force_login OAuth parameter

[Matt Goldman]

I spoke with support a while back about adding a force_login OAuth parameter to the current flow.

This is to simplify customers of Stripe Connect apps connecting multiple Stripe accounts.

Currently we need to detect duplicates and ask them to log out of Stripe in a new window before re-attempting the OAuth flow.

Any updates on this/plans to implement?

Thanks!

Matt

[Vladimir Andrijevik]

On 09.4.2014, at 05:49, Matt Goldman <ma...@smallhq.com> wrote:

> This is to simplify customers of Stripe Connect apps connecting multiple Stripe accounts.
>
> Currently we need to detect duplicates and ask them to log out of Stripe in a new window before re-attempting the OAuth flow.

Hi Matt,

I am curious as to how you expect forcing sign-in on Stripe’s end to help avoid duplicate connections for a Stripe Connect application.

As I understand it, you have user A and user B in your application, and user A is connected to Stripe Account 1. If user B attempts to connect to the same Stripe Account 1 (because they initiate the OAuth flow from your application while signed into Account 1 in Stripe), you want to disallow this.

Is this correct, or am I misunderstanding your use case?

Cheers,
Vlad

[Matt Goldman]

Not quite, my use case is this:

User A is logged into Stripe account X. Account X is connected to my application already. They click the Connect button to add another account, but the oauth window auto-closes since they're already logged into a connected Stripe account. It'd be nice if they could say (in the oauth window) : "not this account...let me connect this other account that I'm not currently logged into"

That make sense?

Currently I need to check after the oauth window closes if the account ID is already connected, and if it is, all I can do is ask them to go logout of stripe and try again. :-/

---
Sent from my iPhone

--
You received this message because you are subscribed to a topic in the Google Groups "Stripe API Discussion" group.
To post to this group, send email to api-d...@lists.stripe.com.
Visit this group at http://groups.google.com/a/lists.stripe.com/group/api-discuss/.

[Vladimir Andrijevik]

Oh, got it!

That makes sense, though it would feel weird to me if a third party could force Stripe to sign me out of stripe.com, especially before I have given that third party authorization to communicate with Stripe on my behalf.

--
You received this message because you are subscribed to the Google Groups "Stripe API Discussion" group.

To post to this group, send email to api-d...@lists.stripe.com.
Visit this group at http://groups.google.com/a/lists.stripe.com/group/api-discuss/.

To unsubscribe from this group and stop receiving emails from it, send an email to api-discuss...@lists.stripe.com.

[Matt Goldman]

Doesn't necessarily need to force logout. In fact it would be nice if it didn't touch Stripe sessions. 

When I'm logged into my Stripe account I can click the dropdown in the top right and switch to any of my different Stripe accounts. It'd be nice if the OAuth dialog had something similar or at least a confirmation saying "Connect X account to HookFeed?" "Oh, don't want this account? Click here to login to a different one and connect with hookfeed." Or "oh, don't want this account? Choose one of your other accounts to connect: [list]" that *always* shows. 

Currently the dialog shows once and then auto-closes forever after the first connection is made. Which is fine for logging in with stripe. But in the case of connecting multiple accounts, it's a jarring experience without any user feedback. 

If this isn't totally clear, I can hop on Skype today for 5 minutes and show you the full experience and the inherent problem: email me for my Skype: Matt at smallhq dot com

---
Sent from my iPhone

[Matt Goldman]

The 'force_login' name doesn't really fit for this use case. But that is the standard that other Oauth providers use to show the dialog every time instead of just the first time.

[Vladimir Andrijevik]

Got it, I understand the problem you are describing. I was just thinking out loud about how it would interact with stripe.com sessions.

On Thu, Apr 10, 2014 at 4:20 PM, Matt Goldman <ma...@smallhq.com> wrote:

The 'force_login' name doesn't really fit for this use case. But that is the standard that other Oauth providers use to show the dialog every time instead of just the first time.

[Jason Normore]

Is there a plan to implement this option? We're seeing some support issues due to confusion around this too.

Thanks!

Jason

[Amber Feng]

(Replied on the May 12 status updates thread as well.)

