Documentation

Slack extends OAuth2Provider
in package
implements CSRFToken

Slack v2 OAuth2

Tags
see
https://api.slack.com/authentication/oauth-v2
see
https://api.slack.com/authentication/sign-in-with-slack
see
https://api.slack.com/authentication/token-types

Table of Contents

Interfaces

CSRFToken
Specifies the methods required for the OAuth2 CSRF token validation ("state parameter")

Constants

DEFAULT_SCOPES  = [self::SCOPE_IDENTITY_AVATAR, self::SCOPE_IDENTITY_BASIC, self::SCOPE_IDENTITY_EMAIL, self::SCOPE_IDENTITY_TEAM]
SCOPE_ADMIN  = 'admin'
SCOPE_BOT  = 'bot'
SCOPE_CHANNELS_HISTORY  = 'channels:history'
SCOPE_CHANNELS_READ  = 'channels:read'
SCOPE_CHANNELS_WRITE  = 'channels:write'
SCOPE_CHAT_WRITE_BOT  = 'chat:write:bot'
SCOPE_CHAT_WRITE_USER  = 'chat:write:user'
SCOPE_CLIENT  = 'client'
SCOPE_COMMANDS  = 'commands'
SCOPE_DND_READ  = 'dnd:read'
SCOPE_DND_WRITE  = 'dnd:write'
SCOPE_EMOJI_READ  = 'emoji:read'
SCOPE_FILES_READ  = 'files:read'
SCOPE_FILES_WRITE_USER  = 'files:write:user'
SCOPE_GROUPS_HISTORY  = 'groups:history'
SCOPE_GROUPS_READ  = 'groups:read'
SCOPE_GROUPS_WRITE  = 'groups:write'
SCOPE_IDENTIFY  = 'identify'
SCOPE_IDENTITY_AVATAR  = 'identity.avatar'
SCOPE_IDENTITY_BASIC  = 'identity.basic'
SCOPE_IDENTITY_EMAIL  = 'identity.email'
SCOPE_IDENTITY_TEAM  = 'identity.team'
SCOPE_IM_HISTORY  = 'im:history'
SCOPE_IM_READ  = 'im:read'
SCOPE_IM_WRITE  = 'im:write'
SCOPE_INCOMING_WEBHOOK  = 'incoming-webhook'
SCOPE_LINKS_READ  = 'links:read'
SCOPE_LINKS_WRITE  = 'links:write'
SCOPE_MPIM_HISTORY  = 'mpim:history'
SCOPE_MPIM_READ  = 'mpim:read'
SCOPE_MPIM_WRITE  = 'mpim:write'
SCOPE_PINS_READ  = 'pins:read'
SCOPE_PINS_WRITE  = 'pins:write'
SCOPE_POST  = 'post'
SCOPE_REACTIONS_READ  = 'reactions:read'
SCOPE_REACTIONS_WRITE  = 'reactions:write'
SCOPE_READ  = 'read'
SCOPE_REMINDERS_READ  = 'reminders:read'
SCOPE_REMINDERS_WRITE  = 'reminders:write'
SCOPE_SEARCH_READ  = 'search:read'
SCOPE_STARS_READ  = 'stars:read'
SCOPE_STARS_WRITE  = 'stars:write'
SCOPE_TEAM_READ  = 'team:read'
SCOPE_USERGROUPS_READ  = 'usergroups:read'
SCOPE_USERGROUPS_WRITE  = 'usergroups:write'
SCOPE_USERS_PROFILE_READ  = 'users.profile:read'
SCOPE_USERS_PROFILE_WRITE  = 'users.profile:write'
SCOPE_USERS_READ  = 'users:read'
SCOPE_USERS_READ_EMAIL  = 'users:read.email'
SCOPE_USERS_WRITE  = 'users:write'
MAGIC_PROPERTIES  = ['apiDocs', 'apiURL', 'applicationURL', 'serviceName', 'userRevokeURL']

