惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
L
Lohrmann on Cybersecurity
aimingoo的专栏
aimingoo的专栏
V
V2EX
S
Security Affairs
T
Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
J
Java Code Geeks
The Register - Security
The Register - Security
U
Unit 42
C
CERT Recently Published Vulnerability Notes
月光博客
月光博客
A
About on SuperTechFans
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
Project Zero
Project Zero
S
Schneier on Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
DataBreaches.Net
博客园 - 司徒正美
V
Vulnerabilities – Threatpost
T
Tor Project blog
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
小众软件
小众软件
L
LangChain Blog
Attack and Defense Labs
Attack and Defense Labs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
P
Palo Alto Networks Blog
A
Arctic Wolf
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
MongoDB | Blog
MongoDB | Blog
Webroot Blog
Webroot Blog
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
Engineering at Meta
Engineering at Meta

Chat SDK Documentation

Teams Low-Level APIs | Chat SDK CLI | Chat SDK Platform Adapters | Chat SDK State Adapters | Chat SDK Cards | Chat SDK Getting Started | Chat SDK Introduction | Chat SDK Modals | Chat SDK Slack Low-Level APIs | Chat SDK Streaming | Chat SDK Testing | Chat SDK Overview | Chat SDK toAiMessages | Chat SDK Cards | Chat SDK Overview | Chat SDK Markdown | Chat SDK Modals | Chat SDK AI SDK Tools | Chat SDK Types | Chat SDK Message Subject | Chat SDK Conversation History | Chat SDK Transcripts | Chat SDK Slack bot with Next.js and Redis Actions | Chat SDK Direct Messages | Chat SDK Emoji | Chat SDK Error Handling | Chat SDK File Uploads | Chat SDK Handling Events | Chat SDK Posting Messages | Chat SDK Slash Commands | Chat SDK State Adapters | Chat SDK Threads, Messages, and Channels | Chat SDK Creating a Chat Instance | Chat SDK WhatsApp Business Cloud Channel | Chat SDK Chat | Chat SDK Platform Adapters | Chat SDK Overlapping Messages | Chat SDK Ephemeral Messages | Chat SDK Message | Chat SDK Thread | Chat SDK Building a community adapter | Chat SDK Documenting your adapter | Chat SDK Publishing your adapter | Chat SDK Testing adapters | Chat SDK Code review GitHub bot with Hono and Redis Discord support bot with Nuxt and Redis Durable chat sessions with Next.js, Workflow, and Redis Schedule Slack posts with Next.js, Workflow, and Neon PostableMessage | Chat SDK
Vercel Connect | Chat SDK
Vercel · 2026-07-06 · via Chat SDK Documentation

Authenticate Slack, GitHub, and Linear adapters with Vercel Connect — short-lived runtime tokens for outbound calls and OIDC-verified inbound webhooks, with no stored provider secrets.

Vercel Connect lets your bot use a registered connector for adapter authentication instead of storing long-lived provider secrets. You register a connector once, link it to your project and environments, and your code requests scoped, short-lived tokens at runtime.

The @vercel/connect/chat subpath ships a helper per platform that you spread into the matching create*Adapter factory:

  • connectSlackAdapter
  • connectGitHubAdapter
  • connectLinearAdapter

Each helper wires both directions of traffic:

  • Outbound (your bot calls the provider API) — a function-form token field that resolves a fresh, short-lived token per call via getToken.
  • Inbound (the provider calls your bot) — a webhookVerifier that validates the Vercel OIDC token Connect attaches to trigger-forwarded webhooks, replacing the provider's native signature check.

Vercel Connect is in beta. Features and behavior, including available connectors and trigger forwarding, may change before general availability.

@vercel/connect reads the deployment's OIDC token automatically. For local development, run vercel link followed by vercel env pull to download a short-lived token into .env.local.