Hey Jason/all,

This is something we're looking into and talking about internally
right now. No concrete timeline yet, but we'll post any updates to
this thread.

Thanks for following up on this!

Amber

[Daniel Almeida]

Any reply to this issue?

[Daniel Almeida]

Is there any update to this? I would like to have multiple stripe accounts connected on my app and I can't because they don't provide oAuth force_login as mentioned.

Is there any other way to do this?

Thanks

[Jonathan Lomas]

Hi Daniel!

Sorry I missed your email on Dec 6 - but thanks for following up!  We don't yet have that functionality but it's still something that's being considered. 

There is an `always_prompt` parameter [0] that, when set to `true`, will cause the user to always be presented with the page that allows you to create the connection - and which has the 'switch user' link in the upper right.  You could, at least for now, make use of that parameter and include a note to the user to check which account they're logged into before clicking the button.  The OAuth page does have a drop-down box for selecting related Stripe accounts, but that will only be useful if they've created all of the accounts in an 'associated' fashion; if they're all created separately, it won't help - so `always_prompt` and a note about 'Switch user' might be the best route for now.

I know that's probably not the answer you wanted, but I do hope it still helped.  Please let me know if you have any more questions or concerns I can address for you.  I'm always happy to help where I can.

Cheers,

Jonathan

[0] https://stripe.com/docs/connect/reference#get-authorize-request

--

You received this message because you are subscribed to the Google Groups "Stripe API Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to api-discuss...@lists.stripe.com.

To post to this group, send email to api-d...@lists.stripe.com.

Visit this group at https://groups.google.com/a/lists.stripe.com/group/api-discuss/.

[Daniel Almeida]

Thank you very much Matt !!
For now I believe this is going to work out pretty good! 

--

Regards,

Daniel De Almeida

Phone: (781) 960-7140

E-mail: danielalmei...@gmail.com 

Skype: danielalmeida.sistemas

On Wed, Dec 14, 2016 at 8:54 PM, 'Jonathan Lomas' via Stripe API Discussion <api-d...@lists.stripe.com> wrote:

Hi Daniel!

Sorry I missed your email on Dec 6 - but thanks for following up!  We don't yet have that functionality but it's still something that's being considered. 

There is an `always_prompt` parameter [0] that, when set to `true`, will cause the user to always be presented with the page that allows you to create the connection - and which has the 'switch user' link in the upper right.  You could, at least for now, make use of that parameter and include a note to the user to check which account they're logged into before clicking the button.  The OAuth page does have a drop-down box for selecting related Stripe accounts, but that will only be useful if they've created all of the accounts in an 'associated' fashion; if they're all created separately, it won't help - so `always_prompt` and a note about 'Switch user' might be the best route for now.

I know that's probably not the answer you wanted, but I do hope it still helped.  Please let me know if you have any more questions or concerns I can address for you.  I'm always happy to help where I can.

Cheers,

Jonathan

[0] https://stripe.com/docs/connect/reference#get-authorize-request

On Wed, Dec 14, 2016 at 4:37 PM Daniel Almeida <danielalmeida.sistemas@gmail.com> wrote:

Is there any update to this? I would like to have multiple stripe accounts connected on my app and I can't because they don't provide oAuth force_login as mentioned.

Is there any other way to do this?

Thanks

On Tuesday, April 8, 2014 at 11:49:41 PM UTC-4, Matt Goldman wrote:

I spoke with support a while back about adding a force_login OAuth parameter to the current flow.

This is to simplify customers of Stripe Connect apps connecting multiple Stripe accounts.

Currently we need to detect duplicates and ask them to log out of Stripe in a new window before re-attempting the OAuth flow.

Any updates on this/plans to implement?

Thanks!

Matt

--
You received this message because you are subscribed to the Google Groups "Stripe API Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to api-discuss+unsubscribe@lists.stripe.com.

To post to this group, send email to api-d...@lists.stripe.com.
Visit this group at https://groups.google.com/a/lists.stripe.com/group/api-discuss/.

--

You received this message because you are subscribed to the Google Groups "Stripe API Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to api-discuss+unsubscribe@lists.stripe.com.