Optional OAuth Scopes Now Available

Slack has introduced optional OAuth scopes, allowing developers to configure which permissions users must grant versus which are optional during app installation. This gives end users more granular control over data access while removing barriers to app adoption.

Key Changes

App Configuration & Manifest Support

• Developers can mark scopes as optional via the app settings page or by using new bot_optional and user_optional fields in the app manifest
• Supported under oauth_config.scopes section in app manifest configuration

Improved OAuth Flow

• Optional scopes now appear separately during the installation process
• Users can selectively grant only the permissions they're comfortable with
• No longer forced to approve non-critical permissions to complete installation

Admin Controls

• Workspace administrators can pre-approve which optional scopes are available to their users when approving apps
• Provides centralized permission governance without blocking app adoption

Why It Matters

By marking non-critical scopes as optional, developers can improve installation completion rates while respecting user privacy preferences. Apps that previously required ancillary permissions for secondary features can now offer those features conditionally. This aligns with principle of least privilege and modern consent-based access patterns.

See the Installing with OAuth documentation for implementation details and best practices.