Phone based OTP depends on high reliability of source Phone People Against Passwords #ask-a-descoper

Phone based OTP depends on high reliability of sou...

thousands-alarm-31103

06/12/2023, 7:35 PM

Phone based OTP depends on high reliability of source Phone number and if phone number changes we need a path to look up the user that is stable

breezy-evening-56597

06/12/2023, 7:46 PM

Yes. You can do that. NodeJS SDK supports the `searchAl`l command, with `customAttributes`:

Copy code

searchAll: (tenantIds?: string[], roles?: string[], limit?: number, page?: number, testUsersOnly?: boolean, withTestUser?: boolean, customAttributes?: Record<string, AttributesTypes>) => Promise<SdkResponse<_descope_core_js_sdk.UserResponse[]>>;

breezy-evening-56597

06/12/2023, 7:47 PM

(we will also add this to the docs)

thousands-alarm-31103

06/12/2023, 7:47 PM

Could we also chose to use the stripe customer ID for the loginID and still have them OTP with the phone?

thousands-alarm-31103

06/12/2023, 7:49 PM

We need a reliable way to handle updates to user attributes that have a reliable id that is unique and stable that matches the source system on for the customer records

breezy-evening-56597

06/12/2023, 8:41 PM

Think it's a valid use case, but don't think we can do that today. we'll check and open a feature request is relevant.

salmon-night-88354

06/12/2023, 8:49 PM

@thousands-alarm-31103 could you get the stripe user ID and store as a custom attribute during the user's login flow? Then store it on the user? 1. Connect to stripe's api 2. Then get the user ID during the flow 3. Store to a custom attribute on the user for later use

thousands-alarm-31103

06/12/2023, 8:49 PM

It doesn’t support it no. We are also using the flows not the sdk, can we make a rest call for that search>

thousands-alarm-31103

06/12/2023, 8:50 PM

We could yes, that is what we are seeking to do

salmon-night-88354

06/12/2023, 8:50 PM

We have the ability to do this with connectors.

thousands-alarm-31103

06/12/2023, 8:50 PM

Right now we have a listener set up for events coming from stripe

thousands-alarm-31103

06/12/2023, 8:52 PM

Say more about connectors please?

salmon-night-88354

06/12/2023, 8:52 PM

I'm actively working on documenting this, but... Configure a connector to stripe https://app.descope.com/connectors Add a 3rd party connector item within your flow to get the user ID after the user is authenticated Then get the userID with that action. Then call the update user action to store the userID on the custom attribute. You can create the stripeUserId attribute from the users page as well.

salmon-night-88354

06/12/2023, 8:52 PM

Let me know if this makes sense.

salmon-night-88354

06/12/2023, 8:53 PM

But for

Could we also chose to use the stripe customer ID for the loginID and still have them OTP with the phone?

we're opening the FR for this, which would store stripe's user ID under the user's loginIDs, similar to how it's referenced in this article. https://docs.descope.com/knowledgebase/descopeflows/multipleloginid/multipleloginid/

thousands-alarm-31103

06/12/2023, 8:54 PM

^^ yes This is what I was looking at and then went and tested to see what it would do if I created a user with the stripe customer ID

salmon-night-88354

06/12/2023, 8:55 PM

Yea. For now, I think storing it as a custom attribute may be the best bet while we work on the FR.

thousands-alarm-31103

06/12/2023, 9:09 PM

Is there an api call we can make? We are not using the SDK, rather the flows in a web app

salmon-night-88354

06/12/2023, 9:35 PM

To ensure I understand right, an API call to get the user ID from Stripe and store it? Or to search based on the custom attribute after storing it? • For this, you can use the search users and add an additional

customAttributes

to the payload and populate it with the custom attribute you are searching for as an object. I will get docs updated for this this week. • http://localhost:3000/api/openapi/usermanagement/operation/SearchUsers/ Also, @dazzling-oyster-96577 may be able to help you set up connectors as well.

thousands-alarm-31103

06/12/2023, 9:41 PM

Not exactly. We can get the user ID from stripe when the create event posts to descope

thousands-alarm-31103

06/12/2023, 9:41 PM

We would want to store that on the user as custom attribute in descope. If the customer record gets updated we want to use the customer attribute (stripe cust ID) to look up the user and update attributes

thousands-alarm-31103

06/12/2023, 9:43 PM

So when an update comes in, we will the stripe customer ID with the update, so we need to match that id so that we can update the changed attributes

thousands-alarm-31103

06/12/2023, 9:44 PM

usermanagement/operation/SearchUsers/customAttributes?

salmon-night-88354

06/12/2023, 9:46 PM

You can create users with custom attributes.

<https://docs.descope.com/api/openapi/usermanagement/operation/CreateUser/>

You can update custom attributes:

<https://docs.descope.com/api/openapi/usermanagement/operation/UpdateUserCustomAttribute/>

Then you can search based on custom attributes

<https://docs.descope.com/api/openapi/usermanagement/operation/SearchUsers/>

Like:

Copy code

curl -i -X POST \
  <https://api.descope.com/v1/mgmt/user/search> \
  -H 'Authorization: Bearer P2IBjb4s39ubA2tzOW75LfgbGRpR:<ManagementKey>' \
  -H 'Content-Type: application/json' \
  -d '{
    "tenantIds": [
      "string"
    ],
    "roleNames": [
      "string"
    ],
    "limit": 0,
    "text": "string",
    "page": 0,
    "loginId": "string",
    "ssoOnly": false,
    "customAttributes": {
       "attributeKey": "string",
       "attributeValue": "string"
    },
  }'

Open in Slack

Previous Next