Slack User Token
Description
General
- Documentation: https://api.slack.com
- Summary: Slack is a business communication platform. It offers chat rooms in the form of channels organized by topics as well as private groups and direct messaging. Users can create Slack applications to automate some actions in workspaces. Slack allows these applications to act directly on behalf of users in the communication channels by providing the applications with a user token after an OAuth2 authorization flow. This detector focuses on catching these Slack user tokens. GitGuardian also detects application keys.
- IPs allowlist: Slack's internal integrations support IPs allowlisting and will limit a token's usage to a given set of IP addresses if enforced. See allowlisting documentation for more details.
- Scopes: User tokens represent the same access a user has to a workspace: the channels, conversations, users, reactions, etc. they can see.
Revoke the secret
Tokens can be revoked using the auth.revoke
API route. It is one of the few credentials that has this "auto revoke" feature. See revocation documentation for more details.
Check for suspicious activity
Monitoring suspicious activity of a given token is not mentioned in Slack's documentation.
Details for Slackusertoken
Family: Api
Category: Messaging system
Company: Slack
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.2
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- xox[ps]-
Examples
- text: |
token = "xoxp-41684372915-1320496754-45609968301-e708ba56e1517a99f6b5fb07349476ef"
apikey: xoxp-41684372915-1320496754-45609968301-e708ba56e1517a99f6b5fb07349476ef
- text: |
slack_old_token = "xoxs-416843729158-132049654-5609968301-e708ba56e1"
apikey: xoxs-416843729158-132049654-5609968301-e708ba56e1
# Fat-fingered secrets
- text: Xxoxp-41684372915-1320496754-45609968301-e708ba56e1517a99f6b5fb07349476ef
apikey: xoxp-41684372915-1320496754-45609968301-e708ba56e1517a99f6b5fb07349476ef
- text: Xxoxs-416843729158-132049654-5609968301-e708ba56e1
apikey: xoxs-416843729158-132049654-5609968301-e708ba56e1