What are custom OAuth profiles?

Custom OAuth profiles allow your Slack apps to leverage the Workato Slack connector under the hood. You can fully customize your Slack app's identity, i.e.:

• Branding (bot name, bot logos, background color)
• Permissions

When would I need custom OAuth profiles for Slack

1. You want multiple apps that each perform workspace orchestration as part of their automations, e.g. creating/archiving conversations. For example, an EscalationBot could create a private conversation, invite crisis management team members, and archive it once the issue is resolved. At the same time, BirthdayBot could perform the exact same actions – create a private conversation, invite the party planners, and archive it once the birthday is over – but for vastly different purposes.

2. You want control over your app's branding & appearance

3. You want control over your bot's permissions. The minimum permissions for optimal use are listed in the table below.

   Token type	Scope	Reason
   Bot	None	No bot scopes required.
   User	channels:read	Retrieves list of public conversations.
   	channels:write	Create/update public conversations.
   	groups:read	Retrieves list of private conversations.
   	groups:write	Create/update private conversations.
   	im:read	Retrieves list of direct message conversations.
   	im:write	Create/update direct message conversations.
   	mpim:write	Create/update multi-party group conversations.
   	mpim:read	Retrieves list of multi-party group conversations.
   	chat:write	Post messages as user.
   	users:read	Get user info.
   	users:read.email	Get user info by email.

Migration to granular scopes

Slack released granular permissions (opens new window) on 22 January 2020. You may have to migrate any pre-existing custom Slack apps you have connected to Workato. See the migration guide for more details.

Creating a custom OAuth profile

To get started, head to Tools ➤ View all tools. Under Connect apps, click on Custom OAuth profiles. Once there, click on Create a new custom OAuth profile.

If you don't see Custom OAuth profile, make sure your Workato team or account has access to it

Next, choose Slack as your application.

In Step 2, click on Create new app.

This will open a new tab that brings you to https://api.slack.com/apps (opens new window). Keep both the Workato tab and this new tab open - you'll need both to complete Steps 3 and 4.

Sign in to your team (if you haven't already), then click on Create New App.

In the form that pops up, give your app a name - it typically describes its intended functionality, e.g. HRBot or SupportBot.

Choose which Slack team this app belongs to, then click on Create App.

Your app should now be created. You should be greeted with your new app's Basic Information page. If not - don't sweat it. Just click on Basic Information from the left navigation menu.

Scroll down to App Credentials you'll need this information back in your Workato tab. With this info handy, we can now head back to the Workato tab to complete Step 3.

In Step 3, fill up:

• Name: This should be the same name you used when creating the app e.g. HRBot
• Client ID
• Client secret
• Verification token

Configuring Workato to talk to your app

Hit Save once you're done. We can now configure your app to talk to Workato in Step 4.

Enabling event subscriptions

To enable event subscriptions, go to your Slack app's page (it should look something like 'https://api.slack.com/apps/{your_app_id} (opens new window)' — your app ID is unique to your app). Under Event Subscriptions, turn on 'Enable Events', then paste the URL from your New event trigger into the Request URL field and click Save.

Enabling event subscriptions

For a new event trigger to pick up events, your app needs to know where to send these events to. That's why it comes with a target URL. This Target URL is generated once you've entered an Event name. Once your app is sending events to your recipe's target URL, the recipe can take over and execute your recipe's actions.

Subscribing to workspace events

Slack provides an entire list of workspace events that you can subscribe to — any of these events can kick-start your recipes.

In this example, customer success users are given the option to create a private channel between themselves & their customers whenever messages containing the word 'resolve' are posted in certain channels and direct messages (DMs). Hence, the events message.channels, message.groups and message.im were chosen as triggers.

Whenever a message is posted to a channel, a private channel, or a DM, an event is sent to the recipe

Subscribing to events will automatically add scopes that your app does not already have. This may give your app unintended permissions from the additional scopes. After subscribing to events, we strongly recommend going to OAuth & Permissions → Scopes to confirm your app's permission scopes.

Installing your app

Once you've subscribed to at least 1 workspace event, a permission scope is automatically added. This allows you to install the app to your workspace. From the left navigation menu, under Settings, head over to Install App.

• Click on Install App to Workspace

Choose your Slack team and authorize it to complete the installation.

Jumping back to your custom OAuth profile in Workato, under Step 4, click on Done to finish configuring the custom OAuth profile. You can now use this custom OAuth profile in other Slack connections in Workato!

Using your custom OAuth profile

Once you've created a custom OAuth profile, anyone in your Workato workspace can use it in their own Slack connections to the Slack workspace — without having to create and configure a new Slack app.

Using custom OAuth profiles in a new Slack connection

Note that custom OAuth profiles, by definition, can only connect to a single Slack workspace, i.e. 1 custom OAuth profile cannot be used across multiple Slack workspaces.