OpenID Connect 3: Slack can be the identity hub of small organizations
(Technically, this is a blogpost about Oauth2 and not OpenID Connect)
Are you using Slack as a central communication tool? Did you know that you can also use it as your identity provider for other apps you make or buy?
For informal organizations like user groups and volunteer based conferences, Slack is perhaps already your communication hub. This means that the information you have about your users here is as good as you have anywhere. Access to private channels is often well managed as you don’t want random people in your limited conversations.
For many organizations, especially small ones, Slack may be the best option for authenticating your users on other applications. Unlike Google or other social identity providers, you can control who is a member of your Slack team, you can audit and confirm their profile information and you can restrict which channels they can access. The channel membership is a nice fit for application privileges, so you can say things like “this application can only be used by Slack users on the private channel #admin”
Slack implements Oauth2, which is a subset of OpenID Connect. This means that once you have the user’s access token, you have to make a Slack specific API call to get the user profile and other information, like their list of channels. So there is slightly more custom integration code than for full OpenID Connect providers.
For organization that already have a well established Slack team and no other identity manager in use (such as Active Directory), Slack may be your best source of trust for other applications. You can integrate with it using the standard Oauth2 protocol.
You can start your journey at my Boosterconf workshop in Bergen March 14th. https://2019.boosterconf.no/