frijolay | Stripe Developers | Page 1

warm locustBOT Jan 12, 2024, 12:21 AM

#

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

frijolay, 1 day ago, 10 messages

shadow sphinx Jan 12, 2024, 12:21 AM

#

Hello!

#

the name scratched out is the name of the connect extension

#

For this question:

is it theoretically possible for a user with a connected account to be unable to deauthorize a connected app?
The answer is yes. It depends on several factors.

#

Why do you ask?

barren ermine Jan 12, 2024, 12:24 AM

#

the user is contacting our support saying that stripe said that we need to deauthorize the account, and i would just like to have an explaination for them, as to why thats the case

shadow sphinx Jan 12, 2024, 12:24 AM

#

Did you create their Stripe account?

#

Or did they sign up for it by going to Stripe.com and signing up there?

barren ermine Jan 12, 2024, 12:25 AM

#

all of our users go thru an auth flow where they either can login with stripe, or create an account. we dont explicitly create accounts on their behalf

shadow sphinx Jan 12, 2024, 12:26 AM

#

Ah, okay, so if they choose to create an new account for your platform your platform has a greater level of control over that account, and for those you would be the one who needs to disconnect as they don't have permission to do so.

barren ermine Jan 12, 2024, 12:26 AM

#

ohhhhhh

shadow sphinx Jan 12, 2024, 12:27 AM

#

Your platform can disconnect them by deauthorizing the account: https://stripe.com/docs/connect/oauth-standard-accounts#revoked-access

barren ermine Jan 12, 2024, 12:27 AM

#

thank you. ive done it once before. its just that i thought all stripe accounts have authority to deauthoirze any connected app

#

do you know off hand if theres an explicit place in the stripe docs that describe this?

shadow sphinx Jan 12, 2024, 12:28 AM

#

Hm. I don't think so... there's this, but it's not that specific: https://stripe.com/docs/connect/oauth-changes-for-standard-platforms

barren ermine Jan 12, 2024, 12:29 AM

#

ok. so in summary, if a user creates an account as part of our auth flow, only we can deauthorize htem

shadow sphinx Jan 12, 2024, 12:30 AM

#

Mostly yes. There are some exceptions, but generally speaking that's the case, yep.

barren ermine Jan 12, 2024, 12:30 AM

#

thank you so much!

#frijolay