aartr-oauth-twice | Stripe Developers | Page 1

naive muskBOT Dec 18, 2023, 11:34 PM

#

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

aartr., 15 minutes ago, 13 messages

fresh wedge Dec 18, 2023, 11:35 PM

#

Hello! What additional questions do you have?

coral creek Dec 18, 2023, 11:35 PM

#

This was the last message: ```It looks like the problem was that the same auth code was used to connect and reconnect the account. You just need to attempt connection again using a different Auth code. We call out how to do that here: https://stripe.com/docs/connect/oauth-reference#post-token-response

#

We use the flow so we receive that Auth code (I assume they were talking about access_token) from Stripe

#

Is Stripe then returning duplicate auth codes after a user completes the oauth flow?

fresh wedge Dec 18, 2023, 11:42 PM

#

Not exactly - Stripe includes the auth code as a query param in the redirect_uri when the connection proess is done. It's very possible for your user to refresh the page or accidentally go to the same URL twice (with the same authorization code)

coral creek Dec 18, 2023, 11:43 PM

#

Hm, this person tried reconnecting 7 days ago, and then again today

#

It seems unlikely they used the same session to do so

#

We automatically close the oauth window after it was redirected as well

#

User clicks the connect button in our interface -> we pop oath flow window -> user completes it -> window redirects internally -> we capture the auth code and close the popup automatically

fresh wedge Dec 18, 2023, 11:49 PM

#

It may be worth asking the user what they're doing and also adding logging on your end to track when you're using the auth code - from what I can see in our logs, the two requests are happening in rapid succession (so the first request connects the accuont, but then the second one immediately comes in and disconnects)

coral creek Dec 18, 2023, 11:49 PM

#

Ah interesting, so you are seeing a disconnect call

#

The disconnect call is oauth/deauthorize?

fresh wedge Dec 18, 2023, 11:51 PM

#

No, both calls are the authorization call (the one from here https://stripe.com/docs/connect/oauth-standard-accounts#token-request). But when the using the same authorization code is used twice the second call triggeres a disconnection

Using OAuth with Standard accounts

Use the OAuth connection flow to allow a Standard user to connect to your platform.

coral creek Dec 18, 2023, 11:52 PM

#

Interesting. Perhaps they have some sort of browser plugin causing a second request

#

Alright, this is super helpful. We'll investigate further. Thank you very much for your help

fresh wedge Dec 18, 2023, 11:53 PM

#

👍

#aartr-oauth-twice