Slack 应用斜杠命令 – 检测到无效签名(401 未经授权)

huangapple go评论78阅读模式
英文:

Slack App Slash Command - Invalid Signature Detected (401 Unauthorized)

问题

好的,以下是您要翻译的内容:


好的,让我们开始。

我正在尝试使用Java JDK 14、Gradle和ngrok构建Slack应用程序(以及Slack的SDK模块,Bolt)。

到目前为止,我已经能够非常轻松地包含所需的依赖关系,我的问题似乎与依赖关系管理毫不相关。它可以构建。至少,它可以构建。

Slack命令配置:

Slack 应用斜杠命令 – 检测到无效签名(401 未经授权)


由于某种原因,我无法整理我的思绪,所以有一些笔记。

我确保每次刷新ngrok时都会更改请求URL。

我已经验证了我的Slack机器人令牌和Slack签名秘钥是正确的。

主要的程序代码:

package SlackApp;

import com.slack.api.bolt.App;
import com.slack.api.bolt.jetty.SlackAppServer;

public class Program {

    public static void main(String[] args) throws Exception {
        App app = new App();

        app.command("/echo", (req, ctx) -> {
            return ctx.ack(":wave: testing");
        });

        SlackAppServer server = new SlackAppServer(app);

        server.start();
    }
}

由于某种原因,无论何时我在开发工作区中使用斜杠命令(我尚未开始为多个工作区执行oAuth,我只是在测试东西),记录器都会显示此信息(我已经搜索过并未找到合适的解决方案):

INFO com.slack.api.bolt.middleware.builtin.RequestVerification - 检测到无效的签名 
- v0=ee1b7da78a098a8b974c119873b1782c843b8bef1dce192b68ea0df4ccf86b23

这就是我所在的位置。Slack的文档表示构建Slack应用程序的过程如下:

您的应用程序处理斜杠命令请求所需的全部步骤是:

  1. 从Slack验证请求

  2. 解析请求正文并检查是否是您想要处理的命令

  3. 构建回复消息或执行任何您想要做的操作

  4. 以200 OK回应Slack API服务器作为确认

我实际上并没有验证来自Slack的请求,但我认为如果我只是玩玩的话,没有必要这样做。您能提供一些见解吗?

英文:

Ok, let's set the stage.

I'm trying to build a slack app using Java JDK 14, with gradle and ngrok. (and Slack's SDK module, Bolt)

So far, I've been able to include the dependencies required very easily and my issues don't seem at all associated with my dependency management. It builds. At the very least, it builds.

The slack command configuration:

Slack 应用斜杠命令 – 检测到无效签名(401 未经授权)


Some notes, because I can't organize my thoughts for some reason.

I make sure to change the request URL each time I refresh ngrok.

I've verified that my slack bot token and my slack signing secret are correct.

The main program code:

package SlackApp;

import com.slack.api.bolt.App;
import com.slack.api.bolt.jetty.SlackAppServer;

public class Program {

    public static void main(String[] args) throws Exception {
        App app = new App();

        app.command("/echo", (req, ctx) -> {
            return ctx.ack(":wave: testing");
        });

        SlackAppServer server = new SlackAppServer(app);
        
        server.start();
    }
}

For some reason, whenever I use the slash command in my development workspace (I haven't started doing oAuth for multiple workspaces, I'm just testing stuff) the logger displays this information (which I have googled and haven't found any appropriate solution for):

INFO com.slack.api.bolt.middleware.builtin.RequestVerification - Invalid signature detected 
- v0=ee1b7da78a098a8b974c119873b1782c843b8bef1dce192b68ea0df4ccf86b23

This is where I am. Slack's documentation says the process of building a slack app is the following:

All your app needs to do to handle slash command requests are:

  1. Verify requests from Slack

  2. Parse the request body and check if the command is the one you’d
    like to handle

  3. Build a reply message or do whatever you want to do

  4. Respond to the Slack API server with 200 OK as an acknowledgment

I'm not actually verifying requests from slack, but I don't think it's necessary doing so if I'm just playing around. Can you offer some insight?

答案1

得分: 5

我曾经遇到过完全相同的问题,这对我起作用了:

如果你正在IDE中运行项目,你需要找出如何在你的IDE中设置运行时环境变量。

我使用的是IntelliJ。要设置环境变量:

  1. 从主菜单中选择“Run | Edit Configurations”或从工具栏上的运行/调试配置选择器中选择“Edit Configurations”。
  2. 在“Run/Debug Configurations”对话框中,选择要添加环境变量的配置。输入变量名称和值:<name>=<value>。
  3. 如果你想要添加多个变量,它们应该用分号分隔。在这种情况下,它将是SLACK_BOT_TOKEN=xoxb.....;SLACK_SIGNING_SECRET=xxxxx

不,你不需要实际验证请求等,因为Bolt Middleware会作为内置的请求验证类来为您执行此操作。

你的应用程序不需要手动返回任何响应,一切都由Bolt自己处理。
只需设置好环境变量就足够了!

希望对你有所帮助!

英文:

I was facing the exact same issue and this worked for me:

If you are running the project in an IDE, you have to figure out how to set runtime environment variables in your IDE.

I used intelliJ. To set environment variable:

  1. From the main menu, select Run | Edit Configurations or choose Edit
    Configurations from the run/debug configurations selector on the
    toolbar.
  2. From the main menu, select Run | Edit Configurations or choose Edit
    Configurations from the run/debug configurations selector on the
    toolbar.
  3. In the Run/Debug Configurations dialog, select a configuration where
    you want to add the environment variables.Type the variable name and value: <name>=<value>.
  4. If you want to add several variables, they should be separated with semicolons. In this case it'll be SLACK_BOT_TOKEN=xoxb.....;SLACK_SIGNING_SECRET=xxxxx

And no, you dont need to actually verify requests etc, because the Bolt Middleware does it for you as a builtin Request Verification class

Your app need not return any response manually, everything is taken care of by Bolt itself.
Just setting the Env variable should be enough!

Hope this helps!

huangapple
  • 本文由 发表于 2020年10月13日 23:10:58
  • 转载请务必保留本文链接:https://go.coder-hub.com/64337957.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定