How to identify existing users after authenticating via Slack OAuth?

Question

I have an web application with existing users and user ids (i.e. not Slack user ids). I'd like to allow my users to install my new Slack app.

How do I know which of my users connects to Slack using OAuth and installs my app? I know you can request email but what if the Slack email is different from the email address used to originally sign up to my application.

It's crucial that I know which Slack users are linked to my existing users. Is there a way to send my existing users' user_id through the OAuth process so I know how to link a Slack user to one of my users?

Potential Solutions?

• User's cookie will allow me to identify them upon the Slack OAuth redirect.
• Use the state variable as a way to identify a user on my site

Answer 1

I would not use the state property to transfer user information. It's theoretical possible, but would defy the purpose of the state property as security measure.

Instead you just need to keep the user context on your website during the Oauth process (e.g. by storing the user ID in a server session), so you can store the connection between your custom user ID and the Slack user ID later.

Here is the full process:

1. You users will first need to log-in to your website to identify themselves.
2. Your website will then have the user ID of the user and need to keep this context, e.g. in a server session.
3. Next your user has the option to install your Slack app. After the installation is finished the Oauth process will automatically redirect your user back to your website.
4. You can then get the current user ID by calling auth.test with the access token you just received.
5. Finally have both the custom user ID and the Slack user ID an can store this connection, e.g. in your database for future reference. Alternatively you can add this information to the Slack user as custom property with users.profile.set