the Slack where you are trying to use slack-term
.
@dragon788 You're right I've changed the redirect url and updated the instructions. Thanks for testing it out, and I'll have a look at your suggestions.
Here is another useful trick for the linux users to grab a token from a logged in browser session - I tested this and it works with both firefox and google-chrome.
$ sudo apt-get install gdb
<...>
$ for i in $(ps auxwwwfg | grep firefox | grep -v grep | cut -c9-15); do gcore -o $i.core $i; done
$ cat *.core | grep -ao 'xoxs-[-0-9a-f]*' | sort | uniq -c | sort
<output...>
$ rm *.core
In the "output" area you will see a list of strings that start "xoxs-<...>" plus the number of times they occur. There will usually only be one or two, depending on how many times you are logged into slack. You can snatch these and put them straight into your ~/.slack-term file.
Closing this, because the workaround has been added to the wiki.
https://github.com/erroneousboat/slack-term/wiki#running-slack-term-without-legacy-tokens
Can we re-open this? The problem that I was originally facing is allow this in organizations that do not allow new applications.. Or perhaps add the:
$ sudo apt-get install gdb
<...>
$ for i in $(ps auxwwwfg | grep firefox | grep -v grep | cut -c9-15); do gcore -o $i.core $i; done
$ cat *.core | grep -ao 'xoxs-[-0-9a-f]*' | sort | uniq -c | sort
<output...>
$ rm *.core
Instructions to the wiki?
Unfortunately since I do not have authorization to add slack-term to the Kubernetes wiki I have to use the above instructions :+1:
Have you tried https://github.com/erroneousboat/slack-term/issues/136#issuecomment-397810986 ? That allows you to create a slack token without the organization adding an application. I've added the additional instructions to the wiki.
@erroneousboat Yup. You have to have permission to the org to actually add the slack-term client.
See the attached image
Ok, cool I'll reopen the issue.
Hi,
Just wanted to point out that there are 2 different issues mixing here.
The Apologies, but you are not authorized to install slack-term
is completely different than the legacy tokens vs new oAuth tokens.
The "authorized to install" simply means that the slack organization has locked down who can install Add-ons. (usually for security or because they have a free account and only have 5, and this will take up one of them). The oAuth keys install the same as a "bot" and so it takes up one of the "Integration slots".
So that said -- this is completely as expected.
I was able to use the solution provided by @terabyte, but would love to see a feature added wherein we could auth from the client itself.
Any ETA on this? This issue is a deal-breaker for me.
+1!
This solution is no longer working for me, does the grep regex need to be updated?
Try changing the grep regex to 'xox.-[-0-9a-f]*'
instead? I'm seeing "xoxc" for my tokens I think.
I'm getting an error Slack rate limit exceeded, retry after 2s
when trying this. Anyone else having this issue?
$ sudo apt-get install gdb <...> $ for i in $(ps auxwwwfg | grep firefox | grep -v grep | cut -c9-15); do gcore -o $i.core $i; done $ cat *.core | grep -ao 'xoxs-[-0-9a-f]*' | sort | uniq -c | sort <output...> $ rm *.core
I didn't get any results from this, but I did find xoxc-*
in the localstorage. It's not working as a slack token either.
I'm getting an error
Slack rate limit exceeded, retry after 2s
when trying this. Anyone else having this issue?
Build from master branch or wait for the next release if you aren't comfortable doing so.
Ripcord is able to login via email&password, or import a browser HAR file. Perhaps this is something slack-term could take inspiration from?
Unless slack-term is developed from the ground up as a slack add-on and not a slack client .. ?
Would it be worthwhile to have an OAuth go client? I was in the process of writing one in cpp for the terminal some time ago. I could have another...ahem...go at it if it could be useful in these kinds of tui apps, or maybe even just write up the library with appropriate functions to make the OAuth network calls and structs to handle the OAuth models?
@nathanblair, couldn't this just be achieved with https://github.com/golang/oauth2? I don't see the point of reinventing the wheel except for if your implementation would use this library and would go beyond what it offers.
@mastertinner indeed. Yes. I don't know much about the libraries of go. I'm not a go dev but was interested in finding a project to tackle to get to know the language. But yeah, if there's already stuff for it, I won't bud myself in.
I tried this, both with the gcore approach and the authorized app approach and in both cases I got a token, but when trying to run slack-term I get this error:
2020/04/08 21:02:07 not able to authorize client, check your connection and if your slack-token is set correctly
A couple of notes from trying @terabyte 's solution on Fedora 31...
for i in $(ps auxwwwfg | grep firefox | grep -v grep | awk '{print $2}'); do gcore -o $i.core $i; done
grep -ao 'xox.-[-0-9a-f]*' *.core.* | sort | uniq -c | sort
Basically, the cut
command was truncating pids, and the cat
was un-needed.