- Bot token scopes:
users.profile:read(NOTE: if no bot token scopes are requested, Slack returns an empty access-token. Passport-oauth2 thinks this is an error and aborts the authorization. The user token is still returned within the result object, so authorization could go on. Therefore one bot token scope is mandatory, or passport-oauth2 would need to be tweaked a bit. - User token scopes
chat:writechannels:readchannels:write