Integrations
Settings → Integrations (/admin/settings/integrations) is where third-party integrations for your Capacitor server live. Slack is the only integration today; the page is built to hold more as they show up.
Slack link previews
Section titled “Slack link previews”Slack link previews are optional. When configured, a session URL pasted into Slack expands into a card showing the repo, summary, owner, and (for private sessions) a lock placeholder.
The Integrations page shows one of two states:
- Not configured — “Not configured. Set up a Slack app for this tenant so links to Kurrent Capacitor sessions unfurl in Slack channels.” with a Set up Slack… button that opens the dedicated wizard at
/admin/slack. - Connected — ”@{BotName} in workspace {Workspace}” with a Reconfigure button, also pointing at
/admin/slack. If the origin the app was set up with no longer matches the server’s current origin, a warning banner appears here too — see Reverse proxy considerations below.
The wizard itself isn’t part of the generic settings form — it’s a focused, three-step flow at /admin/slack, described next.
The three steps
Section titled “The three steps”The wizard is three steps and about 90 seconds end-to-end.
1. Create a Slack app from a server-specific manifest
Section titled “1. Create a Slack app from a server-specific manifest”The wizard generates a pre-filled Slack app manifest scoped to your Capacitor server — request URLs, event subscriptions, slash commands, scopes. It deep-links into Slack’s “Create app from manifest” flow. You pick your workspace and Slack creates the app.
The manifest’s request URLs point back at your server origin. Behind a reverse proxy this matters; see Reverse proxy considerations below.
After Slack creates the app you’ll land on its Basic Information page. Open OAuth & Permissions in the left sidebar and click “Install to <Workspace>” — the manifest declares the bot user and the links:read / links:write scopes, but Slack still requires you to confirm the install before issuing the bot token. Without this step the Bot User OAuth Token doesn’t exist yet and Step 2 has nothing to paste.
2. Paste tokens back
Section titled “2. Paste tokens back”Once the app is installed, the wizard asks for two values:
- Signing Secret — on the Basic Information page under App Credentials. Used to verify HMAC-SHA256 signatures on inbound Slack requests.
- Bot User OAuth Token (
xoxb-…) — on the OAuth & Permissions page, visible only after the install step above. Used to callchat.unfurlandauth.test.
The wizard validates the bot token by calling Slack’s auth.test immediately. If the call fails (wrong workspace, revoked token), you get a clear error and nothing is persisted.
Both values are stored encrypted at rest in the same server_settings table as other admin settings.
3. Live unfurl verification (optional)
Section titled “3. Live unfurl verification (optional)”The wizard offers to poll the slack_inbound_events ledger so you can paste a session URL in any Slack channel and watch the wizard confirm the link_shared event arrived. If it doesn’t arrive within ~30 seconds, the wizard points you at the most likely cause (event subscription not approved in Slack, signing secret mismatch, origin mismatch).
This step is optional. Skip it if you’re confident; come back later.
Reverse proxy considerations
Section titled “Reverse proxy considerations”The wizard needs to know the server’s public origin to fill into the manifest. Resolution priority:
Slack:PublicOriginconfig (encrypted, set via the wizard or appsettings)- Caller hint (the wizard passes
NavigationManager.BaseUrifrom the Razor page) Request.Hostfrom the inbound HTTP request
Behind a reverse proxy (Cloudflare, Nginx, anything that rewrites Host), set Slack:PublicOrigin explicitly. The resolver deliberately does not read the raw X-Forwarded-Host header — the project’s UseForwardedHeaders only enables XForwardedFor and XForwardedProto, so reading the host header would let a spoofed value poison the persisted manifest origin. Setting Slack:PublicOrigin to your real public URL avoids the trap entirely.
A drift warning appears on the Integrations page if Slack:ManifestOrigin (the origin baked into the manifest at creation time) no longer matches the currently resolved origin. Slack apps don’t break immediately when the origin changes, but link_shared events will start failing — re-run the wizard after a domain change.
What the integration uses Slack for
Section titled “What the integration uses Slack for”Read-only. Capacitor calls chat.unfurl in response to link_shared events. No messages are posted, no channels are joined, no commands are run.
Private sessions show a lock placeholder card with the repo name and “Session is private”. Org-public and public sessions render the full card.
Disabling
Section titled “Disabling”Two ways:
- Clear
Slack:BotToken(orSlack:SigningSecret) in the settings page. Once either secret is empty, the Slack event handler short-circuits inbound requests as 200 OK with no work. - Uninstall the Slack app from your workspace via Slack’s app directory. The server continues to hold the tokens but Slack will stop sending events to them.
Related
Section titled “Related”- Administration — the wider settings page this section lives alongside, and how reloads work.
- Visibility & sharing — what controls whether a session’s Slack preview is the full card or the lock placeholder.