Slack
OAuth v2 for Slack apps. Returns access_token, bot_user_id, team.id, team.name. No refresh token.
Authentication at a glance
| Field | Value |
|---|---|
| Auth model | OAuth 2.0 |
| Required ENV | SLACK_CLIENT_ID, SLACK_CLIENT_SECRET, SLACK_SIGNING_SECRET |
| Callback URL | ${BASE_URL}/api/v1/auth/slack/callback |
| Scopes / permissions | chat:write, channels:read, groups:read, channels:join, files:write |
| Auto token refresh | No — manual reconnect on expiry |
ENV details
SLACK_SIGNING_SECRET is required if you wire Slack-side webhooks back to Sosyabot (interactivity / events). Posting alone uses only client_id/client_secret.
How to connect
- Open Connections → Slack → Connect.
- Sign in to your Slack workspace and approve the scopes.
- Pick a default channel on the post-connect screen.
Token refresh
Slack app tokens are long-lived. There is no refresh in the queue — reconnect if the token is revoked.
Notes
- Sosyabot lists both public (
public_channel) and private (private_channel) channels. The first writable channel is auto-selected. - If the workspace has zero channels the bot can write to, connect fails with
slack_no_channels— the bot needs to be invited or the workspace needs a channel. - Channel ID is composite:
${teamId}:${channelId}.
Troubleshooting
If the channel shows needs_reconnect, the access token was rejected by Slack. Common causes:
- The user revoked Sosyabot's authorization on the platform.
- The platform invalidated the token (password change, security event).
- Your OAuth app credentials rotated and the existing tokens no longer match.
Re-run the connect flow above. See Troubleshooting for the workspace-wide checklist.