惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Exploit Database - CXSecurity.com
V
Vulnerabilities – Threatpost
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
Webroot Blog
Webroot Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
TaoSecurity Blog
TaoSecurity Blog
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
N
News | PayPal Newsroom
S
Security Affairs
T
Tor Project blog
P
Proofpoint News Feed
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security @ Cisco Blogs
H
Heimdal Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Help Net Security
Help Net Security
U
Unit 42
云风的 BLOG
云风的 BLOG
The Hacker News
The Hacker News
Cisco Talos Blog
Cisco Talos Blog
量子位
F
Full Disclosure
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
有赞技术团队
有赞技术团队
T
Troy Hunt's Blog
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
人人都是产品经理
人人都是产品经理
L
Lohrmann on Cybersecurity
Apple Machine Learning Research
Apple Machine Learning Research
Microsoft Security Blog
Microsoft Security Blog
博客园 - Franky
腾讯CDC
AI
AI
Last Week in AI
Last Week in AI
Latest news
Latest news
Google Online Security Blog
Google Online Security Blog
N
Netflix TechBlog - Medium
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
IT之家
IT之家
Martin Fowler
Martin Fowler
Blog — PlanetScale
Blog — PlanetScale
V2EX - 技术
V2EX - 技术
酷 壳 – CoolShell
酷 壳 – CoolShell

Chat SDK Documentation

Teams Low-Level APIs | Chat SDK CLI | Chat SDK Platform Adapters | Chat SDK State Adapters | Chat SDK Cards | Chat SDK Getting Started | Chat SDK Introduction | Chat SDK Modals | Chat SDK Slack Low-Level APIs | Chat SDK Streaming | Chat SDK Testing | Chat SDK Overview | Chat SDK toAiMessages | Chat SDK Cards | Chat SDK Overview | Chat SDK Markdown | Chat SDK Modals | Chat SDK AI SDK Tools | Chat SDK Types | Chat SDK Message Subject | Chat SDK Conversation History | Chat SDK Transcripts | Chat SDK Slack bot with Next.js and Redis Actions | Chat SDK Direct Messages | Chat SDK Emoji | Chat SDK Error Handling | Chat SDK File Uploads | Chat SDK Handling Events | Chat SDK Posting Messages | Chat SDK Slash Commands | Chat SDK State Adapters | Chat SDK Threads, Messages, and Channels | Chat SDK Creating a Chat Instance | Chat SDK WhatsApp Business Cloud Channel | Chat SDK Chat | Chat SDK Platform Adapters | Chat SDK Overlapping Messages | Chat SDK Ephemeral Messages | Chat SDK Message | Chat SDK Thread | Chat SDK Building a community adapter | Chat SDK Documenting your adapter | Chat SDK Publishing your adapter | Chat SDK Testing adapters | Chat SDK Code review GitHub bot with Hono and Redis Discord support bot with Nuxt and Redis Durable chat sessions with Next.js, Workflow, and Redis Schedule Slack posts with Next.js, Workflow, and Neon PostableMessage | Chat SDK
Vercel Connect | Chat SDK
Vercel · 2026-07-06 · via Chat SDK Documentation

Authenticate Slack, GitHub, and Linear adapters with Vercel Connect — short-lived runtime tokens for outbound calls and OIDC-verified inbound webhooks, with no stored provider secrets.

Vercel Connect lets your bot use a registered connector for adapter authentication instead of storing long-lived provider secrets. You register a connector once, link it to your project and environments, and your code requests scoped, short-lived tokens at runtime.

The @vercel/connect/chat subpath ships a helper per platform that you spread into the matching create*Adapter factory:

  • connectSlackAdapter
  • connectGitHubAdapter
  • connectLinearAdapter

Each helper wires both directions of traffic:

  • Outbound (your bot calls the provider API) — a function-form token field that resolves a fresh, short-lived token per call via getToken.
  • Inbound (the provider calls your bot) — a webhookVerifier that validates the Vercel OIDC token Connect attaches to trigger-forwarded webhooks, replacing the provider's native signature check.

Vercel Connect is in beta. Features and behavior, including available connectors and trigger forwarding, may change before general availability.