Properties

$accessTokenURL  : string
$apiDocs  : string|null
$apiURL  : string
$applicationURL  : string|null
$authURL  : string
$clientCredentialsTokenURL  : string|null
An optional client credentials token endpoint in case the provider supports ClientCredentials.
$http  : ClientInterface
$logger  : LoggerInterface
$options  : OAuthOptions|SettingsContainerInterface
$refreshTokenURL  : string
An optional refresh token endpoint in case the provider supports TokenRefresh.
$requestFactory  : RequestFactoryInterface
$revokeURL  : string
an optional URL for application side token revocation
$serviceName  : string
the name of the provider/class (magic)
$storage  : OAuthStorageInterface
$streamFactory  : StreamFactoryInterface
$uriFactory  : UriFactoryInterface
$userRevokeURL  : string|null

Methods

__construct()  : mixed
OAuthProvider constructor.
__get()  : string|null
Magic getter for the properties specified in self::ALLOWED_PROPERTIES
getAccessToken()  : AccessToken
Obtains an OAuth2 access token with the given $code, verifies the $state if the provider implements the CSRFToken interface, and returns an AccessToken object
getAccessTokenFromStorage()  : AccessToken
Gets an access token from the current OAuthStorageInterface (shorthand/convenience)
getAuthURL()  : UriInterface
getClientCredentialsToken()  : AccessToken
getRequestAuthorization()  : RequestInterface
getStorage()  : OAuthStorageInterface
Returns the current OAuthStorageInterface
InvalidateAccessToken()  : bool
me()  : ResponseInterface
refreshAccessToken()  : AccessToken
request()  : ResponseInterface
Prepares an API request to $path with the given parameters, gets authorization, fires the request and returns a PSR-7 ResponseInterface with the corresponding API response
sendRequest()  : ResponseInterface
setLogger()  : static
Sets an optional PSR-3 LoggerInterface
setRequestFactory()  : static
Sets an optional PSR-17 RequestFactoryInterface
setStorage()  : static
Sets an optional OAuthStorageInterface
setStreamFactory()  : static
Sets an optional PSR-17 StreamFactoryInterface
setUriFactory()  : static
Sets an optional PSR-17 UriFactoryInterface
storeAccessToken()  : static
Sets an access token in the current OAuthStorageInterface (shorthand/convenience)
cleanBodyParams()  : array<string|int, mixed>
Cleans an array of body parameters
cleanQueryParams()  : array<string|int, mixed>
Cleans an array of query parameters
construct()  : void
A replacement constructor that you can call in extended classes, so that you don't have to implement the monstrous original `__construct()`
createAccessToken()  : AccessToken
Creates an access token with the provider set to $this->serviceName
getAccessTokenRequestBodyParams()  : array<string|int, mixed>
prepares the request body parameters for the access token request
getAuthURLRequestParams()  : array<string|int, mixed>
prepares the query parameters for the auth URL
getClientCredentialsTokenRequestBodyParams()  : array<string|int, mixed>
prepares the request body parameters for the client credentials token request
getRefreshAccessTokenRequestBodyParams()  : array<string|int, mixed>
prepares the request body parameters for the token refresh
getRequestBody()  : StreamInterface
Prepares the request body
getRequestHeaders()  : array<string|int, mixed>
Prepare request headers
getRequestTarget()  : string
Determine the request target from the given URI (path segment or URL) with respect to $apiURL, anything except host and path will be ignored, scheme will always be set to "https".
getRequestURL()  : string
Prepares the request URL
getTokenResponseData()  : array<string|int, mixed>
extracts the data from the access token response and returns an array with the key->value pairs contained
nonce()  : string
returns a 32 byte random string (in hexadecimal representation) for use as a nonce
parseTokenResponse()  : AccessToken
Parses the response from a request to the token endpoint
sendAccessTokenRequest()  : ResponseInterface
sends a request to the access/refresh token endpoint $url with the given $body as form data
sendClientCredentialsTokenRequest()  : ResponseInterface
sends a request to the client credentials endpoint, using basic authentication

