Baepsae | Stripe Developers | Page 1

keen creekBOT Feb 21, 2023, 10:25 AM

#

foggy oriole Feb 21, 2023, 10:34 AM

#

I guess all this depend on what kind of Stripe App you're building! Does it interact with third-party services outside of Stripe?

#

You don't need an OAuth provider/connection if your app simply reads data from the Stripe account(s)

fringe canopy Feb 21, 2023, 10:42 AM

#

Hi @foggy oriole , thank you for the quick reply!
It will interact with our application, we will be reading data from our own application.

In our application, we have actually integrated with Stripe through the flow I linked here, which was pretty simple for me to understand.

Now when in Stripe App, I don't understand the oAuth provider thing.

The url provided by the docs to start the oAuth flow is this:

https://www.example.com/oauth2/authorize?response_type=code&client_id=${clientID}&redirect_uri=${getRedirectURL(mode)}&state=${state}&code_challenge=${challenge}&code_challenge_method=S256;

But I'm not really sure what is supposed to be instead of https://www.example.com

In the way we integrated with Stripe in our application previously it was like this:

https://connect.stripe.com/oauth/authorize?response_type=code&client_id={{CLIENT_ID}}&scope=read_write&redirect_uri=https://sub2.example.com

But I guess it's different since with this previous way we read data from Stripe and not the opposite

foggy oriole Feb 21, 2023, 10:44 AM

#

The assumption here is that your application/service has an OAuth integration that the Stripe App can utilise to can access to the service

#

So example.com would become yourproduct.com

#

Equally, you don't need to use OAuth if your application doesn't support OAuth. You can build a form to handle sign in to your service via credentials, for example. And store the returned token for use in the app: https://stripe.com/docs/stripe-apps/store-secrets

Store secret credentials and tokens in your app

Use the Secret Store API to persist sensitive data, like authentication credentials.

fringe canopy Feb 21, 2023, 10:57 AM

#

Thank you @foggy oriole, things are getting clearer now.

So, if our application is using Amplify/AWS Cognito for authorization, can we have this Stripe App just redirect to our application for auth?

And when we redirect back to Stripe App, what do we need to include in that Redirect + where to include it?

foggy oriole Feb 21, 2023, 10:58 AM

#

Hmm, I'm not sure if/how that kind of auth flow would work. You'd need to test it

#

Generally you'd just POST the credentials from the Stripe App to your API/service and get an API token back that the Stripe App can use

#Baepsae