feat(slack): add userToken for read-only access to DMs and private channels (#981)

- Add userToken and userTokenReadOnly (default: true) config fields - Implement token routing: reads prefer user token, writes use bot token - Add tests for token routing logic - Update documentation with required OAuth scopes User tokens enable reading DMs and private channels without requiring bot membership. The userTokenReadOnly flag (true by default) ensures the user token can only be used for reads, preventing accidental sends as the user. Required user token scopes: - channels:history, channels:read - groups:history, groups:read - im:history, im:read - mpim:history, mpim:read - users:read, reactions:read, pins:read, emoji:read, search:read
2026-05-06 17:31:36 +00:00 · 2026-01-15 16:11:33 -08:00
parent 8312a19f02
commit a139d35fa2
9 changed files with 459 additions and 57 deletions
--- a/src/config/slack-token-validation.test.ts
+++ b/src/config/slack-token-validation.test.ts
@@ -0,0 +1,37 @@
+import { describe, expect, it } from "vitest";
+
+import { validateConfigObject } from "./config.js";
+
+describe("Slack token config fields", () => {
+  it("accepts user token config fields", () => {
+    const res = validateConfigObject({
+      channels: {
+        slack: {
+          botToken: "xoxb-any",
+          appToken: "xapp-any",
+          userToken: "xoxp-any",
+          userTokenReadOnly: false,
+        },
+      },
+    });
+    expect(res.ok).toBe(true);
+  });
+
+  it("accepts account-level user token config", () => {
+    const res = validateConfigObject({
+      channels: {
+        slack: {
+          accounts: {
+            work: {
+              botToken: "xoxb-any",
+              appToken: "xapp-any",
+              userToken: "xoxp-any",
+              userTokenReadOnly: true,
+            },
+          },
+        },
+      },
+    });
+    expect(res.ok).toBe(true);
+  });
+});