#Team Seeds-customer-portal

Can you give a bit more detail on what you're struggling with? General guidance (outside of your stripe integration) of how to authenticate users on your site?

This thread has been archived. If you need help with anything else please ask in #dev-help or contact Stripe Support: https://support.stripe.com/contact

@wintry axle I'm going to head out soon, but can help for a few more minutes

Struggling with user authentication + creating the Checkout Sessions for existing users so that they can then manage their existing subs via the Customer Portal

Can you give more specifics? Are you hitting specific errors? Not understanding a certain part of the flow?

current editable code is here: https://replit.com/@playseeds/stripe-customer-portal-2#index.js

i don't know how to authenticate/how to get that to interact with the customer IDs already in our stripe dash

you'll see there that i installed bcrypt as a start

so the gap is circa line 13 in index.js

need to authenticate, but has to be done in such a way that i guess email addresses can be verified and then connected to the email address associated with a customer already in our stripe dash

I don't know the specifics of the bcrypt library or how to use it, but the general idea is that your site would ask your user to login/authenticate upon entering your site. They either login with their email or username, and in your own databases you have kept track of which user is tied to which Stripe customer ID. Is the issue here that you never created any concept of logging into your site beforehand, so the users that already had subscriptions don't have any way to log in to your site?

right, we didn't have a need to authenticate users on our site previously

we just used stripe payment links, and subscriptions were created in that way

and now want to allow folks to cancel or change them themselves via stripe customer portal

if it's authentication via email address tho doesn't it seem redundant to create a database for email + stripe customer ID when stripe is already storing this info? could we use a webhook for that?

Gotcha - so you have two options here:

1. Bring all these previous customer back to your site and have them go through whatever user creation flow you're going to implement so that they can login in the future
2. Build an edge-case flow specifically for thees users - you could look into authentication systems that only require and email address and have them authenticate with a one-time code or something like that. I'm not a security expert so you'll wan to do your own research into what is the best option for you.

this can't be a super uncommon use case within stripe tho i'd imagine since the customer portal is relatively new

is there another support engineer here that you know has dealt with this?

You don't need to have a database if your integration doesn't use it - but you will eventually need to know which Stripe customer ID is tied to your user. You can get it through stripe (see https://stripe.com/docs/api/customers/list#list_customers-email) but that'll be an extra API call you'd need to make before generating the customer poratl session

this looks promising!

another dev in here told me the stripe API wouldn't be applicable in this case

which i did not believe

There isn't really anyone around right now (it's friday afternoon so most of us are gone for the week already), but as a general rule we wouldn't provide specific security advice on how to implement authentication. We can give suggestions and pointers, but what you build will really depend on your use case and business needs

What specifically did they mention wouldn't be applicable?

the stripe API

i'll take a look at this in more depth and keep working to a solution. have a good weekend!

👋