Update the Slack provider to use a unique identifier for ClaimTypes.NameIdentifier

Author: jerriep

src/AspNet.Security.OAuth.Slack/SlackAuthenticationDefaults.cs

@@ -45,8 +45,8 @@ public static class SlackAuthenticationDefaults
 
         /// <summary>
         /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>.
-        /// For more info about this endpoint, see https://api.slack.com/methods/auth.test.
+        /// For more info about this endpoint, see https://api.slack.com/methods/users.identity.
         /// </summary>
-        public const string UserInformationEndpoint = "https://slack.com/api/auth.test";
+        public const string UserInformationEndpoint = "https://slack.com/api/users.identity";
     }
 }

src/AspNet.Security.OAuth.Slack/SlackAuthenticationHandler.cs

@@ -48,16 +48,12 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync([NotNull]
 
             var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
 
-            identity.AddOptionalClaim(ClaimTypes.NameIdentifier, SlackAuthenticationHelper.GetUserIdentifier(payload), Options.ClaimsIssuer)
+            identity.AddOptionalClaim(ClaimTypes.NameIdentifier, SlackAuthenticationHelper.GetUniqueIdentifier(payload), Options.ClaimsIssuer)
                     .AddOptionalClaim(ClaimTypes.Name, SlackAuthenticationHelper.GetUserName(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim(ClaimTypes.Email, SlackAuthenticationHelper.GetUserEmail(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:slack:user_id", SlackAuthenticationHelper.GetUserIdentifier(payload), Options.ClaimsIssuer)
                     .AddOptionalClaim("urn:slack:team_id", SlackAuthenticationHelper.GetTeamIdentifier(payload), Options.ClaimsIssuer)
-                    .AddOptionalClaim("urn:slack:team_name", SlackAuthenticationHelper.GetTeamName(payload), Options.ClaimsIssuer)
-                    .AddOptionalClaim("urn:slack:team_url", SlackAuthenticationHelper.GetTeamLink(payload), Options.ClaimsIssuer)
-                    .AddOptionalClaim("urn:slack:bot:user_id", SlackAuthenticationHelper.GetBotUserId(payload), Options.ClaimsIssuer)
-                    .AddOptionalClaim("urn:slack:bot:access_token", SlackAuthenticationHelper.GetBotAccessToken(payload), Options.ClaimsIssuer)
-                    .AddOptionalClaim("urn:slack:webhook:channel", SlackAuthenticationHelper.GetWebhookChannel(payload), Options.ClaimsIssuer)
-                    .AddOptionalClaim("urn:slack:webhook:url", SlackAuthenticationHelper.GetWebhookURL(payload), Options.ClaimsIssuer)
-                    .AddOptionalClaim("urn:slack:webhook:configuration_url", SlackAuthenticationHelper.GetWebhookConfigurationURL(payload), Options.ClaimsIssuer);
+                    .AddOptionalClaim("urn:slack:team_name", SlackAuthenticationHelper.GetTeamName(payload), Options.ClaimsIssuer);
 
             var principal = new ClaimsPrincipal(identity);
             var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);

src/AspNet.Security.OAuth.Slack/SlackAuthenticationHelper.cs

@@ -17,133 +17,86 @@ namespace AspNet.Security.OAuth.Slack
     public static class SlackAuthenticationHelper
     {
         /// <summary>
-        /// Gets the identifier corresponding to the authenticated user.
-        /// </summary>
-        public static string GetUserIdentifier([NotNull] JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("user_id");
-        }
-
-        /// <summary>
-        /// Gets the login corresponding to the authenticated user.
-        /// </summary>
-        public static string GetUserName([NotNull] JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("user");
-        }
-
-        /// <summary>
-        /// Gets the name corresponding to the authenticated user.
-        /// </summary>
-        public static string GetTeamIdentifier([NotNull] JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("team_id");
-        }
-
-        /// <summary>
-        /// Gets the name corresponding to the authenticated user.
-        /// </summary>
-        public static string GetTeamName([NotNull] JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("team");
-        }
-
-        /// <summary>
-        /// Gets the URL corresponding to the authenticated user.
+        /// Gets a unique identifer for the authenticated user.
         /// </summary>
-        public static string GetTeamLink([NotNull] JObject user)
+        /// <remarks>
+        /// Note: according to the Slack API documentation (https://api.slack.com/methods/users.identity),
+        /// user identifiers are not guaranteed to be globally unique across teams. The combination of
+        /// the user and team identifiers on the other hand, is guaranteed to be globally unique.
+        /// </remarks>
+        public static string GetUniqueIdentifier([NotNull] JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user.Value<string>("url");
+            return string.Concat(GetTeamIdentifier(user), "|", GetUserIdentifier(user));
         }
 
         /// <summary>
-        /// Gets the identifier associated with the bot.
+        /// Gets the email address corresponding to the authenticated user.
         /// </summary>
-        public static string GetBotUserId([NotNull] JObject user)
+        public static string GetUserEmail([NotNull] JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user["bot"]?.Value<string>("bot_user_id");
+            return user.Value<JObject>("user")?.Value<string>("email");
         }
 
         /// <summary>
-        /// Gets the access token associated with the bot.
+        /// Gets the identifier corresponding to the authenticated user.
         /// </summary>
-        public static string GetBotAccessToken([NotNull] JObject user)
+        public static string GetUserIdentifier([NotNull] JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user["bot"]?.Value<string>("bot_access_token");
+            return user.Value<JObject>("user")?.Value<string>("id");
         }
 
         /// <summary>
-        /// Gets the channel name of the selected webhook.
+        /// Gets the login corresponding to the authenticated user.
         /// </summary>
-        public static string GetWebhookChannel([NotNull] JObject user)
+        public static string GetUserName([NotNull] JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user["incoming_webhook"]?.Value<string>("channel");
+            return user.Value<JObject>("user")?.Value<string>("name");
         }
 
         /// <summary>
-        /// Gets the URL of the selected webhook.
+        /// Gets the name corresponding to the authenticated user.
         /// </summary>
-        public static string GetWebhookURL([NotNull] JObject user)
+        public static string GetTeamIdentifier([NotNull] JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user["incoming_webhook"]?.Value<string>("url");
+            return user.Value<JObject>("team")?.Value<string>("id");
         }
 
         /// <summary>
-        /// Gets the channel configuration URL of the selected webhook.
+        /// Gets the name corresponding to the authenticated user.
         /// </summary>
-        public static string GetWebhookConfigurationURL([NotNull] JObject user)
+        public static string GetTeamName([NotNull] JObject user)
         {
             if (user == null)
             {
                 throw new ArgumentNullException(nameof(user));
             }
 
-            return user["incoming_webhook"]?.Value<string>("configuration_url");
+            return user.Value<JObject>("team")?.Value<string>("name");
         }
     }
 }

src/AspNet.Security.OAuth.Slack/SlackAuthenticationOptions.cs

@@ -25,6 +25,8 @@ public SlackAuthenticationOptions()
             AuthorizationEndpoint = SlackAuthenticationDefaults.AuthorizationEndpoint;
             TokenEndpoint = SlackAuthenticationDefaults.TokenEndpoint;
             UserInformationEndpoint = SlackAuthenticationDefaults.UserInformationEndpoint;
+
+            Scope.Add("identity.basic");
         }
     }
 }