stripe-firebase-extensions
stripe-firebase-extensions copied to clipboard
invertase
Deleting firebase customer object doesn't remove stripeRole from claims
Bug report
- Extension name: firestore-stripe-payments
Describe the bug
Deleting firebase customer object doesn't remove stripeRole from claims. I can see from the source that it immediately cancels subscriptions stored in firestore, but the code to null the stripeRole claim is not invoked... If the user allready has a role granted from a subscription it will never be revoked, as the stripe account and customer object is removed...
To Reproduce
Configure extension not to sync customers on sign-up, and to auto delete customers in stripe. Subscribe to a plan where stripeRole is configured, then delete customer object/document from firestore.
Expected behavior
stripeRole claim set to null when customer object deleted. (webhook tries to do this now based on the cancel subscription event, but fails since the customer object is removed)
Screenshots
From functions log in firebase: [Error]: Webhook handler for Stripe event [evt_1L0BXGKejilFgetUy6lmCqi5] of type [customer.subscription.deleted] failed: User not found!
System information
- OS: [e.g. macOS, Windows]
- Browser (if applies) [e.g. Chrome, Safari]
Additional context
I came across this problem when trying to subscribe to a plan with a different currency from a previous subscription, and found out they needed a new stripe account. Not sure why that would be necessary, but likely not a big problem in real life anyway... I also like to let customers cleanup their data, and the autodelete works fine for that, by allowing both read and delete on the customer object.
To do this in a secure way now without directly talking to the stripe api, I end up with my own cleanup function using firebase functions.
