lewis-sequence | Stripe Developers | Page 1

ember spadeBOT Mar 14, 2023, 10:46 AM

#

daring citrus Mar 14, 2023, 10:47 AM

#

👋 happy to help

#

would you mind sharing the request ID? https://support.stripe.com/questions/finding-the-id-for-an-api-request

Finding the ID for an API Request : Stripe: Help & Support

Find help and support for Stripe. Our support center provides answers on all types of situations, including account information, charges and refunds, and subscriptions information. Get your questions answered and find international support for Stripe.

hot skiff Mar 14, 2023, 11:04 AM

#

Hmm, I don't see the logs for OAuth requests in the developer dashboard.

The ID for the curl request I made is: req_W1LASR5rvlRTT1

The TokenResponse value I see with the Java SDK is:

  "livemode": false,
  "scope": "read_write",
  "stripe_user_id": "acct_..."
}

daring citrus Mar 14, 2023, 11:05 AM

#

let me take a look

#

the request ID is not correct

#

would you mind double checking?

hot skiff Mar 14, 2023, 11:07 AM

#

the Request-Id header for my curl request was req_W1LASR5rvlRTT1

#

Ah, this issue on the Java SDK provides more details: https://github.com/stripe/stripe-java/issues/408#issuecomment-334717206

GitHub

OAuth TokenResponse is missing few fields · Issue #408 · stripe/str...

According to the docs OAuth token response returns the following data: { "token_type": "bearer", "stripe_publishable_key": "{PUBLISHAB...

#

How would the stripe_user_id be used for authentication?

It was a deliberate decision to leave out those fields, as there's basically no reason for a new Connect integration to not use the stripe_user_id field for everything.

obsidian geode Mar 14, 2023, 11:14 AM

#

yep we don't put those fields in the model object since OAuth is deprecated

#

there are ways to get them from the raw JSON if needed, but what are you really trying to do? is this for Standard accounts or Express?

#

well to be clear, it's more that that way of authenticating is deprecated

hot skiff Mar 14, 2023, 11:16 AM

#

Standard accounts. I looked at using Account Links rather than OAuth, but we're expecting to connect with existing accounts for some customers. It looked like Account Links could only be used if the platform created the account first.

obsidian geode Mar 14, 2023, 11:16 AM

#

you never need those keys

#

just use the Stripe-Account header https://stripe.com/docs/connect/authentication#stripe-account-header

obsidian geode Mar 14, 2023, 11:18 AM

#

hot skiff Standard accounts. I looked at using Account Links rather than OAuth, but we're ...

that's true, but also in general we mostly intend for you to not connect to existing accounts(if you need to for read-only purposes like data analysis you'd create a Stripe App), and for payment/write flows you use an AccountLink and the user has a new Stripe account under their user and your platform uses that new account instead of their existing one(to keep the data properly split between platforms) https://support.stripe.com/questions/legal-entity-sharing

hot skiff Mar 14, 2023, 11:19 AM

#

Makes sense, I did wonder if the AccountLink approach was to encourage creating new accounts for read/write purposes.

Thanks for the info! We'll review how we approach things.

obsidian geode Mar 14, 2023, 11:21 AM

#

either way you definitely don't need or want the access_token

#

since then you have to store that and keep it safe for every single account, and then if you ever lose that key it's a hassle to recreate(you need the refresh token and you might not have that either). They're totally legacy and you would use the Stripe-Account header always now instead, which only requires you to store your own platform key(which you can manage in your dashboard) and know the ID of the account

hot skiff Mar 14, 2023, 11:23 AM

#

Understood 👍

#lewis-sequence