Benjamin
Benjamin

Reputation: 1070

Is it possible to post to chat.postMessage as any user in a Slack team?

I'm building a Slack integration that is intended to modify some text and then post it to a Slack channel as though the user who triggered the command had said it.

e.g. /makeFace disapproval

@Ben 3:45pm ಠ_ಠ

I ask for the client permission scope, which adds the chat:write:user permission. But when I hit the chat.postMessage endpoint, it only seems to allow you to post as the user who added the integration because the token it returns seems to be individuated for that user.

I know that giphy, for instance, sends its gif messages as though you are the originator, but I can't find out how they manage it. Is there any documentation for sending messages as other members of the team?

Upvotes: 10

Views: 11395

Answers (3)

Barun Bhattacharjee
Barun Bhattacharjee

Reputation: 442

I hope this will help those who are still facing this issue.

  1. First give the chat:write and chat:write.customize scope to your bot. The scope chat:write.customize Send messages as @your_slack_app with a customized username and avatar
  2. From "OAuth & Permissions" settings get the bot OAuth token or even bot access token (both will work).
  3. Then set the arguments like the following.

username to specify the username for the published message.

icon_url to specify a URL to an image to use as the profile photo alongside the message.

icon_emoji to specify an emoji (using colon shortcodes, eg. :white_check_mark:) to use as the profile photo alongside the message.

You can visit the docs from here

Upvotes: 2

V Maharajh
V Maharajh

Reputation: 9659

Update: This doesn't work. It impersonates the user who installed the app, so it merely seems to work... until another user tries to use it (and they end up impersonating you).

  1. Go to your App's management page. Select "OAuth & Permissions".
  2. Add the chat.write OAuth Scope to your app as a User Token Scope, not a Bot Token scope.
  3. Take note of your User OAuth Token at the top of this page (not your But User OAuth Token).
  4. Call chat.postMessage with
    • username = user id of the user you'd like to post on behalf of
    • token = the token from step 3. above

The resulting post will be 100% impersonated. Not just the name and icon as mentioned in other answers, but it'll 100% function as if it came from the user.

Upvotes: 3

Erik Kalkoken
Erik Kalkoken

Reputation: 32854

There are 2 ways to achieve this:

A. Overwriting username and icon

When you send a message with chat.postMessage it is possible to set a user name with the property username. The message will then appear as being send by that user (same for icon with icon_url).

However, this is not meant to impersonate real users, so even if you use the same username and icon as the real user the message will have the app tag, so that they can be distinguished from a real user.

Here is an example how it looks like (from a gamer Slack about flying and killing space ships): enter image description here

But depending on what your requirements are that might work for you.

If you want to use it make sure to also set the as_user property to false (yes, really) and it will not work with a bot token, only with a user token.

See here for more details on how it works.

This also works for the legacy version of Incoming Webhooks, not with the current version of incoming webhooks though. (You can still get the legacy version, see this answer)

B. Having the user's token

Another approach is to always use the token from the respective user for sending the message. In combination with as_user = true messages sent by your app will look exactly as if they would come from the respective user (no APP tag).

To make that happen your app would need to collect tokens from all users on your workspace and store them for later use. This can be done by asking every user to install your app (called adding a "configuration") through the Oauth process (same you use to install your app to a workspace), which allows your app to collect and store those tokens for later use.

Upvotes: 11

Related Questions