Reputation: 7004
Passing parameters to the server (oAuth callback in Stripe Connect)
I am setting up Stripe Connect as explained here (Standalone Account). I handle the authorization and the retrieval of the access_token on my node server.
The user can visit the link MY_SERVER_URI/authorize and will be redirected to a pre-defined stripe AUTHORIZE_URI:
app.get("/authorize", function(req, res) {
// Redirect to Stripe /oauth/authorize endpoint
res.redirect(AUTHORIZE_URI + "?" + qs.stringify({
response_type: "code",
scope: "read_write",
client_id: CLIENT_ID
}));
});
After the user authorizes Stripe Connect, he or she will be redirected to a pre-defined REDIRECT_URI, which in this case equals to MY_SERVER_URI/oauth/callback, where the following script is executed:
app.get("/oauth/callback", function(req, res) {
var code = req.query.code;
// Make /oauth/token endpoint POST request
request.post({
url: TOKEN_URI,
form: {
grant_type: "authorization_code",
client_id: CLIENT_ID,
code: code,
client_secret: API_KEY
}
}, function(err, r, body) {
var accessToken = JSON.parse(body).access_token;
// Do something with your accessToken
// For demo"s sake, output in response:
res.send({ "Your Token": accessToken });
});
});
Now everything here works fine and the application is able to get the accessToken. However, this accessToken needs to be saved and matched with the user who is granting the access from the client side.
My question therefore boils down to, how can I either pass a client-side parameter (like the client-side userId) in the oauth/callback GET request, or process the server handling on the client side (e.g. a $http GET request instead of visiting the uri)? I guess that the later is not the recommended option.
I made two attempts:
- I tried to pass a parameter using a dynamic
REDIRECT_URI, but the problem is that Stripe requires that alle urls need to be specified first (resulting that no parameters can be passed in the redirect url). - I tried to access the
MY_STRIPE_URI/authorizewith a$httpGETrequest, but this gave me the obvious error No 'Access-Control-Allow-Origin' header is present on the requested resource
What can be done?
Upvotes: 1
Views: 2999
Answers (2)
Reputation: 111
You have to pass your user id as "state" parameter and Stripe will return it on the callback. The only way I found to avoid session
Upvotes: 11
Reputation: 15488
Generally your scenario is as follows:
- Make request to some route on your server and store the user's id there:
req.session.user = {id: '...'} - From that route redirect the user to the third party authorization URL
- In the route where you receive the access token, store it in the session as well:
req.session.user.access_token = '...' - Use that access token for subsequent requests to the Stripe's API
Note:
- Don't try to hack the
authorization_codeOAuth flow - You may find Grant easier to use for that type of OAuth flow, Stripe is supported
- Relevant comment
Upvotes: 1
Related Questions
- terms of service stripe connect
- Send extra parameters in stripe checkout
- Stripe API Pass Dynamic Data
- Stripe Node JS integration no error callback
- How to send data to Stripe nodejs express backend
- Stripe Connect Charge - Must authenticate as a connected account to be able to use customer parameter
- Stripe with angularJS integration
- Stripe Checkout - How to pass a value to merchant's server code?
- what am I missing? node.js stripe connect integration
- How do I pass a stripe token from angularjs to nodejs or fix error nodejs post?