Braintree Integration: Payment Method Token and Deletion - braintree

How to retrieve the saved (vaulted) payment methods for a Customer on the mobile app?
Currently I am using BTAPIClient::fetchPaymentMethodNonces() method in the Braintree iOS API for this.
When a user selects a payment method to delete, the mobile app will send the selected 'payment method nonce' to the webserver to delete it.
There is no API on the webserver to delete the payment method using the nonce. There is a Delete Payment Method API using Token, but I am wondering how will the webserver identify which Token to use, as the mobile app only sends the nonce.
Finally, why do we need to save the Payment Method Token on the webserver?
If the mobile app uses only the nonce for communication with the webserver, why do we even need a Token?

Related

Is it possible to trigger a custom action on new user with Keycloak?

I have a well working Keycloak and a MailChimp account to link. Users should be added with their email to the MailChimp account, once they're added to the Keycloak. What should I do?
I'm using spring boot and token-exchange in the backend to create user accounts, and send back token responses. I wanted to do verification in the backend, but it won't work as expected, as the Keycloak would be joined to another app, which isn't using my backend.
Any Ideas?
Implement Event SPI (your own code - see example), listen to/acquire the event of interest to you and execute your custom "action".

How to replace people.me from Google+ with Google People/Google Sign In api?

I had a "sign in with Google+" function in my web-app. Upon signing in I would show user's email and name on the page and save it to database. To fetch user's profile data after sign in I used Google+ API method people.me with access_token in GET params.
Google+ API is going to shut down on March 7. I have to migrate to Google People or some other api. How do I achieve the same goal with a different google API? I need to fetch email and name by known auth token.
We use this through Laravel's Socialite, and they're replacing it with:
https://www.googleapis.com/userinfo/v2/me
You may want the profile scope as part of the OAuth flow to make the profile data accessible through this methods. Otherwise it will return incomplete data.

Get list of applications in OKTA using Jquery

Hi is there a way to get users applications list in OKTA via jquery? Right now we are using Okta Iframe on our page, problem is that the okta content cannot be changed.
The operation that lists users assigned to an application is part of the Apps API, which requires an API token. For security reasons, you can't call it from jQuery code.
If you have a backend or API component to your application, you can use that to call this API securely and then pass the results to your frontend.

Add Domain access to Square API

I need my customers to pay for their accounts on their own website. Using only the API how do I add access to any domain of my choice to pay using my payment form? I already have everything setup where their user and card are setup on Square's accounts though I'm having issues with the form working on their website domain names.
When submitting the form the part that requests the nonce encounters the following:
Invalid postMessage origin: "https://www.example.com"

confused on usage/difference of SSO/OAUTH/SOCIAL LOGIN

I have an app idea and need to implement authentication. Because of the nature of my app, I only want linkedin users to be able to access my app.
After reading a bit about spring oauth / spring social / etc, it seems its definitely possible to use something like Linkedin to access MY app. I want a user to see linkedins login button on the first view of my app, create my own version of this user in my app, and then allow the user to use my app.
After my findings I have found the generic flow
*user authenticates via social login button
*client app redirects user to service provider to receive a token
*client uses token and makes another request to service provider to receive auth token
*now my client app can make calls to service provider with auth token of user(this is the part where I am a bit confused)
*I want to use this token to validate calls against MY api NOT linkedins(is this wrong)
I don't really care to make calls to Linkedin on behalf of the user(except to pull user information). I ONLY want linkedin auth so that I know that users who use my auth are valid linkedin users. I thought something similar to Tinder where you MUST have a facebook account, I want to copy that design but couldn't find any hints from google. It seems the examples I find online all use the social login to ultimately use the service providers API.
I also read some stuff about SSO which sounds like what I want, but I definitely plan to add at least 1 more social login down the road. My clients will use a browser or mobile app.
I guess the main question here is once I authenticate a user using social login, am I supposed to use his existing connection to make calls to my API or create a new connection somehow. My goal is when a user does a social login, he now can access MY app, I want to reuse their existing connection without authenticating them into mine(only store their info). I want to follow best practices.

Resources