#hossain-connect-accesstoken

Hi 👋

Can you describe more clearly what you mean by connect account access token?

We're using oauth to add someone elses account to our platform as a connect account.

We noticed that not long after they do this, their access_token sk live doesn't work anymore. Giving us an error:
Stripe::AuthenticationError: Expired API Key provided: sk live Platform access may have been revoked.

And when we try to refersh their access token, we get

RuntimeError: Error refreshing Stripe token: Refresh token does not exist: rt

Can you share an API request ID for this? It will start with req_

Here's how you can find a request ID: https://support.stripe.com/questions/finding-the-id-for-an-api-request

sure, sec

hmmm, i dont' see it on my logs for some reason.

idk if it matters, but i'm using the rails gem.

That should not matter

@organization = Organization.find_by(token: params[:organization_id])
    require 'stripe'
    Stripe.api_key = Rails.application.secrets.stripe_treasury_secret
    
    begin
      response = Stripe::OAuth.token({
        grant_type: 'refresh_token',
        # client_id: @organization.stripe_account.stripe_data["stripe_user_id"],
        refresh_token: @organization.stripe_account.stripe_data["refresh_token"]
      })
  
      # Return the new access token
      puts response.access_token
      @organization.stripe_account.update(
        stripe_data: response, 
        access_token: response.access_token
      )
      render json: {success: true, response: response.access_token, stripe_account: @organization.stripe_account}
    rescue Stripe::StripeError => e
      # Handle Stripe errors (you might want to expand on this)
      raise "Error refreshing Stripe token: #{e.message}"
      render json: {success: false, error:  e.message}
    end

This is my request if that helps. but i don't see any logs that's referncing this

That shows the refresh token.

How are you creating the authorization_code token?

@organization = Organization.find_by(token: params[:state])
    
      # Set your Stripe API keys
      Stripe.api_key = Rails.application.secrets.stripe_treasury_secret
      
      code = params[:code]

      if code.present? 
        begin
          # Exchange authorization code for access token
          response = Stripe::OAuth.token({
            grant_type: 'authorization_code',
            code: code
          })
       
        rescue StandardError => e
          @message = e
        end
      else
        @message = "No code present to authenticate with."
      end

after doing a little bit more digging, i noticed our user completed the stripe oauth to add their account to our platform as Connect account, but when i go look them up under our Stripe Conect Accounts list, it doesn't show up. which is quite odd. Not sure if they got removed right after they finished the oauth or something. Which explains why the refresh_token was removed.

Does this generate webhook event notifications?

when they finish the oauth?

these are my webhooks

So, no

Are certain countries limited in what they can do or something? Because this process has been working for 99% of users and not for only 3 users afaik.

Or types of account like standard/expresss/custom.

i can give you their stripe_account_id if that helps you.

Yes that would help

acct_1KW0ENCwCU6bpXsf

And this is your account ID or the ID of an account you are trying to connect to?

connect account id

Okay I don't see this account connected to any platform either

Is there some sort of setting that prevents it from being connected ?

Not if you have followed the approach we describe here https://stripe.com/docs/connect/oauth-standard-accounts

standard accounts? What if they're not a standard account and instead is express or custom

Then no, you cannot use OAuth

Oh i did not know that. Hmm, i wonder if they have an express or custom account and that's why it didn't work. But i would assume stripe would make it so that they cannot even go through the oauth flow if they don't have a standard account. ;

The account ID you sent me is for a standard account

req_r4J1duLxpVAdYA

I think this is the request that was executed when he added his connect account via oauth.

And then i believe he removed his stripe account and redid it (we instructed him to because he was getting the bug he's getting now) req_gNtxuLZNgItsNl

Nope, This is a GET request

https://dashboard.stripe.com/logs/req_r4J1duLxpVAdYA

Both of them are

This is just retrieving a list of accounts

When a user connects his account, does it not show up in the logs

It is using the OAuth access token, which looks fine

But I don't see the output

But these requests are made successfully on the other user's account.

so what doed this mean to the access_token and refresh_token not working? And the fact their account isn't showing up under the connect account

Let me check with my colleagues about this

What happens if you use the Stripe Account header with the Account ID? https://stripe.com/docs/api/connected_accounts

And can you confirm that the account is not revoking those tokens?

hossain-connect-accesstoken

I’ve stepped away from my computer and I will check when I get back in an hour. But keep in mind that their account is not listed under our connected accounts. I also don’t have access to their access token until they re-authenticate with the oauth.