Describe your issue here.
`https://slack.com/oauth/v2/authorize?user_scope=${userScopes}&client_id=${clientId}&redirect_uri=${redirectURI}&team=${workspaceId}&state=${state}`
as documented here: https://api.slack.com/docs/sign-in-with-slack#button_setup
will instantly redirect me to my given redirect_uri (without any further user interaction), with a code and no error in the query parameters
when then calling
await new WebClient().oauth.v2.access({
client_id: process.env.SLACK_CLIENT_ID,
client_secret: process.env.SLACK_CLIENT_SECRET,
code,
redirect_uri: `${process.env.API_URL}/sign-in-with-slack`,
})
it will throw the 'oauth_authorization_url_mismatch' error, which by documentation (https://api.slack.com/methods/oauth.v2.access) should only occur when not using the v2 of the oauth flow
but when i omit the team paramater and build the url like this
`https://slack.com/oauth/v2/authorize?user_scope=${userScopes}&client_id=${clientId}&redirect_uri=${redirectURI}&state=${state}`
the flow works just like expected: i am asked to allow the requested permissions, then redirected to my redirect_uri and the sdk oauth.v2.access call returns a valid response
x in one of the [ ])x in each of the [ ])Filling out the following details about bugs will help us solve your issue sooner.
Select all that apply:
@slack/web-api@slack/events-api@slack/interactive-messages@slack/rtm-api@slack/webhooks@slack/oauthpackage version: 5.8.1
node version: 12.16.3
OS version(s): Windows 10/0/18363/0
a successfull oauth.v2.access call and a valid oauth signin result
oauth_authorization_url_mismatch error
Logs, screenshots, screencast, sample project, funny gif, etc.
Hey @oakgary,
I believe if you add team to your original add to slack url, you must also pass it when calling oauth.v2.access.
await new WebClient().oauth.v2.access({
client_id: process.env.SLACK_CLIENT_ID,
client_secret: process.env.SLACK_CLIENT_SECRET,
code,
redirect_uri: `${process.env.API_URL}/sign-in-with-slack`,
team: `TEAM_YOU_ORIGINALLY_PASSED`
})
Let me know if that fixes this problem for you.
P.S. Have you seen that we released a new node OAuth library to make this stuff much simpler? Would love for you to check it out and share any feedback if you have some time! https://slack.dev/node-slack-sdk/oauth
I believe if you add team to your original add to slack url, you must also pass it when calling
oauth.v2.access.
That does not seem to be the case. At least it is not fixing the error.
It is also not documented like that here: https://api.slack.com/methods/oauth.v2.access or here: https://github.com/slackapi/node-slack-sdk/blob/master/packages/web-api/src/methods.ts#L690
'oauth_authorization_url_mismatch' seems to be a catch all for uncaught errors in slacks oauth backend code
the following could be unrelated to the issue described above
using a non app admin workspace in my normal browser where i am also logged into the apps admin workspace and opening the sign in url:
note: using the team parameter, the v2.access() method is still, after making the app public, throwing the 'oauth_authorization_url_mismatch' error
Thanks for the detailed summary @oakgary!
I'm going to attempt to reproduce this and chat with the team that manages the apis about it. I'll report back
when using v1 of the auth APIs, the team param worked as expected. when i switched to v2, i started seeing the same issue.
and it doesn't look like team is a valid/expected param for oauth.v2.access.
i contacted slack support and they said that this is a known issue on their end that is being worked on. so not an issue with the implementation of this package
from slack support:
Hi there,
This is something our team is aware of and is currently investigating. I'd recommend omitting the team parameter for now, but I've linked this ticket to our bug tracker and I'll let you know once we have more info.
Kindly,
Did you ever get a resolution on this? I am seeing a really similar issue.
I am using the webclient, and basically everything works fine for me with the auth except for one case. If the user switches the team in the top right corner on the slack hosted auth page, then the authorization fails with this same error oauth_authorization_url_mismatch. I don't have any way to prevent that so I'm not sure what to do.
Has nobody run into this? Are there any examples of working slack apps using v2 auth that let you switch the team using the team selector and still log in succesfully?
@gshenar i switched my focus away from this as there hasnt been a fix in weeks
feel free to report your specific case here https://slack.com/help/requests/new
this will hopefully increase slacks prio on this
i did success auth with private workspace: just added team_id
async actionGetUserBySlackCode({ code }) {
const { client_id, client_secret } = this.config.slack
const team_id = "T<YOUR_TEAM_ID>"
const url = `https://slack.com/api/oauth.v2.access?client_id=${client_id}&client_secret=${client_secret}&code=${code}&team_id=${team_id }`
const resp = await httpRequest.get(url)
return JSON.parse(resp.text)
}
Most helpful comment
Thanks for the detailed summary @oakgary!
I'm going to attempt to reproduce this and chat with the team that manages the apis about it. I'll report back