Constants

DEFAULT_SCOPES

public mixed DEFAULT_SCOPES = [self::SCOPE_IDENTITY_AVATAR, self::SCOPE_IDENTITY_BASIC, self::SCOPE_IDENTITY_EMAIL, self::SCOPE_IDENTITY_TEAM]

SCOPE_ADMIN

public mixed SCOPE_ADMIN = 'admin'

SCOPE_BOT

public mixed SCOPE_BOT = 'bot'

SCOPE_CHANNELS_HISTORY

public mixed SCOPE_CHANNELS_HISTORY = 'channels:history'

SCOPE_CHANNELS_READ

public mixed SCOPE_CHANNELS_READ = 'channels:read'

SCOPE_CHANNELS_WRITE

public mixed SCOPE_CHANNELS_WRITE = 'channels:write'

SCOPE_CHAT_WRITE_BOT

public mixed SCOPE_CHAT_WRITE_BOT = 'chat:write:bot'

SCOPE_CHAT_WRITE_USER

public mixed SCOPE_CHAT_WRITE_USER = 'chat:write:user'

SCOPE_CLIENT

public mixed SCOPE_CLIENT = 'client'

SCOPE_COMMANDS

public mixed SCOPE_COMMANDS = 'commands'

SCOPE_DND_READ

public mixed SCOPE_DND_READ = 'dnd:read'

SCOPE_DND_WRITE

public mixed SCOPE_DND_WRITE = 'dnd:write'

SCOPE_EMOJI_READ

public mixed SCOPE_EMOJI_READ = 'emoji:read'

SCOPE_FILES_READ

public mixed SCOPE_FILES_READ = 'files:read'

SCOPE_FILES_WRITE_USER

public mixed SCOPE_FILES_WRITE_USER = 'files:write:user'

SCOPE_GROUPS_HISTORY

public mixed SCOPE_GROUPS_HISTORY = 'groups:history'

SCOPE_GROUPS_READ

public mixed SCOPE_GROUPS_READ = 'groups:read'

SCOPE_GROUPS_WRITE

public mixed SCOPE_GROUPS_WRITE = 'groups:write'

SCOPE_IDENTIFY

public mixed SCOPE_IDENTIFY = 'identify'

SCOPE_IDENTITY_AVATAR

public mixed SCOPE_IDENTITY_AVATAR = 'identity.avatar'

SCOPE_IDENTITY_BASIC

public mixed SCOPE_IDENTITY_BASIC = 'identity.basic'

SCOPE_IDENTITY_EMAIL

public mixed SCOPE_IDENTITY_EMAIL = 'identity.email'

SCOPE_IDENTITY_TEAM

public mixed SCOPE_IDENTITY_TEAM = 'identity.team'

SCOPE_IM_HISTORY

public mixed SCOPE_IM_HISTORY = 'im:history'

SCOPE_IM_READ

public mixed SCOPE_IM_READ = 'im:read'

SCOPE_IM_WRITE

public mixed SCOPE_IM_WRITE = 'im:write'

SCOPE_INCOMING_WEBHOOK

public mixed SCOPE_INCOMING_WEBHOOK = 'incoming-webhook'

SCOPE_LINKS_READ

public mixed SCOPE_LINKS_READ = 'links:read'

SCOPE_LINKS_WRITE

public mixed SCOPE_LINKS_WRITE = 'links:write'

SCOPE_MPIM_HISTORY

public mixed SCOPE_MPIM_HISTORY = 'mpim:history'

SCOPE_MPIM_READ

public mixed SCOPE_MPIM_READ = 'mpim:read'

SCOPE_MPIM_WRITE

public mixed SCOPE_MPIM_WRITE = 'mpim:write'

SCOPE_PINS_READ

public mixed SCOPE_PINS_READ = 'pins:read'

SCOPE_PINS_WRITE

public mixed SCOPE_PINS_WRITE = 'pins:write'

SCOPE_POST

public mixed SCOPE_POST = 'post'

SCOPE_REACTIONS_READ

public mixed SCOPE_REACTIONS_READ = 'reactions:read'

SCOPE_REACTIONS_WRITE

public mixed SCOPE_REACTIONS_WRITE = 'reactions:write'

