The accessToken provided by Account has scope issues?

[allang]

Hi folks,

I'm not sure whether I have a misunderstanding or whether I'm experiencing a bug. I'm working with Slack as my Provider and then using the Slack API after sign in, but requests are erroring. Allegedly, the accessToken has a missing scope, despite everything looking A-OK during auth.

My scope looks like this, and it works well:

...
export default NextAuth({
  providers: [
    Providers.Slack({
      clientId: process.env.SLACK_CLIENT_ID,
      clientSecret: process.env.SLACK_CLIENT_SECRET,
      scope: "channels:read chat:write chat:write.public team:read groups:read",
    }),
  ],
...

Upon sign-in, I can verify that all of these permissions are being asked for. Great! But then, using the signIn callback, I try to use the account.accessToken, like so:

...
  callbacks: {
    async signIn(user, account, profile) {
      console.log("🔍 Retrieving team:info for", user.name);
      const response = await getTeamInfo(account.accessToken);
      ...
    },
...

I perform a simple Slack API call with account.accessToken and the response claims that the scope is missing. In fact, all the scopes are missing from the accessToken:

...
Error: An API error occurred: missing_scope
  ... {
  code: 'slack_webapi_platform_error',
  data: {
    ok: false,
    error: 'missing_scope',
    needed: 'team:read',
    provided: 'identity.basic,identity.email,identity.avatar',
    response_metadata: {
      scopes: [ 'identity.basic', 'identity.email', 'identity.avatar' ],
      acceptedScopes: [ 'team:read' ]
    }
  }
}
...

The scopes that are present make sense as being needed for a proper sign in, but what happened to the ones I requested? Perhaps I'm incorrectly adding scope? Am I used the wrong token? Or is this a bug?

Any insight would be very appreciated!

[balazsorban44]

Here is the Slack provider:

https://www.github.com/nextauthjs/next-auth/tree/main/src%2Fproviders%2Fslack.js

And here is the docs from slack:

The scope list requests scopes for your app's bot user. If you have specific need for a user token (say, to act on behalf of a user), provide a user_scope parameter with requested user scopes instead of, or in addition to, the scope parameter.

https://api.slack.com/authentication/oauth-v2#asking

So try adding those scopes to authorizationParams.user_scope instead.

[4turkuaz]

Hi, it seems that it's been while since this issue, however I still face the same problem. I cannot pass user_scope since there's no authorizationParams.user_scope. There's only scope and for which chat:write cannot be added. Is there any other way that you can suggest?