#skammerens-datter_unexpected

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1498939460480667758

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi there, can you share with me screenshots to help me understand what your user encountered during onboarding?

Yes, here you go. Sorry, but it's in Danish.
First is saying "Welcome back" and second is "Input confirmation code". I am unsure if the password is empty or prefilled from the user's keychain, but either way it is not something we have encountered before. Usually the email is sent through the API call and no password required via the account link....

Ok, I noticed that you specified the email address during account creation (https://dashboard.stripe.com/acct_1ITAgFGppVLMkw06/logs/req_zJrt9p8MZrunqZ), and that's why the email was pre-filled in the onboarding, it's possible that the browser pre-fill the password based on the same email address and URL.

Can you share with me the ID of the request that you created for account link?

https://dashboard.stripe.com/acct_1ITAgFGppVLMkw06/logs/req_8p7sYTqPXArEyG OK I think i found it

It seems that you created a few account links for the same connected account. I've seen https://dashboard.stripe.com/acct_1ITAgFGppVLMkw06/logs/req_Tipqr5qf6bxmSD and https://dashboard.stripe.com/acct_1ITAgFGppVLMkw06/logs/req_X9gZ3hsrvdE7hp

Yes, we prefill the email from their account on Venjue, so that they don't have to submit that info twice and possibly provide a different one. But why is it asking for a password, and why a 2FA code?

And yes, as mentioned in the form from this chat, we tried recreating it to determine if this was a one-off or an error on our end.

From the account link you sent, why does it not do onboarding, but instead "login"? Also, with the account links we should do the auth simply by redirecting from our API key, right? Why a password

Let me take a further look

Thank you

OK, the email provided in the account creation already belongs to an existing Stripe user, and that's why Stripe Express onboarding renders the login flow instead of the fresh registration flow. This is a by-design behavior.

So an existing account on a different plaform, e.g. not Venjue?

So when they provide the credentials for their existing account, they login and then get the regular onboarding for their account with Venjue?

It can be the case where your user already created a connected account with another platform using the same email address, or the user uses the same email address to register a stripe account themselves.

In either case Stripe will ask the user to enter password to login, and request for 2FA authentication as well.

Once they log in successfully, they can continue the onboarding process.

Okay, I understand. After the initial verification with password and 2FA, will the user have to do that every time we generate an account link (because they have more than once account) or will the user not be asked again when following an account link?

I'll need to check. Will you expect your users to use multiple account linking steps to complete onboarding, rather than doing it in one go?

It'll be one go, but sometimes from our settings page they will go through \Stripe\Account::createLoginLink, which normally just redirects our other users with no fuss (e.g. login) and presents them with the Express dashboard to change payout info

Ok, if Stripe recognize the email address (i.e., the same email address is already used in other Stripe account), your user will be prompted for login. They may not need to enter password again if they have already done before, but they'll need to enter the OTP for 2FA.

Okay, thank you.

From the API docs there is no option to not have this behaviour. Do we just have to accept that if an email has used Stripe in a different context before at any point, the Connect onboarding will ask for login, or is there a different method other than using Connect Custom that would remove this requirement?

In this particular case I think we'll just have them use a different email, because they don't remember ever using Stripe in a different context, so do not remember password or have access to the 2FA OTP.

There's no option to change this behavior. But your user can use the links provided on the page to use a different email address or reset the password

Okay, will do. Thank you for the clarification!