SCOPE_READ

public mixed SCOPE_READ = 'read'

SCOPE_REMINDERS_READ

public mixed SCOPE_REMINDERS_READ = 'reminders:read'

SCOPE_REMINDERS_WRITE

public mixed SCOPE_REMINDERS_WRITE = 'reminders:write'

SCOPE_SEARCH_READ

public mixed SCOPE_SEARCH_READ = 'search:read'

SCOPE_STARS_READ

public mixed SCOPE_STARS_READ = 'stars:read'

SCOPE_STARS_WRITE

public mixed SCOPE_STARS_WRITE = 'stars:write'

SCOPE_TEAM_READ

public mixed SCOPE_TEAM_READ = 'team:read'

SCOPE_USERGROUPS_READ

public mixed SCOPE_USERGROUPS_READ = 'usergroups:read'

SCOPE_USERGROUPS_WRITE

public mixed SCOPE_USERGROUPS_WRITE = 'usergroups:write'

SCOPE_USERS_PROFILE_READ

public mixed SCOPE_USERS_PROFILE_READ = 'users.profile:read'

SCOPE_USERS_PROFILE_WRITE

public mixed SCOPE_USERS_PROFILE_WRITE = 'users.profile:write'

SCOPE_USERS_READ

public mixed SCOPE_USERS_READ = 'users:read'

SCOPE_USERS_READ_EMAIL

public mixed SCOPE_USERS_READ_EMAIL = 'users:read.email'

SCOPE_USERS_WRITE

public mixed SCOPE_USERS_WRITE = 'users:write'

MAGIC_PROPERTIES

protected array<string|int, string> MAGIC_PROPERTIES = ['apiDocs', 'apiURL', 'applicationURL', 'serviceName', 'userRevokeURL']

Properties

$accessTokenURL

protected string $accessTokenURL = 'https://slack.com/api/oauth.v2.access'

$apiDocs

protected string|null $apiDocs = 'https://api.slack.com'

$apiURL

protected string $apiURL = 'https://slack.com/api'

$applicationURL

protected string|null $applicationURL = 'https://api.slack.com/apps'

$authURL

protected string $authURL = 'https://slack.com/oauth/v2/authorize'

$clientCredentialsTokenURL

An optional client credentials token endpoint in case the provider supports ClientCredentials.

protected string|null $clientCredentialsTokenURL = null

If the provider supports client credentials and $clientCredentialsTokenURL is null, $accessTokenURL will be used instead.

$logger

protected LoggerInterface $logger = new NullLogger()

$refreshTokenURL

An optional refresh token endpoint in case the provider supports TokenRefresh.

protected string $refreshTokenURL

If the provider supports token refresh and $refreshTokenURL is null, $accessTokenURL will be used instead.

Tags
see
TokenRefresh

$requestFactory

protected RequestFactoryInterface $requestFactory

$serviceName

the name of the provider/class (magic)

protected string $serviceName

$streamFactory

protected StreamFactoryInterface $streamFactory

$userRevokeURL

protected string|null $userRevokeURL = 'https://slack.com/apps/manage'

Methods

__construct()

OAuthProvider constructor.

public __construct(OAuthOptions|SettingsContainerInterface $options, ClientInterface $http, RequestFactoryInterface $requestFactory, StreamFactoryInterface $streamFactory, UriFactoryInterface $uriFactory[, OAuthStorageInterface $storage = new MemoryStorage() ][, LoggerInterface $logger = new NullLogger() ]) : mixed
Parameters
$options : OAuthOptions|SettingsContainerInterface
$http : ClientInterface
$requestFactory : RequestFactoryInterface
$streamFactory : StreamFactoryInterface
$uriFactory : UriFactoryInterface
$storage : OAuthStorageInterface = new MemoryStorage()
$logger : LoggerInterface = new NullLogger()

__get()

Magic getter for the properties specified in self::ALLOWED_PROPERTIES

public final __get(string $name) : string|null
Parameters
$name : string
Return values
string|null

getAccessToken()

