Slack Quickstart

Set up the application

Visit https://api.slack.com/applications/new to register an application on Slack. The application’s “Redirect URI(s)” must contain http://localhost:5000/login/slack/authorized. Take note of the “Client ID” and “Client Secret” for the application.

Code

from flask import Flask, redirect, url_for
from flask_dance.contrib.slack import make_slack_blueprint, slack

app = Flask(__name__)
app.secret_key = "supersekrit"
blueprint = make_slack_blueprint(
    client_id="my-key-here",
    client_secret="my-secret-here",
    scope=["identify", "chat:write:bot"],
)
app.register_blueprint(blueprint, url_prefix="/login")

@app.route("/")
def index():
    if not slack.authorized:
        return redirect(url_for("slack.login"))
    resp = slack.post("chat.postMessage", data={
        "channel": "#general",
        "text": "Hello, world!",
        "icon_emoji": ":robot_face:",
    })
    assert resp.json()["ok"], resp.text
    return 'I just said "Hello, world!" in the #general channel!'

if __name__ == "__main__":
    app.run()

Note

You must replace my-key-here and my-secret-here with the client ID and client secret that you got from your Slack application.

Note

If you are running this code on Heroku, you’ll need to use the werkzeug.contrib.fixers.ProxyFix middleware. See Proxies and HTTPS.

When you run this code locally, you must set the OAUTHLIB_INSECURE_TRANSPORT environment variable for it to work. You also must set the OAUTHLIB_RELAX_TOKEN_SCOPE environment variable to account for Slack changing the requested OAuth scopes on you. For example, if you put this code in a file named slack.py, you could run:

$ export OAUTHLIB_INSECURE_TRANSPORT=1
$ export OAUTHLIB_RELAX_TOKEN_SCOPE=1
$ python slack.py

Visit `http://localhost:5000`_ in your browser, and you should start the OAuth dance immediately.

Warning

OAUTHLIB_INSECURE_TRANSPORT should only be used for local testing or over trusted connections. By default, all OAuth interactions must occur over secure https connections (this is enfored by oauthlib). However, setting OAUTHLIB_INSECURE_TRANSPORT disables this enforcement and allows OAuth to occur over insecure http connections.

However, you can (and probably should) set OAUTHLIB_RELAX_TOKEN_SCOPE when running in production.

Explanation

This code makes a blueprint that implements the views necessary to be a consumer in the OAuth dance. The blueprint has two views: /slack, which is the view that the user visits to begin the OAuth dance, and /slack/authorized, which is the view that the user is redirected to at the end of the OAuth dance. Because we set the url_prefix to be /login, the end result is that the views are at /login/slack and /login/slack/authorized. The second view is the “Redirect URI” that you must tell Slack about when you create the application.

The slack variable is a requests.Session instance, which will be be preloaded with the user’s access token once the user has gone through the OAuth dance. You can check the slack.authorized boolean to determine if the access token is loaded. Whether the access token is loaded or not, you can use all the normal requests methods, like get() and post(), to make HTTP requests. If you only specify the Slack method name you want to call, the rest of the URL will be filled in for you. For example, if you want to make a request to https://slack.com/api/auth.test, you can simply refer to auth.test.