Why Slack doesn't redirect me to predefined redirect URL if I install the bot in my workspace?

Question

I want to implement oAuth2 flow in my Slack app, but it's impossible to test properly.

I have added /slack/redirect-url as a redirect URL on my App management page. Then try to install\reinstall the app on the following page:

Unfortunately, it doesn't work, my endpoint isn't called.

However, if I go to the "Distribution" section and try to install the app from there it does call my redirect URL:

So, what's the issue? Why the first approach doesn't call my redirect URL, but the second one does? Am I missing something fundamental?

Answer 1

The "Reinstall App" button will handle the entire exchange of verifying and granting the OAuth token within Slack, so there is no need for the redirect.

The redirect URL is intended for users who are authenticating with your service, and thus you need to store the token.

1. User clicks the install button
2. User authorizes through Slack UI
3. Slack redirects to your desired URL
4. You grab the code included in the redirect call
5. You exchange the code for the OAuth token
6. You store the OAuth token

When you use the "Reinstall App" button in your app management view, steps 3-6 are handled entirely by Slack and the token is displayed to you.

To properly test the redirect URL, you can go through the OAuth flow manually. Given that they're simply GET requests, you can just modify the links and paste directly into your browser.

Step 1: Authorize the app – this will send you to Slack for authorization, and then your redirect

https://slack.com/oauth/authorize?client_id=CLIENT_ID&scope=SCOPES&redirect_uri=REDIRECT_URI

Step 2: Exchange the verification code for OAuth token

https://slack.com/api/oauth.access?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&redirect_uri=REDIRECT_URI&code=CODE