@vercel/connect reads the deployment's OIDC token automatically. For local development, run vercel link followed by vercel env pull to download a short-lived token into .env.local.

AdapterHelperOutbound field
SlackconnectSlackAdapterbotToken
GitHubconnectGitHubAdapterinstallationToken
LinearconnectLinearAdapteraccessToken

Each helper accepts (connector, params?, options?), where params is the getToken parameters minus subject (pinned to { type: "app" }), letting you pass through installationId, scopes, or validityBufferMs.

  1. Create a connector for the provider in the Vercel dashboard or with the CLI, enabling trigger forwarding so inbound webhooks reach your project:
vercel connect create slack --name acme-slack --triggers
  1. Attach your project and register your Chat SDK webhook route (/api/webhooks/{platform}) as the trigger destination:
vercel connect attach slack/acme-slack \
  --project my-bot --environment production \
  --triggers --trigger-path /api/webhooks/slack
  1. Pull a development token locally (deployments get VERCEL_OIDC_TOKEN automatically):
vercel link
vercel env pull

Spread the helper into the adapter factory. The webhook route is unchanged — Connect forwards verified events to the same handler.

import { Chat } from "chat";
import { createSlackAdapter } from "@chat-adapter/slack";
import { createRedisState } from "@chat-adapter/state-redis";
import { connectSlackAdapter } from "@vercel/connect/chat";

export const bot = new Chat({
  userName: "mybot",
  adapters: {
    slack: createSlackAdapter({
      ...connectSlackAdapter("slack/acme-slack"),
    }),
  },
  state: createRedisState(),
});

Replace slack/acme-slack with your connector UID from the Connect dashboard or vercel connect list. Omit signingSecret / SLACK_SIGNING_SECRET when using the helper — the OIDC webhookVerifier is the freshness boundary.

GitHub

import { createGitHubAdapter } from "@chat-adapter/github";
import { connectGitHubAdapter } from "@vercel/connect/chat";

createGitHubAdapter({
  ...connectGitHubAdapter("github/acme-github"),
  userName: "my-bot[bot]",
});

installationToken is the installation access token a GitHub App would normally mint via its private-key JWT exchange — the adapter uses it directly and skips that exchange.

Linear

import { createLinearAdapter } from "@chat-adapter/linear";
import { connectLinearAdapter } from "@vercel/connect/chat";

createLinearAdapter({
  ...connectLinearAdapter("linear/acme-linear"),
  mode: "agent-sessions",
});

Use mode: "agent-sessions" for app-actor installs. For outbound calls outside webhook handling (cron jobs, workflows), wrap them in withInstallation() so a request-scoped client is bound:

await linear.withInstallation("org-id", async () => {
  await linear.postMessage("linear:issue-id", "Hello from a background job");
});

Each helper attaches a default verifier that matches the deployment's project and environment automatically (projectId defaults to VERCEL_PROJECT_ID, environment to VERCEL_TARGET_ENV then VERCEL_ENV), so production, preview, and development each accept only their own tokens. Verification fails closed — if those values are absent, every request is rejected, and the issuer is pinned to https://oidc.vercel.com.

To add constraints (for example to accept multiple environments), build a verifier with createConnectWebhookVerifier and override the field:

import {
  connectSlackAdapter,
  createConnectWebhookVerifier,
} from "@vercel/connect/chat";

createSlackAdapter({
  ...connectSlackAdapter("slack/acme-slack"),
  webhookVerifier: createConnectWebhookVerifier({
    environment: ["production", "preview"],
  }),
});

Avoid hardcoding environment: "production" unless you only forward to production — it would reject preview and development deployments.

  • App-scoped tokens. The helpers act as the application itself (subject: { type: "app" }). End-user OAuth is a separate concern.
  • Freshness and replay. OIDC verification replaces each provider's native signature (and timestamp) check, so request freshness relies on the short-lived OIDC token's expiry rather than a signed timestamp, and there is no built-in delivery de-duplication. Keep your webhook handlers idempotent.
  • Socket Mode is incompatible. Connect trigger forwarding is HTTP-only; it doesn't apply to the Slack adapter's Socket Mode.
  • Testing. Connect forwards to deployed URLs, not localhost — test against a preview or development deployment.