The latest with app tokens

And what we’re working on next

Image credit: Josh Cochran

In October, we announced that we would be stopping work on the Workspace Apps project in favor of a simpler approach that would bring the benefits of the project to bot tokens you’re already familiar with. As part of that change, we committed to keeping our developer community updated on the work we’re doing and on what comes next.

As we approach the end of the year, here’s what we’ve been working on:

Improving app reliability

One of the problems we’re tackling first is unexpected uninstalls: apps can be uninstalled if the installing user leaves a company, often surprising users and admins. We’re solving this through two distinct projects:

  1. Admins will soon be notified in Slack if an app’s last authorized user leaves the workspace; from there, admins will be able to easily re-authorize that app to keep it active. This project will give admins greater insight into what’s happening on their workspace, and increase the likelihood your app will remain working.
  2. Apps that do not request user scopes will soon stay installed and working, even when the last authorized user leaves the workspace. This track of work will limit unexpected uninstallation of slash commands, incoming webhooks, and bots. In the future, we’ll allow apps that do request user scopes to remain installed with reduced functionality.

Simplifying permissions

We’ve kicked off work to break up the bot scope into its component pieces. Through this project, we’re aiming to resolve some inconsistencies around what bots can do compared to users in Slack. Our goal is to offer a single set of scopes for Slack apps that can be applied to a user or bot token.

The first components of this work will lay the foundation to enable bots to create channels and manage channel topic, purpose, members, and more.

Future projects

Later in 2019, we will be focusing on a handful of improvements to enable more robust and secure apps — for example, bringing token rotation to bot and user tokens, shipping Admin APIs for simpler app management, and rolling out the ability for apps to be deployed organization-wide.

As these features become available, we’ll be keeping you updated on the Slack Platform Blog. As always, if you have feedback on what you’ve heard so far, drop us a line at feedback@slack.com.