Skip to main content

Simplifying OAuth 2.0: How Slack’s New External Authentication Feature Boosts Developer Productivity

Nupur Goyal
Jun 27 - 5 min read

Written by Nupur Goyal and Scott Nyberg.

In our “Engineering Energizers” Q&A series, we examine the professional journeys that have shaped Salesforce Engineering leaders. Say hello to Nupur Goyal, Staff Software Engineer at Slack. Nupur’s core platform team at Slack helps developers increase their productivity and efficiency — empowering them to create cutting-edge applications that integrate with a myriad online tools in Slack’s Next Generation Platform.

Join us as we explore how Nupur and her team tackle engineering challenges to innovate the future of work — and the future of Slack.

How would you describe your team’s mission?

My team built External Authentication, a new Slack framework that enables developers to efficiently write functionality that intersects with powerful online services — including spreadsheets, bug tracking tools, and more.

Many of these services support programmatic interaction with their features through APIs, which are authenticated with user tokens.

Typically, developers had to learn the nuances of authentication protocols, such as OAuth 2.0, to obtain, store, and maintain the lifecycle of these access tokens. This is burdensome for developers as it detracts them from focusing on their core functionality.

In the spirit of making Slack as developer-friendly as possible and bringing in more functionality into Slack, my team built a managed authentication framework which facilitates and handles authentication for developers. Authentication is important to get right because at the core, it provides security, privacy, and access controls, all of which are extremely important to our customers. Intersecting that with the Slack product and the developer experience has been especially interesting.

What challenges do developers face when using OAuth 2.0?

Over the years, developers have shared with us the complexities they encounter when using OAuth 2.0. Some of their challenges include:

  • Setting up their own redirect endpoint to receive access tokens from providers that they want to connect with
  • Implementing the two-way handshake between their server and the provider
  • Storing access tokens
  • Maintaining token lifecycles, refreshing them as they expire
  • Managing the right level of security, privacy, and access controls

How does your team simplify the OAuth 2.0 authentication process for developers?

External Authentication simplifies OAuth 2.0 by driving the entire authentication workflow for developers. This includes:

  • Establishing a redirect endpoint
  • Obtaining and storing access tokens
  • Maintaining and refreshing token life cycles
  • Securely providing tokens to developers as-needed

External Authentication removes the burden of authentication for developers. As they receive their secure tokens, they can easily connect with external providers — reducing initial setup time from hours to seconds.

Slack’s new External Authentication feature provides managed authentication, performing the OAuth 2.0 exchange instead of applications.

How does your team approach engineering challenges, such as scope creep?

It is a matter of prioritizing. For example, if my team receives a new requirement in the middle of a project, we must determine what we will achieve by solving that requirement. Additionally, we would make it clear to the stakeholders and the program managers that there may be tradeoffs for picking up that requirement. This means we may need to either drop another requirement that we were tasked with or, alternatively, the project timeline could be delayed.

Sometimes we delay scope creep due to higher priorities. For example, we may learn that we need to adjust the architecture only after diving into the coding process. Luckily, these unexpected challenges are anticipated at the start of the project, when we perform cost estimations. So, if an issue arises, we already have the budget in place to tackle it.

Nupur explains what keeps her at Salesforce.

Can you share something surprising about your team?

We completed External Authentication — a highly complex project — with a pretty small and agile six or seven person team, composed of three backend engineers, one to two frontend engineers, a product manager and a designer. I wore many hats, serving as one of the three backend engineers and also the tech lead of the project, charged with ensuring we satisfied all requirements. Additionally, I wrote code and reviewed others’ code and managed interactions with our stakeholders.

My team was successful because we smartly structured and organized the project from the beginning. Then, as the project progressed, we constantly gathered feedback from stakeholders — ranging from upper management to other Salesforce teams and platforms that would utilize our framework — and incorporated that into our development process which helped keep the project running smoothly.

Nupur shares what makes Salesforce’s engineering culture unique.

How has mentorship impacted your time at Slack?

Our company provides great opportunities for engineers to receive mentorship in areas they want to grow in. For example, if you are a backend developer and you seek to learn from experienced members across the backend organization, you can join the Backend Mentorship Program. Similarly, there is a frontend program. These programs allow engineers to make connections that help advance their careers.

There are also initiatives such as the Elevate Sponsorship Program, which offers select engineers an exciting opportunity to meet senior engineering leaders and discuss engineering culture and career growth with them.

Personally, I have mentored and guided talented engineers, which has furthered their career growth. In one instance, I mentored someone on another internal team for a while. After getting to know her and her skillset, she mentioned that she was interested in exploring other opportunities within Slack. Consequently, I referred her to the hiring manager for an open role that matched her capabilities and interests. She landed the job and her career has really benefited.

Learn more

Related Articles

View all