Skip to main content
Glama
karbassi

slack-mcp

by karbassi

oauth_v2_access

Exchange a temporary OAuth verifier code for an access token (V2) to authenticate Slack API requests.

Instructions

Exchange a temporary OAuth verifier code for an access token (V2).

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
codeYesThe OAuth callback code (omit when refreshing).
client_idYesYour app's client ID.
grant_typeNo``authorization_code`` (default) or ``refresh_token``.
redirect_uriNoMust match the value used to request the code.
client_secretYesYour app's client secret.
code_verifierNoThe PKCE code verifier, when the authorization request used PKCE.
refresh_tokenNoThe refresh token, when ``grant_type=refresh_token``.

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden for behavioral disclosure. It only states the basic exchange action but omits critical traits: that this operation mutates state (acquires/revokes tokens), requires handling of secrets (client_secret), may fail due to expired codes, and can also perform token refresh (implied by schema but not mentioned). The description does not compensate for the lack of annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, terse sentence with no fluff. However, it could be slightly more informative without losing conciseness by mentioning key use case variants (e.g., 'or refresh token'). Still, it earns a high score for front-loading the core action.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Despite having an output schema (not shown), the description does not hint at the response (e.g., returns access_token, scope, etc.). It also omits critical variant usage like PKCE or refresh token flows, which are significant for correct invocation. For a tool with 7 parameters and complex OAuth semantics, this description is insufficiently complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, so each parameter already has a description. The tool description adds no additional semantic context beyond 'exchange a code'. It does not explain the relationship between parameters (e.g., code vs. refresh_token are mutually exclusive) or provide examples. The baseline score of 3 is appropriate as the schema carries the burden.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description uses a specific verb 'Exchange' and clearly identifies the resource ('temporary OAuth verifier code for an access token') and version ('V2'). This distinguishes it from sibling tools like oauth_access (V1) and oauth_v2_user_access (different token type).

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives like oauth_v2_user_access or oauth_access. It does not mention typical triggers (e.g., after receiving a callback code) or when not to use it (e.g., for refresh token flows, which are also handled by this tool via the grant_type parameter).

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/karbassi/slack-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server