Skip to content

feat: add bot_optional and user_optional scopes to app manifest#517

Merged
mwbrooks merged 2 commits intomainfrom
mwbrooks-manifest-user-bot-optional-scopes
May 1, 2026
Merged

feat: add bot_optional and user_optional scopes to app manifest#517
mwbrooks merged 2 commits intomainfrom
mwbrooks-manifest-user-bot-optional-scopes

Conversation

@mwbrooks
Copy link
Copy Markdown
Member

@mwbrooks mwbrooks commented Apr 30, 2026
edited
Loading

Changelog

Add support for optional OAuth scopes (bot_optional and user_optional) in the app manifest schema.

Summary

This pull request adds two new optional properties to the manifest schema: oauth_config.scopes.bot_optional and oauth_config.scopes.user_optional. These allow apps to declare optional OAuth scopes for both bot and user tokens.

Notes

  • The new fields use omitempty, so they are fully backwards-compatible and only serialized when set.
  • We may need to update the developerInstall endpoint to accept the optional scopes. We can investigate this next.

Testing

# Create a Starter App
$ ./bin/slack create my-app -t https://github.com/slack-samples/bolt-js-starter-template
$ cd my-app/

# Add optional scopes
$ vim manifest.json
# Replace "oauth_config: { .... }" with:
    "oauth_config": {
        "scopes": {
            "user": [
                "search:read.public",
                "search:read.private",
                "search:read.mpim",
                "search:read.im",
                "search:read.files",
                "search:read.users",
                "chat:write",
                "channels:history",
                "groups:history",
                "mpim:history",
                "im:history",
                "canvases:read",
                "canvases:write",
                "users:read",
                "users:read.email",
                "reactions:write"
            ],
            "user_optional": [
                "search:read.private",
                "search:read.mpim",
                "search:read.im",
                "search:read.files",
                "chat:write",
                "groups:history",
                "mpim:history",
                "im:history",
                "canvases:read",
                "canvases:write"
            ],
            "bot": [
                "app_mentions:read",
                "assistant:write",
                "im:history",
                "channels:history",
                "chat:write",
                "commands"
            ],
            "bot_optional": [
                "canvases:read"
            ]
        }
    },
# Confirm production CLI is missing optional scopes
$ lack-prod manifest info --source local
# → Confirm no `user_optional` or `bot_optional` scopes

# Confirm new CLI includes the optional scopes
$ ../bin/slack manifest info --source local

# Confirm new CLI installs the app
$ ../bin/slack run

# Cleanup
$ lack delete -f

Requirements

@mwbrooks
feat: add bot_optional and user_optional scopes to app manifest
0e5c9b3 
Support optional OAuth scopes for both bot and user tokens in the
manifest schema via `oauth_config.scopes.bot_optional` and
`oauth_config.scopes.user_optional` properties.
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 30, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.25%. Comparing base (783ac1a) to head (57faf12).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #517   +/-   ##
=======================================
  Coverage   71.25%   71.25%           
=======================================
  Files         222      222           
  Lines       18682    18682           
=======================================
+ Hits        13311    13312    +1     
+ Misses       4190     4189    -1     
  Partials     1181     1181

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@mwbrooks mwbrooks self-assigned this Apr 30, 2026
@mwbrooks mwbrooks added enhancement M-T: A feature request for new functionality changelog Use on updates to be included in the release notes semver:minor Use on pull requests to describe the release version increment labels Apr 30, 2026
@mwbrooks mwbrooks added this to the Next Release milestone Apr 30, 2026
@mwbrooks mwbrooks marked this pull request as ready for review April 30, 2026 19:27
@mwbrooks mwbrooks requested a review from a team as a code owner April 30, 2026 19:27
srtaalej
srtaalej approved these changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@srtaalej srtaalej left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm and working as expected ⭐ ⭐ ⭐

@mwbrooks
Copy link
Copy Markdown
Member Author

mwbrooks commented May 1, 2026

Thanks a bunch @srtaalej 🙇🏻

@mwbrooks mwbrooks merged commit e1112eb into main May 1, 2026
8 checks passed
@mwbrooks mwbrooks deleted the mwbrooks-manifest-user-bot-optional-scopes branch May 1, 2026 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@srtaalej srtaalej srtaalej approved these changes

Assignees

@mwbrooks mwbrooks

Labels

changelog Use on updates to be included in the release notes enhancement M-T: A feature request for new functionality semver:minor Use on pull requests to describe the release version increment

Projects

None yet

Milestone

Next Release

Development

Successfully merging this pull request may close these issues.

2 participants

@mwbrooks @srtaalej