Plaid Api wont let me authenticate account with account/routing number - plaid

Using Plaid version "2020-09-14". I am following these instructions https://plaid.com/docs/auth/coverage/same-day/
I'm using node js to generate a link token and i successfully do:
var plaid = require('plaid');
const client = new plaid.Client({
clientID: process.env.PLAID_CLIENT_ID,
secret: process.env.PLAID_SECRET,
env: process.env.PLAID_ENV
});
console.log('client is ',client)
app.post('/api/create_link_token', async function (req, res) {
try{
const response = await client.createLinkToken({
user: {
client_user_id: '123-test-user-id',
},
client_name: 'Plaid Test App',
products: ['auth'],
country_codes: ['US'],
webhook: 'https://webhook.example.com',
language: 'en'
})
return res.send({link_token: response.link_token})
} catch (error) {
// handle error
console.log('error',error)
return res.send({err: error.message})
}
});
I get a link token everytime I run this. Then, i use said link token to try to authenticate the user's bank by using same day micro deposits (my company is setup for this through Plaid).
What keeps happening is the screen pops up that asks you to search for your bank and I do not want that. I want the screen to popup just like the one at the top of the page in the link I listed above. It asks the user for their name first, then routing, then account numbers.
How do I make the Plaid api show me the screen that prompts the user for their accounting/routing numbers without trying to authenticate them automatically with their bank username and password?
Thanks

You can't, at least right now, using publicly released Plaid APIs. (You're not the first person to ask for this, and we're working on some stuff that should help, but it isn't yet available to the developer general public.)

Related

Call cloud code without logged in user Parse Server JS SDK

Is it possible to call a cloud function that returns objects without having a current user? The iOS and Android SDKs support anonymous users but I'm asking specifically for JavaScript.
I'd like to allow it so that anyone who visits my web app can read objects without having to sign in. I'm using Back4App.
Yes. You can call a cloud code function no matter the user is logged in or not. Inside the cloud function you can check the user property of the request object to check if the user is either logged in or not. In the case that your user is not logged in and you want to query a class which requires user permission, you can use the useMasterKey option.
Parse.Cloud.define('myFunction', async req => {
const { user, isMaster } = req;
if (isMater) {
// the cloud code function was called using master key
} else if (user) {
// the cloud code function was called by an authenticated user
} else {
// the cloud code function was called without passing master key nor session token - not authenticated user
}
const obj = new Parse.Object('MyClass');
await obj.save(null, { useMasterKey: true }); // No matter if the user is authenticated or not, it bypasses all required permissions - you need to know what you are doing since anyone can fire this function
const query = new Parse.Query('MyClass');
return query.find({ useMasterKey: true }) // No matter if the user is authenticated or not, it bypasses all required permissions - you need to know what you are doing since anyone can fire this function
});

How to show live users active on a particular page / routed vue-component, on home page?

I am developing an application where users create custom playlists from youtube video urls and those playlist are shown at homepage. When a user click on playlist, it is redirected to a page showing videos in that particular playlist.
Technology stack: Laravel 5.8, Vue, MySql, Pusher
What I have tried so far:
Home Page Component (PublicPlaylist.vue) listens to a channel: live-playlist-playing on mounted() event
this.channel = window.Echo.channel(`live-playlist-playing`);
this.channel.listen("LivePlaylistPlaying", e => {
this.object_array.push(e);
var array = this.object_array;
var seenNames = {};
array = array.filter(function(currentObject) {
if (currentObject.playlist_id in seenNames) {
return false;
} else {
seenNames[currentObject.playlist_id] = true;
return true;
}
});
this.distinct_object = array;
})
whenever another user goes to a playlist page e.g. www.example.com/playlist/1 its component SinglePlaylist.vue calls api to fetch details:
mounted(){
window.axios
.get(
"/api/playlist/"+this.playlist_id,
{
headers: fetchAuthHeaders()
}
)
.then(response => {
this.playlist = response.data.data;
})
.catch(error => {
// if (false == isErrorHandled(error, this)) {
// consoleLog(error);
// }
});
}
Above API method broadcasts an event which is listened by the channel live-playlist-playing, as follows:
public function viewPlaylist($playlistId)
{
/**
some code
*/
broadcast(new LivePlaylistPlaying(Auth::user()->name, $playlist->playlist_name, $playlistId));
return response()->api(true, 'Playlist fetched successfully', $playlist);
}
I hope I have tried to disclose as much as details but you are free to ask for more information; coming back to question, Above code works fine for this case, steps to be taken in consideration.
suppose a user A is on home page and
now user B access the single playlist page
A will get to know a playlist is being accessed by another user.
But what if user B comes first i.e
User B accesses the single playlist page
User A comes on home page
A will not get any information about playlist being played until a user C comes in the picture.
It seems you could benefit from using Presence Channels:
This makes it extremely easy to build chat room and "who's online"
type functionality to your application. Think chat rooms,
collaborators on a document, people viewing the same web page,
competitors in a game, that kind of thing.
You will need to authorise your connections, then you can subscribe to a presence channel. Presence channels broadcast a member_removed or member_added event whenever someone joins or leaves the channel, which you can use to identify when users are on the page regardless of what order the users join the page.

