teaching machines

Checking Slack Participation with Ruby and OAuth2

August 27, 2017 by . Filed under howto, public, teaching.

A couple of years ago, a student asked me if I thought MOOCs were going to make universities obsolete. I said no, because in my experience of taking MOOCs, one thing that didn’t scale was the number of people answering questions in the forums. No matter the class size, there seemed to be about 5-10 fellow students actively aiding their peers. Perhaps participation plateaus at a certain threshold? I don’t know. But I do know that the best learning is happening in those people that are helping others. If there truly is an absolute number of them in a class, class sizes should be kept low. More people will get to play.

Ironically, my own classes are getting large enough that my forum dynamics are not that different from the MOOCs. So, this semester I’m going to create some small discussion communities in one of my classes. These students will discuss articles not with the entire class, but only within their group of five peers.

To facilitate this, I plan on using Slack. I’ll create a channel for each group. Students will get their participation within their channel marked in the gradebook, which leads us to the real content of this post: how can I make marking this participation easier?

Because I suffer from developerism, the answer is to write a script to query all the messages in a certain time period and automatically give the contributors their credit. While the script is busy doing the grunt work, I am freed up to actually read the content of the messages.

Talking to Slack in a script requires OAuth2 authentication. I despise this stuff. So I’m documenting it in this post. Let’s walk through a Ruby script that does the OAuth2 dance and issues a simple request for the channels in a Slack instance.

First we need some constants. The CLIENT_ID and CLIENT_SECRET we get from adding a new app representing our script to our Slack instance. The REDIRECT_URI is a URL for a fake page that Slack will jump to after the script has been authorized.

CLIENT_ID = '...'
CLIENT_SECRET = '...'
PORT = 4000
REDIRECT_URI = "http://localhost:#{PORT}/oauth"

Next we use the oauth2 gem to create an authorization client:

oauthor = OAuth2::Client.new(CLIENT_ID, CLIENT_SECRET, {
  site: 'https://slack.com/',
  authorize_url: '/oauth/authorize',
  token_url: '/api/oauth.access',
  redirect_uri: REDIRECT_URI
})

The oauthor object can give us a link that will allow the runner of the script to authorize herself. Unfortunately, this needs to happen in a web browser. So, we just prompt the user to visit the link there:

puts "Visit this URL in your web browser:"
puts oauthor.auth_code.authorize_url(scope: 'channels:read')

If you plan on doing more than list channel information, the scope parameter will need to be altered. See Slack’s documentation.

Once the user hits the Authorize button, the page will redirect to the REDIRECT_URI. One of the GET parameters sent to that page is an authorization code. This page doesn’t have to actually exist, but we do need that code. We could let the browser try and fail to access it, copy the parameter out of the URL, and paste it into a prompt in our script. I found several scripts that do that. I’d rather just start up a server that handles the request and slurps down the code automatically:

authorizeCode = nil

thread = Thread.new do
  TCPServer.open(PORT) do |server|
    client = server.accept

    # Read the browser's GET request. We assume the request is legitimate.
    while authorizeCode.nil?
      line = client.gets
      if line =~ /code=([^&\s]+)/
        authorizeCode = $1
      end
    end

    # Send the okay back to the browser.
    client.print "HTTP/1.1 200\r\n"
    client.print "Content-Type: text/html\r\n"
    client.print "\r\n"
    client.print "You are authorized. Feel free to close this window. Or leave it open."
    client.close
  end
end

thread.join

The thread stays alive only long enough to grab the authorization code. We block the script until the server has what we need.

We can now get the access token that will need to accompany every message we send to Slack:

accessToken = oauthor.auth_code.get_token(authorizeCode)

And here we put it to good use by requesting a list of the channels:

response = oauthor.request(:get, '/api/channels.list', {
  params: {
    token: accessToken.token
  }
})

The oauth2 API tells me that I should have been able to write the GET request more simply:

response = accessToken.get('/api/channels.list')

But apparently Slack doesn’t conform to a standard and needs the parameter named differently.

Finally, we can extract the channels, which are nested inside a JSON structure:

body = JSON.parse(response.body)
p body['channels'].map { |channel| channel['name'] }

That’s it! The next step for me is to actually retrieve all the messages and give the authors credit, but that hardly concerns you.

The full script is below. I’ve added automatic caching of the access token so that secondary runs don’t need to re-authorize.

#!/usr/bin/env ruby

require 'oauth2'
require 'socket'

CLIENT_ID = '...'
CLIENT_SECRET = '...'
PORT = 4000
REDIRECT_URI = "http://localhost:#{PORT}/oauth"

oauthor = OAuth2::Client.new(CLIENT_ID, CLIENT_SECRET, {
  site: 'https://slack.com/',
  authorize_url: '/oauth/authorize',
  token_url: '/api/oauth.access',
  redirect_uri: REDIRECT_URI
})

if File.exist? '.otoken'
  accessToken = File.read '.otoken'
  accessToken = OAuth2::AccessToken.new(oauthor, accessToken)
else
  puts "Visit this URL in your web browser:"
  puts oauthor.auth_code.authorize_url(scope: 'channels:read')

  # Start up a server to grab the authorization code that will get sent back.
  authorizeCode = nil
  thread = Thread.new do
    TCPServer.open(PORT) do |server|
      client = server.accept

      # Read the browser's GET request. We assume the request is legitimate.
      while authorizeCode.nil?
        line = client.gets
        if line =~ /code=([^&\s]+)/
          authorizeCode = $1
        end
      end

      # Send the okay back to the browser.
      client.print "HTTP/1.1 200\r\n"
      client.print "Content-Type: text/html\r\n"
      client.print "\r\n"
      client.print "You are authorized. Feel free to close this window. Or leave it open."
      client.close
    end
  end
  thread.join

  # The authorization code is our ticket to an access token that must accompany
  # each API call.
  accessToken = oauthor.auth_code.get_token(authorizeCode)

  # Access tokens don't expire, so let's save this to avoid unnecessary future
  # authorizations.
  puts "Saving token to .otoken for future use. Don't add this to your VCS."
  File.open('.otoken', 'wb') do |f|
    f.write accessToken.token
  end
end

response = oauthor.request(:get, '/api/channels.list', {
  params: {
    token: accessToken.token
  }
})

answer = JSON.parse(response.body)
p answer['channels'].map { |channel| channel['name'] }