<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Work on this issue](https://contributors.gitlab.com/manage-issue?action=work&projectId=278964&issueIid=361392) - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=361392) </details> <!--IssueSummary end--> ### About The [existing API endpoint](https://gitlab.com/gitlab-org/gitlab/-/blob/bcdc845486ffbc4e1c921212c2d225c979b86b54/lib/api/integrations.rb#L237) that handles slash commands for the GitLab for Slack app integration currently authenticates the Slack request [using a `token` param](https://gitlab.com/gitlab-org/gitlab/-/blob/0398c12b524e0542bb443005f9ffd865e36bbd85/ee/app/services/slash_commands/global_slack_handler.rb#L39-45), which is a method of authenticating Slack requests that Slack has deprecated. From [the Slack docs](https://api.slack.com/authentication/verifying-requests-from-slack#verification_token_deprecation): > We'll continue allowing apps to use verification tokens for now. However, we will retire them completely in coming months. We strongly recommend switching to request signing as soon as possible. Instead, we should [verify the Slack request](https://api.slack.com/authentication/verifying-requests-from-slack) using the new method of computing a request signature, using the [same `Slack::Concerns::VerifiesRequest` module](https://gitlab.com/gitlab-org/gitlab/-/blob/e63abc2c5392c4461541e7cea9e52c870a544582/lib/api/integrations/slack/concerns/verifies_request.rb) that is being used in specific API endpoints that receive GitLab for Slack app requests (see [example of use](https://gitlab.com/gitlab-org/gitlab/-/blob/2808423c23bf19d117913d49369da0f6ab4086c2/lib/api/integrations/slack/events.rb#L11)). All GitLab instances that have the GitLab for Slack app configured will have the required `slack_app_signing_secret` configured because [it's required](https://gitlab.com/gitlab-org/gitlab/-/blob/f8026793bc976fa284c90cf94de42a05b26deabd/app/models/application_setting.rb#L526), and is used for some other GitLab for Slack app endpoints currently. The change should be feature-flagged first our of caution.