bolt-js icon indicating copy to clipboard operation
bolt-js copied to clipboard
verified publisher icon slackapi

how I can get cookies on socket mode? which connect my main app and shared cookie with slack app

Open MickyLaitkor opened this issue 1 year ago • 1 comments

I’m building a Slack app that connects with my main application, and we rely on shared cookies to authenticate users. When a user executes a command or triggers a shortcut, we fetch user-specific information from our database, and this process requires access to cookies.

However, I’m facing an issue where, while using @slack/bolt with Socket Mode enabled, I’m unable to retrieve the cookies in the Slack app. Since our authentication relies on cookies, this is causing a block in our workflow.

Is there any way to handle cookies or an alternative approach for user authentication when using Socket Mode with @slack/bolt?

Any guidance would be appreciated.

@slack/bolt version 3.19.0

Your App and Receiver Configuration

e.g.

const myApp = new App({ ... what options are you using? });

const app = new App({
  logLevel: LogLevel.DEBUG,
  signingSecret: process.env.SLACK_SIGNING_SECRET,
  clientId: process.env.SLACK_CLIENT_ID,
  clientSecret: process.env.SLACK_CLIENT_SECRET,
  stateSecret: 'slack-app-auth-testing',
  appToken: process.env.SLACK_APP_TOKEN,
  socketMode: true,
  customRoutes,
  // token: process.env.SLACK_BOT_TOKEN,
  // receiver,
  scopes: [
    'channels:history',
    'chat:write',
    'commands',
    'users:read',
    'users:read.email',
    'users:write'],
  installationStore: {
    storeInstallation: async (installation) => {
    ....
    },
    fetchInstallation: async (installQuery) => {
    .....
    },
  },
  installerOptions: {
    directInstall: true,
  },
});

Node.js runtime version

v20.11.1

MickyLaitkor avatar Oct 04 '24 07:10 MickyLaitkor

Hi @MickyLaitkor, thanks for asking the question.

When a user executes a command or triggers a shortcut, we fetch user-specific information from our database, and this process requires access to cookies.

Unfortunately, there is no way to access your service's web browser cookie within Bolt's app.command listeners because the communication is between Slack's API server and your Bolt app. Any interaction with the user using a web browser is not involved in the scenario, thus, your Bolt app is unable to access an end-user's web browser cookies.

Still, it's feasible to identify the user who invoked the slash command and receive the user's Slack user ID and email address if your Bolt app has sufficient scopes (users:read, users:read.email). If possible to enhance your service backened to accept a different way to access user information in the database, you may be able to connect your service's account database with Slack.

Hope this helps. Is everything clear?

seratch avatar Oct 04 '24 07:10 seratch

👋 It looks like this issue has been open for 30 days with no activity. We'll mark this as stale for now, and wait 10 days for an update or for further comment before closing this issue out. If you think this issue needs to be prioritized, please comment to get the thread going again! Maintainers also review issues marked as stale on a regular basis and comment or adjust status if the issue needs to be reprioritized.

github-actions[bot] avatar Nov 04 '24 00:11 github-actions[bot]

As this issue has been inactive for more than one month, we will be closing it. Thank you to all the participants! If you would like to raise a related issue, please create a new issue which includes your specific details and references this issue number.

github-actions[bot] avatar Nov 18 '24 00:11 github-actions[bot]