Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stripe Connect webhooks #145

Closed
oduserdnov opened this issue Apr 8, 2019 · 3 comments
Closed

Stripe Connect webhooks #145

oduserdnov opened this issue Apr 8, 2019 · 3 comments

Comments

@oduserdnov
Copy link
Contributor

I think Stripe Connect hooks do not work properly. Here are my observations.

Connect Accounts with type "custom" (created via API) produce events under their own namespace. And general account has restricted access to those ones. Seems slightly reasonable, as far as "those are other people accounts". But they actually are accounts-in-account. Especially when your server receive event account.updated from those accounts with all details but a moment later https://github.com/tansengming/stripe-rails/blob/master/app/models/stripe/event_dispatch.rb#L20 gonna fail with Stripe::InvalidRequestError (No such event: evt_xxx): as per my words above (because of Stripe access restrictions).

I had a chat with Stripe support guys. Seems like it's proper behaviour (from their perspective) but they promise to submit my observations as "feature request" to dev team.

As a workaround general account owner can visit every new account and set their webhooks url to server or use API (i.e. #141) to set it from code. But imo this sounds a bit crazy. Especially when we talk about "custom" accounts, which means by design that only owner of general account has dashboard/API access to those ones.

I see #92 and yours decision to re-fetch event data by id. So this does not work with Stripe Connect hooks (currently). It just spams logs with Stripe::InvalidRequestError. It plays bad role here, just a note.

Please advise [from design perspective] which solution is better here.
For now I can just skip all this as far as that is not critical for me at the moment. As a temporary solution I can try some monkey-patch until Stripe guys do some access changes. But that sounds not so great to me.
@tansengming
Copy link
Owner

I'm sorry to hear that this is causing you problems. I haven't had a chance to setup Stripe Connect yet but it sounds like the problem is fetching events by ID does not work there. FYI we've added webhook signature validation thanks to #125 so you might be able to skip the fetch by ID and use that instead. All you'll need to do is setup the signing secret.

Let me know if that works or if I've misunderstood the problem.

@oduserdnov
Copy link
Contributor Author

oduserdnov commented Apr 15, 2019
edited
Loading

@tansengming, yeah, it will do the trick, thank you. I just couldn't decide what to choose: use signing to avoid extra call or wait till guys from Stripe will take care of the use case. But now I decided it's much easier (and "stable") go with signing than wait for Stripe fix (I think it's inconsistency, they may think about that as a feature). So, thank you.

Feel free to close this one.

@tansengming
Copy link
Owner

that's good to hear! I hope it works out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tansengming @oduserdnov