Migrating User to Cognito on Sign In

I am trying to migrate users to Cognito when they sign in the first time. For this I wrote a lambda function that does call an API to check if the users exist in db or not ? if the user exists, it will be created in cognito but I am not sure how do I tell the application that user is created and it should allow the user to login .
Here is the code in c#:
public async Task<Stream> FunctionHandlerAsync(Stream stream, ILambdaContext context)
{
RootObject rootObj = DeserializeStream(stream);
User user = new User(rootObj.userName, rootObj.request.password);
ApiResponse apiResponse = await MobileAuthenticateAsync(user.UserName, user.Password);
// Considering apiResponse returns "user authenticated", we create the user in //cognito. This is working.
// How do I send response back to Application so it knows that user is // //created and authenticated and should be allowed to login.
//Before returning stream, I am setting following 2 status.
rootObj.response.finalUserStatus = "CONFIRMED"; // is this correct ?
rootObj.response.messageAction = "SUPPRESS";
return SerializeToStream(rootObj);;
}
You're pretty close.
You can see the full documentation on the Migrate User Lambda Trigger page, however in short you need your response to look like:
{
response: {
userAttributes: {
email: 'user#example.com',
email_verified: true,
custom:myAttribute: 123,
},
finalUserStatus: 'CONFIRMED',
messageAction: 'SUPPRESS',
forceAliasCreation: false,
}
}
Where:
userAttribute: this is a dictionary/map of the user's attributes keys in cognito (note that any custom attributes need to be prefixed with custom:), to the values from the system you're migrating from. You do not need to provide all of these, although if you're using an email alias you may want to set email_verified: true to prevent the user having to re-verify their e-mail address.
finalUserStatus: if you set this to CONFIRMED then the user will not have to re-confirm their email address/phone number, which is probably a sensible default. If you are concerned that the password is given as plain-text to cognito this first-time, you can instead use RESET_REQUIRED to force them to change their password on first sign-in.
messageAction: should probably be SUPPRESS unless you want to send them a welcome email on migration.
forceAliasCreation: is important only if you're using email aliases, as it stops users who manage to sign-up into cognito being replaced on migration.
If you respond with this (keeping the rest of the original rootObj is convenient but not required then the user will migrated with attributes as specified.
If you throw (or fail to respond with the correct event shape) then the migration lambda fails and the user is told that they couldn't migrated. For example, because they do not exist in your old user database, or they haven't provided the right credentials.

