I am using the Slack API to upload files. https://api.slack.com/methods/files.upload
If you include a channel when you upload a file to it becomes accessible to everyone in that channel, otherwise it is only available to the person who created the API key. Also, when a file is posted to a channel it displays as the user who created the API key.
Questions
Is a way to share with everyone on a team without posting the file in a public channel?
Is there a way to upload a file as another user or as a bot?
I tried files.sharedPublicURL, but these links allow anyone to view files. I want to make file accessible only to a slack team.
There is an option when on the channel info pane when you click "View all file in #channel" to "Include files from integrations & bots". This seems to indicate that it is possible to upload files as a bot.
Sure, by choosing in which channels you share the file, you can control who can see it. That also works with private channels.
No, a file must always belong to a user, a bot would not be sufficient. Also the file is always owned by the user linked to the access token used. If you want to rather use a generic user, A workaround is to create a generic user fort you Slack that is only used for bot-related tasks. (Mine is called slackadmin)
Related
we are trying to build an application which is accessable via onetime passwords without a "user" having the need to register.
We did came accross the term magic-links sent via email, but there is only some old experimental keycloack extention for this.
Is there any way to build some auth flow like the following with keycloack?
User A is a fully registered User creating some document. This document needs some interaction with a Third Party Person (TPP) not registered.
Now User A sends an E-Mail invite to the TPP with a link to the document. When the TPP opens the link our application should ask for the email address and send a magic link or code to this email. Whith that email or magic code the user gets access to the document for the time it takes to complete the approval process. After the work of the TTP is done, the access should expire (or expire automatically after X days not used).
It does sound quite similar to what is possible with SaaS offerings like https://magic.link/ or https://www.arengu.com/ but we are using keycloack and would like to integrate it into it as well.
Does anyone have an idea how to achieve this with keycloak?
I know this is outdated, but perhaps someone else coming along may find this useful. There is a newer implementation of this feature provided here: https://github.com/p2-inc/keycloak-magic-link
We have found it usable and useful for our needs and works well in the latest version of Keycloak (18.x).
Is there any way to overwrite permission to share drive item to specific users only?
e.g.
Case 1:
File1 is shared with User1. I want to share File1 to User2 only using graph api which can also remove User1 from share list.
Currently, Graph APIs are available to add the permission and to delete permission separately.
But, I need to deal with a lot of files to update the permissions and for each file I need to take difference of permissions (User list already shared and User list needs to be updated to share item) for drive item to delete the permission to remove User from share list.
Case 2:
Another case is to make File private to the user. Is there any way to make file private directly(possibly single api call)?. Currently, I have to delete each user permission from shared list(5 calls to delete permissions if file is shared with 5 users). Again, I am dealing with a lot of files.
[Edited]
More info: My use case is for Direct Access permission and Not link-based permission.
According to your scenario, I think you can create a sharelink for a file by using the following API: /sites/{siteId}/drive/items/{itemId}/createLink and grant access to sharelink accordingly.
Refer to the documentation here on accessing shared drive items.
If this doesn't help, consider raising user voice for your specific scenario so that it goes into our backlog.
I am using Circuit Unify to work. However, I would like to save or export messages in a conversation into a file to save for better documentation. Currently it seems impossible on Web App as well as Desktop App. Thus, I want to make an extension (or app?) to do the work.
My question is: Where is the best place I should start with? How can I make an extension to Circuit? Is it possible to make such extension (or app)?
Your comments and suggestions will be greatly appreciated
Your best option is to use the Circuit JavaScript API to retrieve the messages using the API getConversationItems for example. Each item (aka message) contains the url(s) to download its attachments.
Now there are a few different ways this could be done.
Option 1: Using a bot
Create a bot (client credentials grant) that can be added to a conversation by a member of this conversation using the regular "Add participant" button on the Circuit client. This bot then has access to all messages of this conversation and can listen for new messages being posted. The bot can listen for a specific message (command) being sent, such as /export. When this command is sent, the bot retrieves all the data of this conversation to be exported, creates a pdf (or what ever format is required) and attaches this to the conversation. Alternatively the bot could also save that pdf in some other location, but that may pose a security issue.
