Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Slack: drop Socket Mode events with mismatched api_app_id #889

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
roshanasingh4 wants to merge 1 commit into from
Closed

Slack: drop Socket Mode events with mismatched api_app_id #889

roshanasingh4 wants to merge 1 commit into from

Conversation

@roshanasingh4
Copy link
Contributor

@roshanasingh4 roshanasingh4 commented Jan 14, 2026

Fixes a failure mode where a gateway can process Slack Socket Mode events that belong to a different Slack app (same workspace), if tokens are ever mismatched.

What changed

  • Capture bot token identity via auth.test (team_id + api_app_id).
  • Drop inbound events when the Socket Mode envelope body.api_app_id or body.team_id does not match.
  • Emit a clear error when the bot token api_app_id disagrees with the app token's embedded app id (xapp-…-Axxxx-…).

Tests

  • Added a unit test to ensure mismatched events are dropped.

Refs: #828

@roshanasingh4 roshanasingh4 mentioned this pull request Jan 14, 2026
Closed
@roshanasingh4 roshanasingh4 force-pushed the fix/slack-api-app-id-filter branch from 9f10b55 to c706717 Compare January 14, 2026 04:52
@steipete steipete self-assigned this Jan 14, 2026
steipete added a commit that referenced this pull request Jan 14, 2026
@steipete @roshanasingh4
fix(slack): drop mismatched Socket Mode events (#889)
dadef27 
Filter Slack Socket Mode events by api_app_id/team_id.
Refs: #828
Contributor: @roshanasingh4

Co-authored-by: Roshan Singh <[email protected]>
@steipete
Copy link
Contributor

steipete commented Jan 14, 2026

Landed on main as dadef27 (squash, rebased on latest main).

  • Filters Slack Socket Mode events by api_app_id/team_id to avoid cross-app processing.
  • Fixup: message event handler refactor bug (use event consistently).
  • Changelog updated.
  • Verified: pnpm lint + pnpm build + pnpm test.

Original PR tip: c706717.

Thanks @roshanasingh4!

@steipete steipete closed this Jan 14, 2026
steipete added a commit to mneves75/clawdbot that referenced this pull request Jan 15, 2026
@steipete @roshanasingh4
fix(slack): drop mismatched Socket Mode events (openclaw#889)
59238a1 
Filter Slack Socket Mode events by api_app_id/team_id.
Refs: clawdbot#828
Contributor: @roshanasingh4

Co-authored-by: Roshan Singh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@steipete steipete

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@roshanasingh4 @steipete