Serverless OAuth 2.0 flow
Setting up a Slack bot with the Serverless Framework 1.0
You know that #lunch channel in your Slack, where suddenly everyone tries to get all the orders from anyone who wants to eat something, and someone is supposed to collect all the data, review them and finally place the order?
Well, I thought that this could be a perfect job for a bot! Isn’t it?
Slack requires oAuth to be able to send and “receive” messages, in a channel or in a direct chat. So the first thing I needed was a server, where to set my endpoints, one for a valid redirectURI and another one that will receive all the events sent by Slack, for example every time a message will be posted.
The Serverless framework offers a very straightforward way to accomplish this: npm install it globally, create your template and configure your serverless.yml file. That’s it. I added some environment variables as well, where to save something like the Slack’s client_id and client_secret.
Let’s go step by step:
1. Serverless setup
Serverless is the perfect framework for the job. Starting from https://serverless.com/ I didn’t have any problems setting it up locally and running in a matter of minutes the first lambda function.
What I needed — the goal was to build a Slack bot and, to be able to use the Slack API (documented here: https://api.slack.com/), I had to create 2 Endpoints:
- the redirect URL: this is needed for the authentication process to start;
- the events URL: this is where Slack will send the HTTP POST request for each event I will subscribe to.
The serverless create --template command does a really good job setting up the base project; I simply added my 2 functions and I was ready to write some code right away:
The “handler” is where you can write functions — don’t call it handler but give each one a specific name that defines its purpose —
I used NodeJS, so I will not go into details about how to make HTTP request with it, as this is not part of this topic, but I can tell you that serverless gives you several interesting things that you usually need when you code for a backend:
- environment variables: with NodeJS, for example, I access them using process.env.var_name
- get query params: query parameters as well are available, simply retrieving the properties of the event object: event.queryStringParameters.var_name
These are the 2 main things I needed to set up correctly my Project, but the Serverless framework allows you to do a lot more if needed. The beauty of it is that you can start using it without further customization.
2. OAuth flow
After setting up the app on Slack, configured it with the correct redirect URL, I used the Slack Button to start the flow from my index.html (it can be easily hosted on S3, so again, no need for a custom server where to host anything): https://api.slack.com/docs/slack-button
The situation, at this point is as follows:
- /index.html: it has the simple Slack Button to add my app to my Slack Team
- https://*****.execute-api.eu-central-1.amazonaws.com/dev/slack/redirectURI: get the code param sent by Slack and initialize the /api/oauth.access to get the access_token used later by the bot
With the Serverless framework I’m able to log the activities happening in any functions, so logging my redirectURI function I can verify if everything is working correctly:
“5. Open up a separate tab in your console and stream logs in there via serverless logs -f myFunction”.
And that’s it! A working OAuth serverless flow!
3. Conclusions
So, briefly, let’s review the main steps:
1. start the flow from an .html page with a link that will open the authorization page of your service (Slack in my case);
2. create the /redirectURI that get the code returned by Slack and use it, together with client_id and client_secret to get the access_token for your bot;
3. use your access_token ;)
Next steps will be to enabling the Events API, start creating a “handshake” between Slack’s server and your Server — Slack will POST a challenge variable that you have to return in plain text. Easy to do with the Serverless framework!
About me: I’m the Chief Technology Officer at Fleka; former Professor at Istituto Europeo di Design in Milan; Pixel Art lover, posting experiments on Twitter; I write about technology related to business topics here on Medium and on my Linkedin Pulse. Check instead my Instagram profile for a sneak peek of my private life ;)