How can be saved login detail in Native Script

When I sign in, my login should be saved, I don't want to enter the userName Password each and every login time.
below my code :
login() {
this.userService.login(this.user)
.subscribe(
(response: any) => {
this.router.navigate(["/dashboard"]);
},
(error) => alert(error)
);
}
userService.ts
return this.http.post(
url,
JSON.stringify({
name: user.email,
password: user.password
}),
{
headers: new HttpHeaders().set('Content-Type', 'application/json'),
responseType: 'text'
}
)
.map((response: any) => {
for (var x in response) {
if (response.hasOwnProperty(x)) {
}
}
console.log("_body: " + response._body);
return response._body;
})
.catch(this.handleErrors)
}
It's good to keep in mind that any keys and values written to the UserDefaults and SharedPreferences, so the native APIs that are used by the application settings module and the getString and setString methods are simply stored on the disk, for anyone with access to the phone to see. This API is not meant for storing sensitive data, and is meant solely for persisting user settings, so 'defaults' and 'preferences'.
If you want a way to securely store email addresses and passwords on the device, take a look at this library: Nativescript-secure-storage. It does a very similar job to the aforementioned APIs but everything is encrypted so people can't just read the contents from the disk.
NativeScript has exposed the application-settings module. The Application Settings module is used to store strings, booleans, and numbers in a built-in key/value store. Uses SharedPreferences on Android and NSUserDefaults on iOS.
So for example, you could store the login information and use it to check if the user has already been logged in (just as you would do in native Android & iOS projects) - demo POC here
Just like #Nick suggested, you can use application-settings module to store your access token that you can use for underground check later when the user returns.
After successful initial login attempt, get your JWT token from the login process ( or whatever authentication mode you chosse ) and to store it for re-authentication later or just check if the key/[value] is set previously and can be used for simple offline login as well.
use JWT, also you can use offline data.
look at this link for example:
https://medium.com/#njwest/building-a-react-native-jwt-client-api-requests-and-asyncstorage-d1a20ab60cf4
you can use local storage.
You may have
<TextField hint="{{ 'user_name' | L }}" autocorrect="false" required autocapitalizationType="none" [(ngModel)]="model.email"
#emailModel="ngModel" name="email" keyboardType="email"></TextField>
While logging in the component, save it in localstorage
localStorage.setString("username", this.model.email);
in ngOnInit(), you can fetch it back
localStorage.getString("username");

Braintree, How do I delete a users credit card with the nonce from the client?

Server side there is a function to delete a payment method (result = Braintree::PaymentMethod.delete("the_token")) but it takes a payment method token. How do I get the payment methods token with the nonce from the client?
edit: I'm not using the drop in UI. I have a custom list of credit cards the user has (using the Javascript v3 SDK). I want to have a button to delete cards. The JS SDK dosnt give the credit cards token, just a nonce. What is the process for turning the data available to the client into something I can use to delete the card on the server?
edit2: The list of credit cards on the clent side uses the VaultManager from the JavaScript v3 SDK. It returns a fetchPaymentMethodsPayload.
This is the client side code:
_loadPaymentMethods() {
this.paymentService.getBraintreeToken().then( token => {
this.braintreeClient.create({
authorization: token
}, (clientErr, clientInstance) => {
if (clientErr) {
// Handle error in client creation
return;
}
var options = {
client: clientInstance,
};
this.vaultManager.create(options, (err, vaultInstance) => {
if (err) {
console.log(err);
return;
}
vaultInstance.fetchPaymentMethods({ defaultFirst: true }, (err, paymentMethods) => {
paymentMethods.forEach( paymentMethod => {
if(paymentMethod.type == 'CreditCard') {
this.cards.push(paymentMethod);
if(paymentMethod.default) {
this.card = paymentMethod;
}
}
});
});
});
});
});
}
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
If using VaultManager on the client-side to populate your cards, you will not have the functionality to allow a user to delete one of those cards. The reason for this goes back to what you said, that nonces are what's returned on the fetchPaymentMethodsPayload method. VaultManager can populate a nonce that's associated with an already created card, since it's only passing that nonce into a Transaction.sale() call. Since the nonce is populated when the form is rendered, you can not search for that nonce compared to a payment method in the vault, since it will not exist previously and nonces are meant for one time use. This is why nonces aren't passed into PaymentMethod.find() calls.
To accomplish your task you would need to build out custom logic that mimics what Vault Manager does; however, would need to returns the tokens. One way would be as mentioned in my comment: by finding the customer object and grabbing the customer's payment methods, and then pulling out the tokens associated with those payment methods.
I noticed that when you create a payment method with same creds, it won't get duplicated. So it's kinda like "find or create", you can then use that result to get the token and then do a gateway.payment_method.delete( result.payment_method.token )

Resources