New Features
Token Rotation Support
This version includes the support for the apps enabling the newly released token rotation for better security. Refer to the API document for the general information about the feature.
How to handle token rotation with this SDK
If you use any of the built-in InstallationStore, there is nothing else to change on your application code side. If you use the relational database tables along with a built-in InstallationStore, refer to the latest table schema here.
If you use your own custom authorize, not the built-in InstallationStoreAuthorize, the authorize function needs to be updated to run the token rotation. Refer to the InstallationStoreAuthorize's code to learn what to do for it.
Migration guide for Django users
If you operate Django apps based on the example app in this repository and would like to enable token rotation for the apps, check this commit to learn the required changes for it.
Migration guide for SQLAlchemyInstallationStore users
If your app uses the built-in SQLAlchemyInstallationStore for managing Slack app installations, adding the following database columns is required for this version upgrade. Refer to the code to check the complete ones.
Also, since this version, all the table columns for string data have their max length for better compatibility with MySQL. We recommend setting the same ones for your models.
slack_installations
Column("bot_refresh_token", String(200)),Column("bot_token_expires_at", DateTime),Column("user_refresh_token", String(200)),Column("user_token_expires_at", DateTime),
slack_bots
Column("bot_refresh_token", String(200)),Column("bot_token_expires_at", DateTime),
Changes
- #404 Fix #400 token rotation feature support - Thanks @seratch
- #387 #386 Replace re.search() with re.findall() in MessgeListenerMatches middleware to provide better matching results - Thanks @albeec13
- #379 Make cookies extraction on AWS Lambda compatible with its format v1.0 - Thanks @tattee
- #375 Update install page to avoid favicon downloads - Thanks @Bhavya6187
- #401 Fix #378 by adding middleware error handlers - Thanks @seratch @jeremyschulman
- #403 Fix #377 Better log messages for AsyncApp when a listener is missing - Thanks @seratch
- #394 Fix #370 by adding an alias of next arg (next_) in middleware arguments - Thanks @seratch
- #402 Fix #372 by adding listener matcher docs - Thanks @seratch
- #389 Add reference to WorkflowStepBuilder in docs - Thanks @misscoded