For my web app I am trying to allow the user to add multiple payment methods. I am using the user token in order to gain access to the income feature. However, there appears to be no way to allow multiple payment methods because the user token only corresponds to the data most recently entered through Plaid Link and trying to create a second user token fails because you cannot have repeat client user ids. How exactly do you get around this?
Related
I am currently using the PayPal API to process payments inside my application. My problem is the following: My application is now capable of creating an order and letting the user approve the order. What I want to accomplish is authorizing the amount the user approved to directly after the user approved the order. I know it is possible to authorize an order but from what I understand this is only possible after the user approved the Order. So what I want to know is the following: is it possible to let the user approve with the order and then authorize in one step, without the interfering of my backend(Spring Boot). Or should I let the frontend make a call after the user approved, so that another endpoint in my application can try the authorization of the funds. It al comes down to the fact that I don't know when to make the authorization call. What is the best practice?
So basically you want to create an order with "intent": "authorize" and then authorize it from your backend after approval (rather than capturing it, as would be the case for intent:capture).
For this you need to make two routes, one for 'create an order for authorization' and one for 'authorize an order', documented here. These routes should return only JSON data (no HTML or text). The second one should (on success) store the resulting authorization ID, purchase_units[0].payments.authorizations[0].id ...for later capture
Pair these two routes with the following approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server
Suppose I have an application in which I have enabled (google) Oauth2 authentication but I want only a few business people can log in to my application with there specific email id and rest of the people can't. How Can we achieve this using Oauth2?
1.) Lots of people have a Google account and can authenticate with Google
2.) I want Only some of them should be authorized to use your app, which maybe deals with business assets
I suspect your requirement is:
Lots of people have a Google account and can authenticate with Google
Only some of them should be authorized to use your app, which maybe deals with corporate assets
In this case I would proceed something like this:
STEP 1: PREREQUISITE USER SETUP
Get a list of users and perform an Administrator Approval step to create them in your product database, perhaps with Name and Email fields.
STEP 2: INCLUDE THE EMAIL SCOPE DURING LOGINS
In the Google login redirect, use scope='openid email' so that you can identify the user via email after login. Allow users to successfully authenticate.
STEP 3: AFTER LOGIN PROCESS THE ACCESS TOKEN
You will then get then be able to get the user's email address from the access token (though you may have to send it to the Google User Info endpoint).
STEP 4: DENY ACCESS WHEN REQUIRED
If you can't find the email associated to the token in your product user data, present a Forbidden message to the user.
FURTHER INFO
See my User Data Write Up for further details on technical options. Note that I have not actually tested this with Google, but I have used the general approach with a few different systems.
We have developed an app that let user login with facebook. The app has been granted all required permissions to retrieve name, email, gender and age range etc. But our app developer stored only id,name and email while user login. Now we need to retrieve gender and age range of all those users who have logged in the app.
Is there a way to rerun user query to retrieve those data? I am looking to develop an program using Spring-social and RestFB but it needs user login action to retrieve required data which is problem in our case since we cannot recreate login action again.
As long as the user granted public_profile permission to your app, and you have their app-scoped user id, you can make the API call using your app access token.
And if you are looking to request this data for a lot of users, then you should optimize your requests in the following ways:
request the fields you need only: /user-id?fields=id,gender
request data for multiple users in one go: /?ids=user-id-1,user-id-2,user-id-3&fields=fields=id,gender – https://developers.facebook.com/docs/graph-api/using-graph-api/v2.5#multirequests
perhaps even use Batch Requests if necessary, https://developers.facebook.com/docs/graph-api/making-multiple-requests/
I made a members-only site that uses Google oauth2 to authorise users. The site is built with the Laravel framework and Artdarek's oath library.
When the authorization callback comes from Google, I lookup the user record in the DB by email and proceed to the protected page if the record exists, otherwise to a register page.
The problem is some of our members use two Google accounts. One user registered via his primary account (e.ge. a#gmail.com). The next day he returned and mistakenly tried to login with b#gmail.com. Naturally the system showed him the registration page. From that time on each time he visits the site the authentication mechanism sees him using his second (unwanted) set of credentials.
To resolve this one case I instructed him to logout of all accounts (on both sides), clear cookies and start from scratch but this is not a practical solution for all users. In same cases even this measure does not seem to correct the problem.
How can I solve this case? What is the right way to request oauth authentication and get them back from the right account? Can I force Google to ask the user with which account to proceed?
Google will automatically ask the user which account they want on an oauth request if they enable the account chooser.
I have logged into my Google Apps and my Google account, so for me on an oauth request, I get the following prompt:
In order to do the same for your user, they have to click "Stay signed in", but of course this is not advisable for public computers.
Beyond the above, I'm afraid not much can be done. - if they logged in with a#gmail.com at that time, these are the credentials you will receive.
They way I solve this problem is to have a field where the customer can add additional emails, and select one that is primary. I will then inspect against these emails when a request comes in to avoid duplicate user accounts.
Im building a simple app and need to add authentication. I was wondering if it was possible within omniauth to limit users that can sign in with twitter by their usernames.
My aim is to only allow a few pre-select people into the backend of this app.
I believe you already have some strategy to manage users signing in with twitter. If not, you might wanna check out this raislcast episode.
Once a user signs in with twitter, twitter will forward you a hash of that user object. You can access it via request.env["omniauth.auth"] and decide if you want to create a user object for a particular username.