Slack Requires Authorization At Every Login. #544

New Issue

Closed

opened 2026-02-04 20:55:28 +03:00 by OVERLORD · 6 comments

OVERLORD commented 2026-02-04 20:55:28 +03:00

Owner

Copy Link

Originally created by @obeardly on GitHub (Jan 10, 2018).

For Bug Reports

• BookStack Version (Found in settings, Please don't put 'latest'): 0.18.5
• PHP Version: PHP 5.6.30-0+deb8u1
• MySQL Version: 5.5.58

Expected Behavior

When logging in with Slack, I expect Bookstack to ask for authorization once, and then retain the ability to login without reauthorizing.

Current Behavior

When logging in with Slack, it asks me to authorize the app every time.

Steps to Reproduce

With the aforementioned versions of BookStack, PHP, and MySQL, enable Slack login and attempt to login more than once. Requires you to reauthorize at every login.

Originally created by @obeardly on GitHub (Jan 10, 2018). ### For Bug Reports * BookStack Version *(Found in settings, Please don't put 'latest')*: 0.18.5 * PHP Version: PHP 5.6.30-0+deb8u1 * MySQL Version: 5.5.58 ##### Expected Behavior When logging in with Slack, I expect Bookstack to ask for authorization once, and then retain the ability to login without reauthorizing. ##### Current Behavior When logging in with Slack, it asks me to authorize the app every time. ##### Steps to Reproduce With the aforementioned versions of BookStack, PHP, and MySQL, enable Slack login and attempt to login more than once. Requires you to reauthorize at every login.

OVERLORD added the 🐛 Bug label 2026-02-04 20:55:28 +03:00

OVERLORD closed this issue 2026-02-04 20:55:34 +03:00

OVERLORD commented 2026-02-04 20:55:40 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jan 10, 2018):

Can confirm this but I've had a good dig into and and cannot find why this happens. Pretty sure it's some sort of change on slack's side but cannot work out why or what. BookStack appears to construct the auth URL as expected.

Have you noticed this for a while? Wondering if it's a temporary problem on slack's side.

@ssddanbrown commented on GitHub (Jan 10, 2018): Can confirm this but I've had a good dig into and and cannot find why this happens. Pretty sure it's some sort of change on slack's side but cannot work out why or what. BookStack appears to construct the auth URL as expected. Have you noticed this for a while? Wondering if it's a temporary problem on slack's side.

OVERLORD commented 2026-02-04 20:55:49 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jan 10, 2018):

Just tried on another, Non-BookStack-related, app I manually set up slack auth on. Does that same thing.

@ssddanbrown commented on GitHub (Jan 10, 2018): Just tried on another, Non-BookStack-related, app I manually set up slack auth on. Does that same thing.

OVERLORD commented 2026-02-04 20:55:59 +03:00

Author

Owner

Copy Link

@obeardly commented on GitHub (Jan 11, 2018):

It has done this since I installed. In the past, I have used Slack for
authentication on other apps, and it did not do this. However, as you said,
this may be a change on Slack's end. I'll look further into it.

On Wed, Jan 10, 2018 at 3:34 PM, Dan Brown notifications@github.com wrote:

Just tried on another, Non-BookStack-related, app I manually set up slack
auth on. Does that same thing.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/BookStackApp/BookStack/issues/659#issuecomment-356727913,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AMNjaEFbAKokAF8ooTz9S-FyCwkONbNsks5tJR63gaJpZM4RZZyZ
.

@obeardly commented on GitHub (Jan 11, 2018): It has done this since I installed. In the past, I have used Slack for authentication on other apps, and it did not do this. However, as you said, this may be a change on Slack's end. I'll look further into it. On Wed, Jan 10, 2018 at 3:34 PM, Dan Brown <notifications@github.com> wrote: > Just tried on another, Non-BookStack-related, app I manually set up slack > auth on. Does that same thing. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/BookStackApp/BookStack/issues/659#issuecomment-356727913>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/AMNjaEFbAKokAF8ooTz9S-FyCwkONbNsks5tJR63gaJpZM4RZZyZ> > . >

OVERLORD commented 2026-02-04 20:56:06 +03:00

Author

Owner

Copy Link

@shane-smith commented on GitHub (Feb 27, 2018):

Maybe this is relevant?

https://stackoverflow.com/questions/46094760/sign-in-with-slack-keeps-prompting-user-for-permission-every-time

Slack Sign-in does not cache user logins like other OAuth providers doe [sic], so if you want to avoid that users have to sign-in every time you have to cache user permissions in your app. e.g. by using cookies.

@shane-smith commented on GitHub (Feb 27, 2018): Maybe this is relevant? https://stackoverflow.com/questions/46094760/sign-in-with-slack-keeps-prompting-user-for-permission-every-time > Slack Sign-in does not cache user logins like other OAuth providers doe [sic], so if you want to avoid that users have to sign-in every time you have to cache user permissions in your app. e.g. by using cookies.

OVERLORD commented 2026-02-04 20:56:16 +03:00

Author

Owner

Copy Link

@obeardly commented on GitHub (Feb 27, 2018):

That definitely seems relevant. The question is now, how do we enable cookies in BookStack?

@obeardly commented on GitHub (Feb 27, 2018): That definitely seems relevant. The question is now, how do we enable cookies in BookStack?

OVERLORD commented 2026-02-04 20:56:24 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Nov 15, 2021):

Just re-reviewing this, based upon the response from slack in this stackoverflow question it appears the above text was an incorrect detail in the documentation.

I don't think there's anything we can do about this so I'll close this off.

Note, Slack now advise using their more recent OIDC for authentication flow, which we now support as a primary authentication mechanism. I'd imagine this would not have this issue.

@ssddanbrown commented on GitHub (Nov 15, 2021): Just re-reviewing this, based upon the response from slack [in this stackoverflow question](https://stackoverflow.com/questions/58478994/slack-oauth-automatically-authorize-user-if-user-had-already-authorized-app?noredirect=1&lq=1) it appears the above text was an incorrect detail in the documentation. I don't think there's anything we can do about this so I'll close this off. Note, Slack now advise using their more recent OIDC for authentication flow, which we now support as a primary authentication mechanism. I'd imagine this would not have this issue.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐛 Bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#544