Remove slack user chat:write scope (#5177)

It was unused & caused customers frustration. DO NOT CONFUSE with bot permission chat:write, it's used & needed.
grafana · Oct 15, 2024 · 287bfcc · 287bfcc
1 parent 10b532c
commit 287bfcc
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 8 deletions.
diff --git a/docs/sources/manage/notify/slack/index.md b/docs/sources/manage/notify/slack/index.md
@@ -108,12 +108,6 @@ This set of permissions is supporting the ability of Grafana OnCall to match use
 - **View user groups in your workspace**
 - **View profile details about people in your workspace**
 
-### Perform actions as you
-
-- **Send messages on your behalf** — this permission may sound suspicious, but it's actually a general ability
-  to send messages as the bot: <https://api.slack.com/scopes/chat:write> Grafana OnCall will not impersonate or post
-  using your handle to slack. It will always post as the bot.
-
 ### Perform actions in channels & conversations
 
 - **View messages that directly mention @grafana_oncall in conversations that the app is in**

diff --git a/docs/sources/set-up/open-source/index.md b/docs/sources/set-up/open-source/index.md
@@ -122,7 +122,6 @@ oauth_config:
   scopes:
     user:
       - channels:read
-      - chat:write
       - identify
       - users.profile:read
     bot:

diff --git a/engine/apps/social_auth/backends.py b/engine/apps/social_auth/backends.py
@@ -9,7 +9,7 @@
 
 # Scopes for slack user token.
 # It is main purpose - retrieve user data in SlackOAuth2V2 but we are using it in legacy code or weird Slack api cases.
-USER_SCOPE = ["channels:read", "identify", "chat:write", "users.profile:read", "users:read", "users:read.email"]
+USER_SCOPE = ["channels:read", "identify", "users.profile:read", "users:read", "users:read.email"]
 
 # Scopes for slack bot token.
 # It is prime token we are using for most requests to Slack api.