[HCoop-Discuss] Password Resets With Stripe?
Clinton Ebadi
clinton at unknownlamer.org
Sat Mar 22 14:37:14 EDT 2014
Greetings,
To reset passwords, we try to require members make a small payment using
the checkout or paypal account listed with the portal. Stripe,
unfortunately, is a bit looser with its notion of an account for
customers, and they really only amount to an email address.
So: the question is how we support Stripe for password resets...
There's a complicated way involving Stripe Customer instances and other
things I'd like to avoid for the moment.
A simpler way that I'm not entirely sure of... Stripe provides a
unique fingerprint of every card used to pay us. We could:
* Store the fingerprint along with the stripe_payment, allowing a reset
using any card ever used to pay for that member.
or
* Store the last used fingerprint for each member, requiring password
resets to use the last used card.
or
* ???
For the time being, I am going to punt on non-Paypal password
resets. I'd really like to hear some ideas -- I don't want to march
forward blindly into accidentally weaking identity verification.
If we figure this out, password resets via Stripe should be much nicer
than Paypal/Checkout. The passgen id# can be displayed and then added to
the Stripe transaction programatically, and we can trivially charge and
then refund a small payment ($1? $5?) after verifying the card. This
would leave us with only one manual step (actually resetting the
password).
--
Jessie: i thought your beard took the oxygen from the air and made it
breathable for you
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 229 bytes
Desc: not available
Url : http://lists.hcoop.net/pipermail/hcoop-discuss/attachments/20140322/845a7b92/attachment.pgp
More information about the HCoop-Discuss
mailing list