In this article
March 31, 2025
March 31, 2025

How to build Login with Slack using Node and WorkOS

Step-by-step tutorial that walks you through the necessary steps to add Login with Slack to your app using Node and WorkOS.

Slack is already a go-to for many teams and businesses, so why not make it easier for users to log into your app with their existing Slack credentials? It cuts out the need for new accounts and passwords, while taking advantage of Slack’s strong security.

In this tutorial, we will go through all the steps required to add the Login with Slack functionality to your app using Node as the language and WorkOS with AuthKit.

While going through this tutorial, remember that some things might get outdated as products evolve. Dashboards change, and new SDK versions are released every week. If while you follow this tutorial, something is not working for you, please refer to these docs for the most up-to-date guidance:

Prerequisites

To follow this tutorial, you will need the following:

Step 1: Install the SDK

Install the WorkOS Node SDK to your app.

  • Using npm: npm install @workos-inc/node
  • Using yarn: yarn add @workos-inc/node
  • Using pnpm: pnpm add @workos-inc/node

Step 2: Set secrets

To make calls to WorkOS, you must authenticate using the WorkOS API key and client ID. Copy these values from the WorkOS dashboard.

Store the values as managed secrets and pass them to the SDK as environment variables:

Environment variables example:

	
WORKOS_API_KEY='sk_example_123456789'
WORKOS_CLIENT_ID='client_123456789'
	

!!For more information on safely handling secrets, see Best practices for secrets management.!!

Step 3: Configure the Slack connection

Get the Redirect URI

WorkOS provides the Redirect URI, a whitelisted callback URL. This URL will tell Slack where to redirect a user after they successfully authenticate with the Slack service. You need to get this URL from the WorkOS dashboard and provide it to Slack.

  1. Go to the WorkOS dashboard and select Authentication on the navigation bar on the left-hand side.
  2. Scroll down to the Slack OAuth section and click Enable.
  3. In the modal, you’ll see the Redirect URI as well as the fields you’ll populate later with information from Slack. Copy this URI. We will use it as part of the registration process in Slack.

Configure the Slack OAuth app

To configure the connection on Slack side, follow these steps:

  1. Go to the Slack App management page.
  2. If you don’t already have a Slack App, click Create New App, provide a name, and choose the development workspace where you’ll test. Once created, open your new Slack App to configure it.
  3. In your Slack App’s settings, go to OAuth & Permissions on the left-hand sidebar.
  4. Under Redirect URLs, add the Redirect URI from the WorkOS Dashboard.
  5. Click Save URLs to confirm.
  6. Still in your Slack App’s settings, find your Client ID and Client Secret. Copy both values, as you’ll need to add them to WorkOS in the next step.

For more detailed steps and screenshots, follow the Slack OAuth integration guide.

Provide the client credentials to WorkOS

  1. Go back to the Authentication section in the WorkOS dashboard and click on Enable under Slack OAuth.
  2. Toggle Enabled on and provide the client credentials from Slack that you generated in the previous step.
  3. Finally, click Save.

Step 4: Configure a redirect URI

In this step, we will configure your application’s redirect URI (which is different from the one we used before).

A redirect URI is an endpoint of your app where the users will be redirected after they sign in. We’ll create this endpoint in a bit. For now,, we need to add the URI to the Redirects section of the WorkOS dashboard.

While wildcards in your URIs can be used in the staging environment, they and query parameters cannot be used in production. When users sign out of their application, they will be redirected to your app’s homepage, which is configured in the same dashboard area.

If you already have an app set up with AuthKit you don’t need to do anything more. Next time your users log in they will see the option to use Slack for authentication. If you don’t have an app follow the next steps to create one.

Step 5: Set up the frontend

We are ready to start adding code. In this tutorial, we will use React to create a simple page with a login link. For brevity we will not talk about logout but if you want to know how to do that see the docs.

