wp-calypso icon indicating copy to clipboard operation
wp-calypso copied to clipboard
verified publisher icon Automattic

Marketplace: Product Licensing - Create database tables for mapping vendor to a wpcom user

Open gavande1 opened this issue 3 years ago • 12 comments

Summary

~~We need to create database table for storing basic information related to 3PD's and their API/Secret keys in WPCOM.~~

We decided to move on with an OAuth approach https://github.com/Automattic/wp-calypso/issues/65346#issuecomment-1209006731

Related to pdh6GB-1dL-p2#comment-1951

gavande1 avatar Jul 07 '22 11:07 gavande1

There is already a store_vendors table in WPCOM which I think we can update.

cpapazoglou avatar Jul 13 '22 07:07 cpapazoglou

I agree! We should just add needed fields in store_vendors table.

gavande1 avatar Jul 13 '22 10:07 gavande1

Similar request pMz3w-eDW-p2

cpapazoglou avatar Jul 21 '22 13:07 cpapazoglou

After discussing using OAUTH for vendor authentication pdt2If-ia-p2, we would still need a way to identify to which vendor the token belongs to. If I am not mistaken the auth token belongs to a WPCOM user.

@obenland , @gavande1 should we create a new table store_vendor_wcpom_user that links a store_vendor to a wpcom user? That way we can authorise the vendor getting subscription information for their products only.

cpapazoglou avatar Aug 09 '22 07:08 cpapazoglou

Yes. we need a new table store_vendor_wcpom_user to map wpcom users with product vendors. This just needs to be a pivot table. Only containing store_vendor_id and wpcom_user_id.

gavande1 avatar Aug 09 '22 08:08 gavande1

Created SQL: 2d1c7-pb/#sql

gavande1 avatar Aug 09 '22 10:08 gavande1

What happened to extending the store_vendors table?

obenland avatar Aug 09 '22 18:08 obenland

I added the above comment with the assumption that one vendor can have multiple OAuth clients or we will eventually allow them to have more than one client ID and secret token. My understanding says (in the future) that we will allow vendors to create/manage API keys from the vendor dashboard. Hence, the pivot table.

If my assumption is wrong here and we will allow only one API key per vendor then It makes sense to just add wpcom_user_id to the store_vendors table.

What are your thoughts @cpapazoglou?

gavande1 avatar Aug 10 '22 06:08 gavande1

Even if vendors created different OAuth clients, wouldn't these be connected with the same WordPress.com user? I think we can drop my suggestion for a store_vendor_wcpom_user table and move on with a wpcom_user_id to the store_vendors table. If this proves not enough in the future we can always migrate the data to a new store_vendor_wcpom_user table and use it.

cpapazoglou avatar Aug 10 '22 07:08 cpapazoglou

wouldn't these be connected with the same WordPress.com user?

Depends. My understanding is that vendors will have different roles and users. WCCOM has different user roles like Vendor Admin and Shop Manager. It means that one vendor can have multiple users. This implies that the client can belong to any user.

However, we can make sure the OAuth client is always created with the primary WPCOM user ID for each vendor. So that we can link all tokens to one vendor hence one WPCOM user.

gavande1 avatar Aug 10 '22 08:08 gavande1

Depends. My understanding is that vendors will have different roles and users. WCCOM has different user roles like Vendor Admin and Shop Manager. It means that one vendor can have multiple users. This implies that the client can belong to any user.

That's accurate CleanShot 2022-08-10 at 12 43 10@2x

So creating a pivot table seems easier than making sure the OAuth client is created with the primary user.

cpapazoglou avatar Aug 10 '22 09:08 cpapazoglou

Related systems request pMz3w-fIh-p2

cpapazoglou avatar Aug 10 '22 10:08 cpapazoglou