We are new to Auth0 and we are exploring ways to use it in conjunction with Stripe as a payment platform.
So far, our research shows that we must use Stripe as our identity provider Connect Apps to Generic OAuth2 Authorization Servers.
This approach causes problems for us as we’re implementing a multi-tenant model for our application.
Our preferred approach is to use Auth0 to manage all user account authentication, while using Stripe as a payment platform, not an identity provider.
Is there a way to create a Stripe customer/subscription automatically and return the account details from Stripe to Auth0 and store it in app_metadata? We are using JavaScript (Node.js).
We won’t be storing sensitive payment information to Auth0, just enough information to link an Auth0 user to Stripe customer.
It seems in your scenario you just need to know for every user in Auth0 (no matter how they authenticated) what’s the associated payment/subscription information. In this case having a custom OAuth connection for Stripe does not seem applicable as, in general, that would be useful only if you were interested in letting end-users authenticate to your client applications using a Stripe identity (much in the same way they could use a Google identity if you enabled the Google social connection).
As you mentioned, you should not store sensitive payment information as part of the Auth0 user profile. However, it should be fine to store an internal subscription identifier or something similar that would allow you to associate the Auth0 user identity to your notion of payment information. Again, as you said, you can achieve this by storing the identifier as part of the user app_metadata. The exact method through which to create the Stripe customer would be up to you, it could be done from your own back-end after user authentication and selection of a plan/subscription and then you would just update the Auth0 user metadata through the Management API or you could consider creating the Stripe customer from a rule that would have conditional logic to only create this information at first login.
By internal subscription identifier, do you mean the Stripe customer id?
I would probably opt for using a Rule given the constraints of my project. If you have an insight into how that would work, I’d love to see an example. Even if it’s just something similar.
I had to solve this problem and came up with this solution. It is a simple Auth0 rule that will create a Stripe Customer, add it to the app_metadata of a user, and then return it in the OpenId token returned to your application.