Create a new React app if you don’t have one already, and add the following code to your App.js:

	
export default function App() {
  return (
    <div className="App">
      <h1>AuthKit example</h1>
      <p>This is an example of how to use AuthKit with a React frontend.</p>
      <p>
        <a href="/login">Sign in</a>
      </p>
    </div>
  );
}
	

Step 6: Set up the backend

First, we’ll need to direct users to sign in (or sign up) using AuthKit before redirecting them back to your application. We’ll do this by generating an AuthKit authorization URL server side and redirecting the user to it.

For this guide we’ll be using the express web server for Node.

Add the following code to server.js:

	
const express = require('express');
const { WorkOS } = require('@workos-inc/node');

const app = express();
const workos = new WorkOS(process.env.WORKOS_API_KEY, {
  clientId: process.env.WORKOS_CLIENT_ID,
});

app.get('/login', (req, res) => {
  const authorizationUrl = workos.userManagement.getAuthorizationUrl({
    // Specify that we'd like AuthKit to handle the authentication flow
    provider: 'authkit',

    // The callback endpoint that WorkOS will redirect to after a user authenticates
    redirectUri: 'http://your-app.com/callback',
    clientId: process.env.WORKOS_CLIENT_ID,
  });

  // Redirect the user to the AuthKit sign-in page
  res.redirect(authorizationUrl);
});
	

After the user authenticates, WorkOS generates a string (the authorization code), adds it to the Redirect URI, and redirects the user there. The URL looks like this:

	
https://your-app.com/callback?code=g0FGFmNjVmOWIkTGf2PLk4FTYyFGU5
	

The app needs to extract that code and make another call to exchange it for a token and user profile information.

To extract the code from the URL and do the exchange, add the following code to server.js:

	
const express = require('express');
const { WorkOS } = require('@workos-inc/node');

const app = express();

const workos = new WorkOS(process.env.WORKOS_API_KEY, {
  clientId: process.env.WORKOS_CLIENT_ID,
});

app.get('/callback', async (req, res) => {
  // The authorization code returned by AuthKit
  const code = req.query.code;

  if (!code) {
    return res.status(400).send('No code provided');
  }

  const { user } = await workos.userManagement.authenticateWithCode({
    code,
    clientId: process.env.WORKOS_CLIENT_ID,
  });

  // Use the information in `user` for further business logic.

  // Redirect the user to the homepage
  return res.redirect('/');
});
	

The user has now successfully logged in with Slack. This is what the response looks like:

	
{
  "user": {
    "object": "user",
    "id": "user_01E4ZCR3C56J083X43JQXF3JK5",
    "email": "marcelina.davis@example.com",
    "first_name": "Marcelina",
    "last_name": "Davis",
    "email_verified": true,
    "profile_picture_url": "https://workoscdn.com/images/v1/123abc",
    "created_at": "2021-06-25T19:07:33.155Z",
    "updated_at": "2021-06-25T19:07:33.155Z"
  },
  "organization_id": "org_01H945H0YD4F97JN9MATX7BYAG",
  "access_token": "eyJhb.nNzb19vaWRjX2tleV9.lc5Uk4yWVk5In0",
  "refresh_token": "yAjhKk123NLIjdrBdGZPf8pLIDvK"
}
	

The user object can be used for further business logic like personalizing the UI for the user.

The response also includes an access token and a refresh token. These two tokens can be used to manage the user’s session without asking them to authenticate constantly. The access token is short-lived and allows an application to access resources on a user’s behalf, while the refresh token, which lives a bit longer, can be used to get a new access token when that expires.

Both tokens should be handled and stored securely since if an attacker obtains a user's token, they can impersonate the user and gain unauthorized access to protected resources. WorkOS SDKs use sealed sessions (i.e., sessions encrypted with a strong password) to keep tokens safe. For more information, see Handle the user session.

Next steps

You have now successfully added Log in with Slack functionality to your app. This is just the first step in your identity management journey. The next steps are handling the user’s session, implementing logout, adding SAML SSO, implementing access control, provisioning users automatically, handling failed authentication events, and more. Check our blog for tutorials on all of these areas.

Here are some more resources you might find useful:

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.