Obtains an OAuth2 access token with the given $code, verifies the $state if the provider implements the CSRFToken interface, and returns an AccessToken object

public getAccessToken(string $code[, string|null $state = null ]) : AccessToken
Parameters
$code : string
$state : string|null = null
Tags
inheritDoc
Return values
AccessToken

getAccessTokenFromStorage()

Gets an access token from the current OAuthStorageInterface (shorthand/convenience)

public getAccessTokenFromStorage() : AccessToken
Tags
inheritDoc
codeCoverageIgnore
Return values
AccessToken

getAuthURL()

public getAuthURL([array<string|int, mixed>|null $params = null ][, array<string|int, string>|null $scopes = null ]) : UriInterface
Parameters
$params : array<string|int, mixed>|null = null
$scopes : array<string|int, string>|null = null
Tags
inheritDoc
Return values
UriInterface

getClientCredentialsToken()

public getClientCredentialsToken([array<string|int, string>|null $scopes = null ]) : AccessToken
Parameters
$scopes : array<string|int, string>|null = null
Tags
implements

\chillerlan\OAuth\Core\ClientCredentials

throws
ProviderException
Return values
AccessToken

getRequestAuthorization()

public getRequestAuthorization(RequestInterface $request[, AccessToken|null $token = null ]) : RequestInterface
Parameters
$request : RequestInterface
$token : AccessToken|null = null
Tags
inheritDoc
Return values
RequestInterface

InvalidateAccessToken()

public InvalidateAccessToken([AccessToken|null $token = null ]) : bool
Parameters
$token : AccessToken|null = null
Tags
implements

\chillerlan\OAuth\Core\TokenInvalidate

codeCoverageIgnore
throws
ProviderException
Return values
bool

me()

public me() : ResponseInterface
Tags
inheritDoc
Return values
ResponseInterface

request()

Prepares an API request to $path with the given parameters, gets authorization, fires the request and returns a PSR-7 ResponseInterface with the corresponding API response

public request(string $path[, array<string|int, mixed>|null $params = null ][, string|null $method = null ][, StreamInterface|array<string|int, mixed>|string|null $body = null ][, array<string|int, mixed>|null $headers = null ][, string|null $protocolVersion = null ]) : ResponseInterface
Parameters
$path : string
$params : array<string|int, mixed>|null = null
$method : string|null = null
$body : StreamInterface|array<string|int, mixed>|string|null = null
$headers : array<string|int, mixed>|null = null
$protocolVersion : string|null = null
Tags
inheritDoc
throws
UnauthorizedAccessException
Return values
ResponseInterface

sendRequest()

public final sendRequest(RequestInterface $request) : ResponseInterface
Parameters
$request : RequestInterface
Tags
inheritDoc
throws
InvalidAccessTokenException
Return values
ResponseInterface

setLogger()

Sets an optional PSR-3 LoggerInterface

public final setLogger(LoggerInterface $logger) : static
Parameters
$logger : LoggerInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

setRequestFactory()

Sets an optional PSR-17 RequestFactoryInterface

public final setRequestFactory(RequestFactoryInterface $requestFactory) : static
Parameters
$requestFactory : RequestFactoryInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

setStreamFactory()

Sets an optional PSR-17 StreamFactoryInterface

public final setStreamFactory(StreamFactoryInterface $streamFactory) : static
Parameters
$streamFactory : StreamFactoryInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

setUriFactory()

Sets an optional PSR-17 UriFactoryInterface

public final setUriFactory(UriFactoryInterface $uriFactory) : static
Parameters
$uriFactory : UriFactoryInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

storeAccessToken()

Sets an access token in the current OAuthStorageInterface (shorthand/convenience)

public storeAccessToken(AccessToken $token) : static
Parameters
$token : AccessToken
Tags
inheritDoc
codeCoverageIgnore
Return values
static

cleanBodyParams()

Cleans an array of body parameters

protected cleanBodyParams(iterable<string|int, mixed> $params) : array<string|int, mixed>
Parameters
$params : iterable<string|int, mixed>
Return values
array<string|int, mixed>

cleanQueryParams()

