[wp-meta] [Making WordPress.org] #8120: Slack Apps: Switch from Token verification to Signed Request validation
Making WordPress.org
noreply at wordpress.org
Fri Oct 31 00:39:06 UTC 2025
#8120: Slack Apps: Switch from Token verification to Signed Request validation
------------------------------------------------+--------------------
Reporter: dd32 | Owner: (none)
Type: enhancement | Status: new
Priority: low | Milestone:
Component: Communication (Matrix, Slack, IRC) | Keywords:
------------------------------------------------+--------------------
Slack has deprecated the Token validation for it's API / apps and added
signature validation methods:
https://docs.slack.dev/authentication/verifying-requests-from-slack/
At the time of our slack integrations, signed requests weren't available,
and so we're still using the token verification process.
It appears the slack signing uses hmac + sha256.
We should update this, as Slack may remove this functionality in the
future, and signature validation is more secure all round.
This is a hardening issue, not a security vulnerability.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/8120>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list