Skip to content

feat: remove guard from "external-auth add-secret" command for non-hosted apps#586

Merged
zimeg merged 2 commits into
mainfrom
remove-rosi-limitation-add-secret
Jun 11, 2026
Merged

feat: remove guard from "external-auth add-secret" command for non-hosted apps#586
zimeg merged 2 commits into
mainfrom
remove-rosi-limitation-add-secret

Conversation

@zimeg

@zimeg zimeg commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Member

Changelog

The external-auth add-secret command is now available to all apps instead of just apps run on Slack-managed infrastructure.

Summary

This PR removes the ROSI guards from the external-auth add-secret command to unlock this option for configuring external auth providers outside of WFB.

Testing

Follow these setup steps without using the "--force" flag:

🔗 https://github.com/slack-samples/bolt-js-examples/tree/feat/mcp-client-examples/ai/mcp-client/external-auth

Notes

  • I'm unsure if other external-select commands are meaningful to ungate or if we should wait for feedback on a use case? Open to follow up however!
  • Will follow up with updating the linked doc above if this merges 📚

Requirements

@zimeg
feat(externalauth): remove ROSI limitation from add-secret command
38dbc6e 
The external-auth add-secret command no longer requires apps to be
deployed to Slack managed infrastructure. Any app in a valid project
directory can now use this command without the --force flag.
@codecov

codecov Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.63%. Comparing base (37b8a53) to head (a099985).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #586      +/-   ##
==========================================
- Coverage   71.68%   71.63%   -0.05%     
==========================================
  Files         226      226              
  Lines       19184    19176       -8     
==========================================
- Hits        13752    13737      -15     
- Misses       4221     4224       +3     
- Partials     1211     1215       +4

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@zimeg zimeg changed the title feat(externalauth): remove ROSI limitation from add-secret command feat: remove guard from "external-auth add-secret" command for non-hosted apps Jun 11, 2026
@zimeg zimeg self-assigned this Jun 11, 2026
@zimeg zimeg added enhancement M-T: A feature request for new functionality changelog Use on updates to be included in the release notes semver:minor Use on pull requests to describe the release version increment area:bolt-js Related to github.com/slackapi/bolt-js area:bolt-python Related to github.com/slackapi/bolt-python labels Jun 11, 2026
@zimeg zimeg added this to the Next Release milestone Jun 11, 2026
@zimeg zimeg marked this pull request as ready for review June 11, 2026 19:02
@zimeg zimeg requested a review from a team as a code owner June 11, 2026 19:02
mwbrooks
mwbrooks approved these changes Jun 11, 2026
View reviewed changes

@mwbrooks mwbrooks left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Absolutely love this PR! It's continuing to expand the CLI beyond ROSI.

🖊️ You asked whether this is meaningful to ungate. I think it is. Platform hasn't actively prevented external auth from non-ROSI apps and continues to invest into that surface. We should feel comfortable enabling more developers to use it.

Comment thread cmd/externalauth/add_secret.go
// preRunAddClientSecretCommand determines if the command is supported for a
// project and configures flags
func preRunAddClientSecretCommand(ctx context.Context, clients *shared.ClientFactory, cmd *cobra.Command) error {
// preRunAddClientSecretCommand configures flags and validates the project directory

@mwbrooks mwbrooks Jun 11, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

praise: Renaming the doc comment from "determines if the command is supported for a project" to "configures flags and validates the project directory" matches what the function actually does post-ungate. Tight follow-through. 🤾🏻 💥

@zimeg

zimeg commented Jun 11, 2026

Copy link
Copy Markdown
Member Author

@mwbrooks Praises back to the kind review 🎁 I'll keep this PR scoped to this command but will keep watch for when other external-auth commands become meaningful! I'd like to ungate those alongside a documented recommendation for getting started 📚 ✨

@zimeg zimeg merged commit 6dc5f98 into main Jun 11, 2026
10 checks passed
@zimeg zimeg deleted the remove-rosi-limitation-add-secret branch June 11, 2026 20:31
zimeg added a commit to slack-samples/bolt-js-examples that referenced this pull request Jun 11, 2026
@zimeg
docs: remove force flag requirement from external-auth add-secret
808619a 
slackapi/slack-cli#586
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mwbrooks mwbrooks mwbrooks approved these changes

Assignees

@zimeg zimeg

Labels

area:bolt-js Related to github.com/slackapi/bolt-js area:bolt-python Related to github.com/slackapi/bolt-python changelog Use on updates to be included in the release notes enhancement M-T: A feature request for new functionality semver:minor Use on pull requests to describe the release version increment

Projects

None yet

Milestone

Next Release

Development

Successfully merging this pull request may close these issues.

2 participants

@zimeg @mwbrooks