Cleans an array of query parameters

protected cleanQueryParams(iterable<string|int, mixed> $params) : array<string|int, mixed>
Parameters
$params : iterable<string|int, mixed>
Return values
array<string|int, mixed>

construct()

A replacement constructor that you can call in extended classes, so that you don't have to implement the monstrous original `__construct()`

protected construct() : void

createAccessToken()

Creates an access token with the provider set to $this->serviceName

protected createAccessToken() : AccessToken
Tags
codeCoverageIgnore
Return values
AccessToken

getAccessTokenRequestBodyParams()

prepares the request body parameters for the access token request

protected getAccessTokenRequestBodyParams(string $code) : array<string|int, mixed>
Parameters
$code : string
Return values
array<string|int, mixed>

getAuthURLRequestParams()

prepares the query parameters for the auth URL

protected getAuthURLRequestParams(array<string|int, mixed> $params, array<string|int, mixed> $scopes) : array<string|int, mixed>
Parameters
$params : array<string|int, mixed>
$scopes : array<string|int, mixed>
Return values
array<string|int, mixed>

getClientCredentialsTokenRequestBodyParams()

prepares the request body parameters for the client credentials token request

protected getClientCredentialsTokenRequestBodyParams(array<string|int, string>|null $scopes) : array<string|int, mixed>
Parameters
$scopes : array<string|int, string>|null
Return values
array<string|int, mixed>

getRefreshAccessTokenRequestBodyParams()

prepares the request body parameters for the token refresh

protected getRefreshAccessTokenRequestBodyParams(string $refreshToken) : array<string|int, mixed>
Parameters
$refreshToken : string
Return values
array<string|int, mixed>

getRequestBody()

Prepares the request body

protected getRequestBody(StreamInterface|array<string|int, mixed>|string $body, RequestInterface $request) : StreamInterface
Parameters
$body : StreamInterface|array<string|int, mixed>|string
$request : RequestInterface
Tags
throws
ProviderException
Return values
StreamInterface

getRequestHeaders()

Prepare request headers

protected getRequestHeaders([array<string|int, mixed>|null $headers = null ]) : array<string|int, mixed>
Parameters
$headers : array<string|int, mixed>|null = null
Return values
array<string|int, mixed>

getRequestTarget()

Determine the request target from the given URI (path segment or URL) with respect to $apiURL, anything except host and path will be ignored, scheme will always be set to "https".

protected getRequestTarget(string $uri) : string

Throws if the host of a given URL does not match the host of $apiURL.

Parameters
$uri : string
Tags
see
OAuthInterface::request()
throws
ProviderException
Return values
string

getRequestURL()

Prepares the request URL

protected getRequestURL(string $path[, array<string|int, mixed>|null $params = null ]) : string
Parameters
$path : string
$params : array<string|int, mixed>|null = null
Return values
string

getTokenResponseData()

extracts the data from the access token response and returns an array with the key->value pairs contained

protected getTokenResponseData(ResponseInterface $response) : array<string|int, mixed>

we don't bother checking the content type here as it's sometimes vendor specific, not set or plain wrong: the spec mandates a JSON body which is what almost all providers send - weird exceptions:

  • mixcloud sends JSON with a "text/javascript" header
  • deezer sends form-data with a "text/html" header (???)
  • silly amazon sends gzip compressed data... (handled by decodeJSON)
Parameters
$response : ResponseInterface
Tags
throws
JsonException
Return values
array<string|int, mixed>

sendAccessTokenRequest()

sends a request to the access/refresh token endpoint $url with the given $body as form data

protected sendAccessTokenRequest(string $url, array<string|int, mixed> $body) : ResponseInterface
Parameters
$url : string
$body : array<string|int, mixed>
Return values
ResponseInterface

sendClientCredentialsTokenRequest()

sends a request to the client credentials endpoint, using basic authentication

protected sendClientCredentialsTokenRequest(string $url, array<string|int, mixed> $body) : ResponseInterface
Parameters
$url : string
$body : array<string|int, mixed>
Return values
ResponseInterface 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results