Francois-Connect | Stripe Developers | Page 1

tender rose Aug 29, 2022, 7:46 AM

#

Hi there, let me take a look

warm nebula Aug 29, 2022, 7:47 AM

#

Hi Jack

#

thank you

#

in https://dashboard.stripe.com/settings/connect
Standard is enabled; OAuth too for Standard, redirection URL is set

tender rose Aug 29, 2022, 7:55 AM

#

This account was disconnected from platform because the OAuth Token was consumed twice

warm nebula Aug 29, 2022, 7:56 AM

#

mmmh

#

ok

#

so initial authorization is priorized ?

tender rose Aug 29, 2022, 7:57 AM

#

You should make sure that the OAuth token is consumed once only

warm nebula Aug 29, 2022, 7:57 AM

#

App 1 Token
App 2 Token asked => denied

#

from the dashboad, is there a link to list who is consuming the token (on the Standard Dashboa part)

#

?

tender rose Aug 29, 2022, 8:01 AM

#

The token is for the platform to consume, you can check you code and see how many POST https://connect.stripe.com/oauth/token requests are made

warm nebula Aug 29, 2022, 8:03 AM

#

ok but this is only possible when having access on this account. I'm trying to find a way to tell our customer : click here, and remove this access if you want to use our application

#

because it looks like our user gives access to the application, and it's automaticaly revoked

tender rose Aug 29, 2022, 8:06 AM

#

I'd suggest you to check your implementation and only send request to /oauth/token if the given code is not used before (https://stripe.com/docs/connect/oauth-standard-accounts#token-request)

Using OAuth with Standard accounts

Use the OAuth connection flow to allow a Standard user to connect to your platform.

warm nebula Aug 29, 2022, 8:09 AM

#

ok but there is nothing on this page to see if the code is already used

fading loom Aug 29, 2022, 8:10 AM

#

yep, there's no direct logs for this, you should check logs in your own code

#

i.e. add logs where you call oauth.tokens.create or the equivalent code in your integration as you're likely hitting it twice for some reason like if the user refreshes the page or something.

warm nebula Aug 29, 2022, 8:12 AM

#

mmmh

fading loom Aug 29, 2022, 8:13 AM

#

overall I suggest not suing OAuth unless you are specifically building an extension that needs to connect to existing accounts

warm nebula Aug 29, 2022, 8:13 AM

#

that's what's happen. It's for existing accounts

fading loom Aug 29, 2022, 8:13 AM

#

you should instead use https://stripe.com/docs/connect/standard-accounts with the Account and AccountLinks APIs, one of the advantages is it can never have this problem

Using Connect with Standard accounts

Integrate with Standard accounts to get started using Connect right away, and let Stripe handle the majority of the user experience and user communication.

warm nebula Aug 29, 2022, 8:15 AM

#

I'm wondering why Oauth is called twice. You're sure it's from our application ?

fading loom Aug 29, 2022, 8:15 AM

#

yes

#

this is a really common issue that every platform building OAuth runs into and you need to find a soluton for. For example keep a small cache of ac_xxx access tokens and check them before submitting

warm nebula Aug 29, 2022, 8:16 AM

#

ok but it's only on redirection page right ?

#

because on our side, this url 'https://connect.stripe.com/oauth/authorize' . '?' . http_build_query($queryData) is only available when the customer is not connected as Standard account

fading loom Aug 29, 2022, 8:19 AM

#

it means that when the user comes back from visiting ^^ that link, and your server reads the access token from the URL query and calls the API with it(https://stripe.com/docs/connect/oauth-standard-accounts#token-request), you are doing that twice

#

if you add logs it's usually pretty obvious what's happening like the user refreshes their browser on that page, or you persist the query parameters to a different page, or you just run the code twice for some reason, hard for us to say but you can debug it.

#Francois-Connect