#chiayi
sick ridge
indigo peak
Sure. Will your app connect to third-party services to source data?
hollow saffron
yes
indigo peak
Do those third-party services support OAuth?
For example, there's a Dropbox OAuth sample: https://github.com/stripe/stripe-apps/tree/main/examples/dropbox-oauth-pkce
hollow saffron
not sure what is oauth, but it is a webapp using firebase for authentication and users get to see analytics on the webapp
indigo peak
The idea is your establish an OAuth connection for your app user between the third-party and your Stripe App, then you can use that token to make API requests to that third-party
indigo peak
not sure what is oauth, but it is a webapp using firebase for authentication and...
If you're not sure what OAuth is, then the likelihood is your app doesn't have it
In that case, how do users authenticate with your service?
hollow saffron
- stripe user gets redirected to my company's webapp (which is a third party service in this scenario) via our stripe app
- user signs up on webapp via firebase authentication on backend
indigo peak
Ok, so I'd guess that Firebase returns a token that your services uses to authenticate requests to its backend/API?
hollow saffron
yes
indigo peak
Then you'd just store that token in the app secret store: https://stripe.com/docs/stripe-apps/store-secrets
Then can be used to make API requests as you need to your backend
hollow saffron
do i create a function on webapp backend to store the token?
| can be used to make API requests as you need to your backend
meaning stripe app can use this token to make API requests to the webapp backend?
indigo peak
do i create a function on webapp backend to store the token?
Not sure, maybe? Up to you. You just need to return it to the Stripe App when your users authenciate with your API/service
indigo peak
| can be used to make API requests as you need to your backend
meaning stripe a...
There's an example here: https://github.com/stripe/stripe-apps/tree/main/examples/secret-store
hollow saffron
ok so, in my case is firebase an oauth provider mentioned in the oauth doc https://stripe.com/docs/stripe-apps/oauth?
indigo peak
I don't know, do they support OAuth?
If they do, great! Otherwise you can just authenticate your users via credentials in the Stripe App – that's permitted too
hollow saffron
yeah firebase supports oauth
so to summarise an oauth flow is just a way for us to display data only to users known to us is that correct?
indigo peak
Exactly. It's a way for your Stripe App users to connect to their account on your backend, and then authenticate requests to that backend so the Stripe App can pull their data
hollow saffron
thanks alot!
indigo peak
np
hollow saffron
so can I say using verifyHeader as stated in this doc https://stripe.com/docs/stripe-apps/build-backend#send-a-signed-request will tell us if the request is coming from our stripe app frontend
whereas an oauth flow tells us if a user has been authenticated with our third party service
ideally we would want to know both
indigo peak
You should be able to use both in conjunction yes. You would pass the token from the OAuth connection in the headers of your requests to your backend too
hollow saffron
also if I save the token in user scope, the stripe app installed in both corgilabs.ai and CorgiAI .Inc will be able to access it?
