Append OAuth redirect URI to Slack OAuth URL

timrourke · timrourke · commit 5cfe9e8c238e · 2020-06-17T09:50:07.000-05:00
diff --git a/bolt/src/main/java/com/slack/api/bolt/App.java b/bolt/src/main/java/com/slack/api/bolt/App.java
@@ -36,8 +36,11 @@
 import lombok.extern.slf4j.Slf4j;
 
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.*;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.regex.Pattern;
@@ -314,26 +317,60 @@ private void initOAuthServicesIfNecessary() {
         }
     }
 
+    /**
+     * Get the Slack URL for beginning the OAuth flow, including the query
+     * params necessary to identify this application to Slack.
+     *
+     * Appends the optional `redirect_uri` query param based on the provided
+     * AppConfig to ensure that the correct OAuth redirect URI is selected in
+     * cases where a Slack application may have multiple redirect URIs
+     * associated with it.
+     *
+     * @param state The OAuth state param
+     * @return The Slack URL to redirect users to for beginning the OAuth flow
+     */
     public String getOauthInstallationUrl(String state) {
         AppConfig config = config();
+
         if (config.getClientId() == null || config.getScope() == null || state == null) {
             return null;
+        }
+
+        String scope = config.getScope() == null ? "" : config.getScope();
+        String redirectUriParam = redirectUriQueryParam(appConfig);
+
+        if (config.isClassicAppPermissionsEnabled()) {
+            // https://api.slack.com/authentication/migration
+            return "https://slack.com/oauth/authorize" +
+                    "?client_id=" + config.getClientId() +
+                    "&scope=" + scope +
+                    "&state=" + state +
+                    redirectUriParam;
         } else {
-            String scope = config.getScope() == null ? "" : config.getScope();
-            if (config.isClassicAppPermissionsEnabled()) {
-                // https://api.slack.com/authentication/migration
-                return "https://slack.com/oauth/authorize" +
-                        "?client_id=" + config.getClientId() +
-                        "&scope=" + scope +
-                        "&state=" + state;
-            } else {
-                String userScope = config.getUserScope() == null ? "" : config.getUserScope();
-                return "https://slack.com/oauth/v2/authorize" +
-                        "?client_id=" + config.getClientId() +
-                        "&scope=" + scope +
-                        "&user_scope=" + userScope +
-                        "&state=" + state;
-            }
+            String userScope = config.getUserScope() == null ? "" : config.getUserScope();
+            return "https://slack.com/oauth/v2/authorize" +
+                    "?client_id=" + config.getClientId() +
+                    "&scope=" + scope +
+                    "&user_scope=" + userScope +
+                    "&state=" + state +
+                    redirectUriParam;
+        }
+    }
+
+    private String redirectUriQueryParam(AppConfig appConfig) {
+        if (appConfig.getRedirectUri() == null) {
+            return "";
+        }
+
+        try {
+            String urlEncodedRedirectUri = URLEncoder.encode(
+                appConfig.getRedirectUri(),
+                StandardCharsets.UTF_8.name()
+            );
+
+            return String.format("&redirect_uri=%s", urlEncodedRedirectUri);
+        } catch (UnsupportedEncodingException e) {
+            return "";
         }
     }
 
diff --git a/bolt/src/test/java/test_locally/AppTest.java b/bolt/src/test/java/test_locally/AppTest.java
@@ -38,6 +38,20 @@ public void getOauthInstallationUrl_v1() {
         assertEquals("https://slack.com/oauth/authorize?client_id=123&scope=commands,chat:write&state=state-value", url);
     }
 
+    @Test
+    public void getOauthInstallationUrl_v1_with_redirect_uri() {
+        AppConfig config = AppConfig.builder()
+            .signingSecret("secret")
+            .clientId("123")
+            .scope("commands,chat:write")
+            .classicAppPermissionsEnabled(true)
+            .redirectUri("https://my.app/oauth/callback")
+            .build();
+        App app = new App(config);
+        String url = app.getOauthInstallationUrl("state-value");
+        assertEquals("https://slack.com/oauth/authorize?client_id=123&scope=commands,chat:write&state=state-value&redirect_uri=https%3A%2F%2Fmy.app%2Foauth%2Fcallback", url);
+    }
+
     @Test
     public void getOauthInstallationUrl_v2() {
         AppConfig config = AppConfig.builder()
@@ -51,6 +65,20 @@ public void getOauthInstallationUrl_v2() {
         assertEquals("https://slack.com/oauth/v2/authorize?client_id=123&scope=commands,chat:write&user_scope=search:read&state=state-value", url);
     }
 
+    @Test
+    public void getOauthInstallationUrl_v2_with_redirect_uri() {
+        AppConfig config = AppConfig.builder()
+            .signingSecret("secret")
+            .clientId("123")
+            .scope("commands,chat:write")
+            .userScope("search:read")
+            .redirectUri("https://my.app/oauth/callback")
+            .build();
+        App app = new App(config);
+        String url = app.getOauthInstallationUrl("state-value");
+        assertEquals("https://slack.com/oauth/v2/authorize?client_id=123&scope=commands,chat:write&user_scope=search:read&state=state-value&redirect_uri=https%3A%2F%2Fmy.app%2Foauth%2Fcallback", url);
+    }
+
     @Test
     public void getOauthInstallationUrl_null() {
         App app = new App();
