next-stripe icon indicating copy to clipboard operation
next-stripe copied to clipboard

Published 20 hours ago verified publisher icon ynnoj

Don't allow setting of customer IDs client side

Open thorsten-stripe opened this issue 4 years ago • 3 comments

Setting a customer ID when creating a Checkout session or a portal link requires you to make sure the user is authenticated in a server-side context (e.g. see https://stripe.com/docs/billing/subscriptions/integrating-customer-portal#redirect) image

Examples

You can see an example of doing this here for checkout session and for portal link.

Potential solution

It would be super awesome if the library could automatically retrieve the authenticated customer. That would probably require some integration work with some auth libraries, but damn that would be cool. Wdyt?

thorsten-stripe avatar Jan 29 '21 16:01 thorsten-stripe

cc @balazsorban44 in case you have ideas of how we could pair this with next-auth for example.

thorsten-stripe avatar Jan 29 '21 16:01 thorsten-stripe

I'll need to think about this, thanks for the mention! 🙂 Currently busy getting a stable release out for next-auth (aiming for Monday... 🤫)

balazsorban44 avatar Jan 29 '21 21:01 balazsorban44

My initial idea was to implement a providers pattern (similar to next-auth) to tightly integrate with Jamstack auth providers like Firebase, Supabase, etc.

We can then wrap the functions that require server side customer validation with with middleware to lookup Stripe customer data.

ynnoj avatar Jan 31 '21 20:01 ynnoj