Auth0 Home Blog Docs

Please help to understand process


#1

Hello,
I am trying to understand the correct way to accomplish this, I have a Django web site that subscription customers will login to daily to update information. I am using Stripe to have these customers sign up for service so after the customer of my site has completed the subscription transaction they are redirected back to my site and need to be logged in to gain access.
How do I limit the scope of who is allowed to login to only individuals who have gone through the Stripe process first? I have created the initial default application as a new Auth0 user and the current authorization is through the database.

I am thinking that the user who goes through the Stripe process will have a customer, or client id, do I associate this with a rule in Auth0 to only allow login if this Stripe client id is present? I apologize in advance but I really am quite clueless on getting this to function, and any help would be appreciated.


#3

@chucklapress I don’t know about stripe, but your initial thoughts are accurate in my mind. Using a rule you can make many authorization decisions preventing a user from accessing a client. Assuming you have the appropriate data on your end (either in the auth0 profile, stripe, or your database) to make the decision you can simply verify the authenticating or authorizing user has the necessary state. If the user does not you can return callback(new UnauthorizedError('some error')); which will send the user back to the client’s callback URI with an error.


#5

Shawn,
Thanks for the reply back, I am glad you confirmed my thoughts are accurate, The problem I am having is in implementing this theory, what would the Javascript rule look like that would need to be attached so that the user must have initiated my application through Stripe first


#6

It would all depend on how your user profile looks like as a result of the signup process. Could you elaborate more on how is the signup flow happening, and how the user ends up being stored in Auth0 as a result?


#7

Thanks for replying back, the flow operates like this the user is asked to signup and is redirected to a form which handles the Stripe subscription transaction, they would once successfully completing this transaction be redirected to either (current configuration) signup page that stores a user (username:password) into the database or ideally be redirected to a login page similar to the example app where the are using a username and password to register . The objective is to prevent login creation without first using the Stripe subscription signup. My primary question is Stripe creates an id with a transaction how do I carry this id with the customer on the redirect and maintain it in the creation of the Auth0 login.


#8

Just a little further clarification the user once finished with the Auth0 login process has basic user status, the hope is that the User is not registering with Auth0 login without performing the subscription transaction.