Option 2: Using a separate web app
Create a web app on which users login using their Circuit credentials via OAuth (implicit or authorization code grant type). The app then acts on behalf of the logged on user. The app can list the conversations the user has access to (getConversations API) and show a button to export the selected conversation. The app then does the same as the bot in option 1 to create the pdf, but instead of posting the pdf to the conversation, the web app will download the pdf.
Option 3: Create a chrome extension
I do not encourage this option as there is no official way yet to extend the Circuit webclient. This means a new Circuit webclient version may break the extension. Using the chrome extension it would be possible to add an "Export" button in the UI and using some internal APIs get the data to be exported.
There is a plan to create official extension points to allow the developer to extend some part of the Circuit webclient and also use the JS SDK in a Chrome extension.
Note: You could also use the Circuit REST API instead of the JS SDK to
retrieve the messages.
I've been creating an extension for VSTS, and so far i have stored some data in documents in collections (https://learn.microsoft.com/en-us/vsts/extend/develop/data-storage).
The problem I have now, is that I need to GET these documents somehow from an external application. I have looked into: https://github.com/Microsoft/vsts-auth-samples/tree/master/ClientLibraryConsoleAppSample to get the authorization done, but then I am unable to get the documents. If I try to access through the REST API I have issues authorizing myself(without the personal access token provided. The application is supposed to work for every user, and i cannot get and use every user's personal access token. This is not feasible for 350+ people) as well as I am unable to get the REST API working. The documentation on all of this is severely lacking.
Anyone able to help?
The documentation is lacking, because the Data Storage is isolated for the extension and there is no easy way to access the data from outside of the extension. If you need external access, you also need to store your data externally. Azure storage or in a TFVC/Git repo under the VSTS account.
As for per-user storage access, that's also isolated and would indeed require either a account owner token or a user specific Oauth or PAT token.
I have found the solution. The documentation states that there are 2 ways of working with the documents/collections. REST API and their VSS wrappers. The url required to get all documents in a certain collection is as follows:
https://{account}.extmgmt.visualstudio.com/_apis/ExtensionManagement/InstalledExtensions/{publisherName}/{extensionName}/Data/Scopes/Default/Current/Collections/{collectionName}/Documents/{documentName}.
Using this in a browser works just fine. All that needs to be done in order to use this with an external application is authorization.
If you use sdk methods from docs like VSS.getService(VSS.ServiceIds.ExtensionData) you can view (easiest in dev tool in browser) the request.
Its look like:
https://extmgmt.dev.azure.com/{organization}/_apis/ExtensionManagement/InstalledExtensions/{publisher id}/{extension id}/Data/Scopes/Default/Current/Collections/{collections (by default 'MyCollection')}/Documents
Basecamp uses HTTP authentication for its RSS feeds but this means that Google Reader, Bloglines and Firefox/Safari RSS don't work.
Is it possible to secure an RSS feed but still allow access from these popular readers?
Only possible solution I would think is use some randomly generated token inside URL to your feed. InfoQ works this way (with personalized feed) and I think many other. This way you can always revoke access to feed by simply changing token.
It has one disadvantage - it is not "protected" by password, so everyone who has can guess (or read from config files of your reader) URL has access to your feed.
And never, NEVER, put anything sensitive in this feed. Put only short summary and require users to open browser, log in and read more.
Try using the RSS feed url in format:
https://USERNAME:PASSWORD#URL
For a Basecamp project feed, this url might be:
https://bigguy:jellydoughnuts#basecamp.com/1234567/projects/89101112.atom
But it's really not a good idea to leave your password within a text field of one of these services -- even if you trust the service.
So, the safer solution is to use an intermediary that can safely store your credentials, access the protected feed, and republish the feed contents at a publicly-accessible url. Basically, we want a public proxy for the protected feed.
I use Yahoo Pipes to accomplish this. This pre-built Pipe makes it very easy to set this up.