How can we add more scopes/permissions for a user when he signs into slack using Sign in to Slack button. I have added the scopes in the Outh permissions/scopes on my Slack App.it works for the primary owner but not for other users. I have a similar question here. I think I figured out the that I have to add permissions but cannot figure out how. I tried adding it to the initial oauth flow of the sign in with Slack button but it says that I am not allowed to use other scopes with identity.basic.

  <div class="form-group">
                <div class="col-md-offset-2 col-md-10">
                    <a href="https://slack.com/oauth/authorize?scope=identity.basic,identity.email,identity.team,identity.avatar&client_id=373568302675.374024189699">
                        <img alt="Sign in with Slack" height="40" width="172" src="https://platform.slack-edge.com/img/sign_in_with_slack.png"
                             srcset="https://platform.slack-edge.com/img/sign_in_with_slack.png 1x, https://platform.slack-edge.com/img/sign_in_with_slack@2x.png 2x" />
                    </a>
                </div>
            </div>

Can someone tell me exactly where should I add the permissions for users who are not primary owners?

I made another button on the cshtml as follows:

<input type="button" value="Authenticate again to send Message" class="btn btn-warning" onclick="location.href = 'https://slack.com/oauth/authorize?scope=incoming-webhook,im:write,chat:write:user&client_id=373568302675.374024189699'"/>

And then on click it is leading to the same function as Sign in with Slack which is as follows:

public SlackAuthToken GetAccessToken(ProgramParameter startParam, string clientId, string clientSecret, string code)
        {
            using (var client = new WebClient())
            {
                string apiUrl = GetApiUrl(startParam);
                string url = apiUrl + "/oauth.access?client_id=" + clientId + "&client_secret=" + clientSecret + "&code=" + code;
                var response = client.DownloadString(url);

                SlackAuthToken slackTest = JsonConvert.DeserializeObject<SlackAuthToken>(response);
                string accessToken = slackTest.AccessToken;
                string urlUserIdentity = "https://slack.com/api/users.identity?token=" + accessToken;
                var responseUser = client.DownloadString(urlUserIdentity);
                SlackAuthToken slack = JsonConvert.DeserializeObject<SlackAuthToken>(responseUser);
                return slackTest;
            }

        }

You have to change the scope parameter in the URL. You can't use identity.* scope in combinations with other ones, try identify instead.

identity.* are meant for auth only, not to install apps/bots/commands.

The "Sign-in with Slack" feature is not meant to give users permissions on Slack, but to authenticate existing Slack users on a 3rd party website.

If you want to access Slack API methods from your website, you need to do that through a Slack app that is installed once by an admin and will give you an access token with permissions as defined and requested by the the Slack app. But that is usually not meant to work on-behalf of a user, but as it own entity, namely a Slack app.

See also this answer to better understand the difference between "Sign-in with Slack" and "Add to Slack".

If you really want your website to be able to act (e.g. post Slack messages) on behalf of multiple users than this is what you need to do:

1. Each of your users need to install your Slack app once using "Add to Slack" Oauth process and with all needed permissions. This is called "configurations" in Slack.

2. You app needs to collect and store the access token received from each installation

3. Then your website can use "Sign-in with Slack" to identify a user and assuming a "configuration" has been created use the matching access token (from #2) for each subsequent API call for that user (e.g. to send a message on his behalf)