Scoping file rights for writes in workspace token apps
We're simplifying some permission scopes as part of the workspace apps developer preview.
Beginning today, workspace apps must request files:write instead of files:write:user during installation or when seeking elevated permissions.
Now files:write represents your app's ability to upload and manage files.
Experiencing déjà vu? This is just like that time we did this for chat:write.
What's changing?
Workspace apps currently requesting the classic files:write:user scope must begin asking for files:write instead.
Your app still uses files.upload and other methods the same way as before.
When receiving an authorization grant with oauth.token or apps.permissions.info, instead of receiving the files:write:user scope, you'll receive files:write.
What isn't changing?
files:read is still files:read, whether you're working with a workspace app or otherwise.
Traditional Slack apps have nothing to fear.
Slack apps that are not part of the developer preview are not impacted by this change. Bot users are also left unharmed.
files:write:user and files:write:bot remain functional, distinct OAuth scopes for traditional Slack apps.
Existing workspace token grants are already converted
We automatically migrated existing grants for files:write:user to files:write. You won't need to re-negotiate existing workspace token installations.
How do I prepare?
If your workspace app requests the files:write:user scope to gain the ability to post messages, you'll need to request files:write instead. It's a drop-in replacement.
When is this happening?
This change just happened, today, on April 17, 2018.
Something amiss? Let us know.