I am trying to add a new flow for updating Stripe to create a new customer profile after a user has successfully signed up. After the customer profile has been created with Stripe, it will add the customer id to the app metadata of the user. I added the following flow to the onExecutePostLogin step:
However, whenever I tried to retrieve the metadata using the management api in my SPA Angular application, this block of code is being executed again. It seems like it’s not able to distinguish first time log in with token retrieve I believe? and it’s causing the same customer profile to be created once again in Stripe.
Is there any way to add more check to make sure that this block of code is only executing right after sign up, and not any other time?
That’s super curious it’s being executed again, as it should only be run when there is a login event and in this case only on the first event Are you able to see 2 separate login events in your dashboard logs (monitoring → logs)?
Could you move this to a pre user registration action instead? It might be a good use case for it.
Could you move this to a pre user registration action instead? It might be a good use case for it.
For putting it in pre user registration, what if the user’s registration wasn’t successful and the email provided wasn’t valid? Then in this case the Stripe customer creation wouldn’t make sense in the pre user registration right?
Post-Login Actions do occur for silent authentication requests.
A reliable solution would be to see if stripe_customer_id already exists in the user app_metadata object, and skip the action for the user if it does.
However, if you need to rely on first logins only in the Post-Login Action flow instead, something like below might help
// check if user has more than one login, or if this is a refresh token rotation, or a silent auth request
const not_first_login = event.stats.logins_count > 1 ||
event.transaction?.protocol === 'oauth2-refresh-token' ||
event.request.query?.prompt === 'none';
if (not_first_login) {
console.log(`Skipping event for user ${event.user.user_id}`);
return;
}
This will skip the action for the user if the user’s login_count is greater than one, or if the Post-Login Action was triggered by refresh token rotations & silent authentication requests.