Skip to content

Latest commit

 

History

History
63 lines (40 loc) · 2.75 KB

README.md

File metadata and controls

63 lines (40 loc) · 2.75 KB

send-slack-invite

Small webhook that uses the Slack SCIM API and Puppeteer to invite a user to a Slack workspace.

Disclaimer: this could stop working at literally any time!

Why?

Slack doesn't provide a simple way to programmatically invite users to a workspace unless you're on an Enterprise plan 🙃. There used to be an undocumented API, but it no longer works except with legacy tokens (unavailable to all new apps).

This leaves us with SCIM, intended for use with SSO and external identity management. The SCIM API is unfortunately only available to Pro workspaces.

When you provision a user with SCIM, it doesn't send the usual invite email. This tool provides an endpoint to create a user using SCIM and then request a new invite email be sent through Slack's password reset page. When you request a password reset for a user provisioned through SCIM*, Slack notices that the user hasn't accepted the invite yet and sends a new one.

screenshot 2021-03-10 at 12 21 45AM

* The user must be provisioned with a password in order for this to work.

Usage

Make sure to read the notes about generating tokens for use with SCIM.

Example request:

POST /user
{
  "name": "User McExample",
  "email": "[email protected]"
}

Successful response:

{
  "user": { ... },
  "invited": true
}

If the invited property is missing from the response, a user with the email already exists and we have skipped requesting an invite email.

There are a few reasons why user creation can fail, mostly related to the required username field (which Slack no longer displays). We default to passing in the email (the API will strip everything after the @) and try to catch and fix a few common username errors.

Authentication

TODO this could be more secure

Set the TOKEN environment variable to a randomly generated secret. Use this as a Bearer token in the Authorization header of the request. Consider also not exposing the service to the web and keeping it inside your cloud network's firewall.

Development

cp sample.env .env
docker container run -it --rm -v $(pwd):/usr/src/app -p 3000:3000 --cap-add=SYS_ADMIN zenika/alpine-chrome:with-puppeteer node index.js

Deployment

cloud run: 512mb