shreyjain-connect-billing | Stripe Developers | Page 1

feral bladeBOT Oct 11, 2023, 8:27 PM

#

lucid oxide Oct 11, 2023, 8:35 PM

#

Yes, as long as your customers don't involve any connected accounts themselves that would be the way to go

#

You can create subscriptions using COnnect patterns as shown here:

#

https://stripe.com/docs/connect/subscriptions

smoky notch Oct 11, 2023, 8:36 PM

#

Awesome! I just checked out my onboarding flow and yeah this is pretty much what I need. So is there a React component that Stripe gives me that I plug into my app?

#

For the OAuth integration?

lucid oxide Oct 11, 2023, 8:40 PM

#

We don't recommend oauth for onboarding anymore, instead you create accounts and account links to complete onboarding:

#

https://stripe.com/docs/connect/express-accounts#create-link

#

For express accounts, for example

#

We're also offering embedded connect components for this: https://stripe.com/docs/connect/get-started-connect-embedded-components

smoky notch Oct 11, 2023, 8:42 PM

#

So ur saying I shouldnt use this:

https://stripe.com/docs/connect/get-started-connect-embedded-components

#

Oh nvm, you're saying i should use this ok

#

So for the connect-embedded-components, it need a CONNECTED_ACCOUNT_ID when i set up an Account Session – where do I get that from? I know the user has to authenticate it, but is there something I do before i send an API req to this endpoint:

const stripe = require("stripe")(
  // This is your test secret API key.
  '',
);

const express = require('express');
const app = express();

app.post('/account_session', async (req, res) => {
  try {
    const accountSession = await stripe.accountSessions.create({
      account: {{CONNECTED_ACCOUNT_ID}},
      components: {
        account_onboarding: {
          enabled: true
        }
      }
    });

    res.json({
      client_secret: accountSession.client_secret,
    });
  } catch (error) {
    console.error('An error occurred when calling the Stripe API to create an account session', error);
    res.status(500);
    res.send({error: error.message});
  }
});

app.listen(3000, () => {
  console.log('Running on port 3000');
});

lucid oxide Oct 11, 2023, 8:44 PM

#

You should remove that test key first of all, and probably roll it now that you've shared it publicly

#

https://stripe.com/docs/keys#rolling-keys

smoky notch Oct 11, 2023, 8:45 PM

#

Rolling it rn

lucid oxide Oct 11, 2023, 8:45 PM

#

But for the actual question, this would be an account you create for them

smoky notch Oct 11, 2023, 8:46 PM

#

Oh got it – what if they already have an account

feral bladeBOT Oct 11, 2023, 8:47 PM

#

lucid oxide Oct 11, 2023, 8:47 PM

#

Ah like their own existing account they signed for themselves, outside of your platform context?

smoky notch Oct 11, 2023, 8:48 PM

#

Yeah

#

And they can like access that account for themselves through their own stripe dashboard, im just trying to make changes if they make changes through my dashboard and have things automatically done through my dashboard

grim kernel Oct 11, 2023, 8:51 PM

#

shreyjain-connect-billing

#

👋 taking over but I don't really get what you're asking. You use "their own stripe dashboard" and "my dashboard" without much context unfortunately
We focus on helping developers with developer-related questions about our products and APIs. As a Connect platform you can see everything a connected account does and you can use the API to make changes on their behalf as needed

smoky notch Oct 11, 2023, 8:52 PM

#

Yep thats exactly what I need!

#

I think Connect with the links shared in this thread is for new accounts that I create! But i want to be able to integrate with existing stripe accounts

#

my dashboard = the dashboard my customers will use to configure what kind of billing they would want for each one of their users

their own stripe dashboard = they already have an accessible Stripe account running, and I'm just programmatically making changes on their behalf using the API (as you mentioned)

#

Let me know if this makes sense

grim kernel Oct 11, 2023, 8:56 PM

#

https://stripe.com/docs/connect/oauth-standard-accounts

smoky notch Oct 11, 2023, 8:58 PM

#

Right, and is there a React component that i can use to build OAuth with Stripe?

grim kernel Oct 11, 2023, 8:59 PM

#

no

smoky notch Oct 11, 2023, 8:59 PM

#

https://github.com/stripe/react-connect-js

Is this the React component I would need?

grim kernel Oct 11, 2023, 8:59 PM

#

no you don't need any of this. Read the docs I linked it explains how this works, there's nothing React specific in there

smoky notch Oct 11, 2023, 8:59 PM

#

Ok, so it's just a button with hardcoded values like my client_id and such in the URL

grim kernel Oct 11, 2023, 8:59 PM

#

yep!

smoky notch Oct 11, 2023, 9:00 PM

#

Perfect!

#

I think that's it for now, and then will follow up after if I have any other questions. thanks sm for the help, and hope it wasnt too much of an inconvenience

grim kernel Oct 11, 2023, 9:01 PM

#

no inconvenience at all, we're always happy to help. The main issue is how important the right "Stripe-specific vocabulary" is and how common words like "dashboard" or "checkout" can mean completely different things. Like you have your own app's dashboard for configuring things but a Stripe account has their own Stripe Dashboard too and in one sentence using both words it can be quite tricky to grasp

#

I'll keep this thread open for a bit if you have more questions let me know

#

You might also want to look at https://stripe.com/docs/stripe-apps which is a completely different integration path where you can build an app a user can "install" in their account too

smoky notch Oct 11, 2023, 9:09 PM

#

Oh ok i did have one more question – I want to redirect my users back with some variables in the redirect_uri

#

But seems like I have to set that on Stripe's dashboard

grim kernel Oct 11, 2023, 9:10 PM

#

I highly recommend to never do this

smoky notch Oct 11, 2023, 9:10 PM

#

Making it not dynamic (where i can set a variable on it like an ID)

grim kernel Oct 11, 2023, 9:10 PM

#

It's OAuth, don;'t try to make anything dynamic in the URL that anyone can change or abuse. Use a cookie or a browser session to recognize who they are when they come back

smoky notch Oct 11, 2023, 9:12 PM

#

Yep makes sense – on my end I'll store something locally so I know which "organization" they authenticated to integrate stripe billing with

grim kernel Oct 11, 2023, 9:12 PM

#

yeah that's what I recommend in that case!

#

you could use the state query parameter, but it is dangerous since anyone can change it

smoky notch Oct 11, 2023, 9:13 PM

#

But an ID is like some UUID, so it's hard to guess a UUID for someone's who exist

grim kernel Oct 11, 2023, 9:13 PM

#

agreed and you call always make it a hash or something, just usually bad practice 🙂

smoky notch Oct 11, 2023, 9:13 PM

#

Got it – will just use something stored locally

#

Also – scope values are either "read_only" "write_only" or "read_write"?

#

Oh there is no "write_only" only read_only and read_write

grim kernel Oct 11, 2023, 9:16 PM

#

correct, doesn't make sense to be able to write and not read

smoky notch Oct 11, 2023, 9:19 PM

#

Yep totally

#

Awesome – the Oauth flow is super intuitive now haha

grim kernel Oct 11, 2023, 9:20 PM

#

yay!

smoky notch Oct 11, 2023, 9:21 PM

#

I just realized why i couldnt read the docs fast enough

#

No dark mode

grim kernel Oct 11, 2023, 9:23 PM

#

lol

smoky notch Oct 11, 2023, 9:54 PM

#

When i pass a unique token to you guys in state to prevent CSRF attacks, where should i store it to validate it when you send it back?

grim kernel Oct 11, 2023, 9:54 PM

#

in your own database/cookie/session, really up to you

#shreyjain-connect-billing