Hello Slack Developer Community,
We have an integration pending approval in the Slack app directory that customers are already using. We've recently discovered that we have requested additional scopes from our users that are unnecessary for the functionality of our integration.
We're planning to remove these additional scopes from the bot configuration. However, we're unsure of the potential repercussions this might have on the existing tokens. Specifically, will this action invalidate our existing tokens, and would it necessitate our customers to re-authenticate our integration?
Any guidance or shared experiences would be greatly appreciated. Thank you!
Regards,
Aaron
Hello Nash,
This is a great question!
If your app has been approved with scopes 'A B C' on a workspace and you remove scope 'C', then your app will still be approved on the workspace. You would need to manually revoke users' tokens for them to be invalidated. It's also up to you to prompt the user to install with the updated permissions. The current tokens will still have access to 'A B C'.
You can learn more about revoking tokens here: https://api.slack.com/methods/auth.revoke