AdapterHelperOutbound field
SlackconnectSlackAdapterbotToken
GitHubconnectGitHubAdapterinstallationToken
LinearconnectLinearAdapteraccessToken

Each helper accepts (connector, params?, options?), where params is the getToken parameters minus subject (pinned to { type: "app" }), letting you pass through installationId, scopes, or validityBufferMs.

  1. Create a connector for the provider in the Vercel dashboard or with the CLI, enabling trigger forwarding so inbound webhooks reach your project:
vercel connect create slack --name acme-slack --triggers
  1. Attach your project and register your Chat SDK webhook route (/api/webhooks/{platform}) as the trigger destination:
vercel connect attach slack/acme-slack \
  --project my-bot --environment production \
  --triggers --trigger-path /api/webhooks/slack
  1. Pull a development token locally (deployments get VERCEL_OIDC_TOKEN automatically):
vercel link
vercel env pull

Spread the helper into the adapter factory. The webhook route is unchanged — Connect forwards verified events to the same handler.

import { Chat } from "chat";
import { createSlackAdapter } from "@chat-adapter/slack";
import { createRedisState } from "@chat-adapter/state-redis";
import { connectSlackAdapter } from "@vercel/connect/chat";

export const bot = new Chat({
  userName: "mybot",
  adapters: {
    slack: createSlackAdapter({
      ...connectSlackAdapter("slack/acme-slack"),
    }),
  },
  state: createRedisState(),
});

Replace slack/acme-slack with your connector UID from the Connect dashboard or vercel connect list. Omit signingSecret / SLACK_SIGNING_SECRET when using the helper — the OIDC webhookVerifier is the freshness boundary.

GitHub

import { createGitHubAdapter } from "@chat-adapter/github";
import { connectGitHubAdapter } from "@vercel/connect/chat";

createGitHubAdapter({
  ...connectGitHubAdapter("github/acme-github"),
  userName: "my-bot[bot]",
});

installationToken is the installation access token a GitHub App would normally mint via its private-key JWT exchange — the adapter uses it directly and skips that exchange.

Linear

import { createLinearAdapter } from "@chat-adapter/linear";
import { connectLinearAdapter } from "@vercel/connect/chat";

createLinearAdapter({
  ...connectLinearAdapter("linear/acme-linear"),
  mode: "agent-sessions",
});

Use mode: "agent-sessions" for app-actor installs. For outbound calls outside webhook handling (cron jobs, workflows), wrap them in withInstallation() so a request-scoped client is bound:

await linear.withInstallation("org-id", async () => {
  await linear.postMessage("linear:issue-id", "Hello from a background job");
});

Each helper attaches a default verifier that matches the deployment's project and environment automatically (projectId defaults to VERCEL_PROJECT_ID, environment to VERCEL_TARGET_ENV then VERCEL_ENV), so production, preview, and development each accept only their own tokens. Verification fails closed — if those values are absent, every request is rejected, and the issuer is pinned to https://oidc.vercel.com.

To add constraints (for example to accept multiple environments), build a verifier with createConnectWebhookVerifier and override the field:

import {
  connectSlackAdapter,
  createConnectWebhookVerifier,
} from "@vercel/connect/chat";

createSlackAdapter({
  ...connectSlackAdapter("slack/acme-slack"),
  webhookVerifier: createConnectWebhookVerifier({
    environment: ["production", "preview"],
  }),
});

Avoid hardcoding environment: "production" unless you only forward to production — it would reject preview and development deployments.

  • App-scoped tokens. The helpers act as the application itself (subject: { type: "app" }). End-user OAuth is a separate concern.
  • Freshness and replay. OIDC verification replaces each provider's native signature (and timestamp) check, so request freshness relies on the short-lived OIDC token's expiry rather than a signed timestamp, and there is no built-in delivery de-duplication. Keep your webhook handlers idempotent.
  • Socket Mode is incompatible. Connect trigger forwarding is HTTP-only; it doesn't apply to the Slack adapter's Socket Mode.
  • Testing. Connect forwards to deployed URLs, not localhost — test against a preview or development deployment.