Closed MikeRogers0 closed 6 years ago
We used to have special handling for account.application.deauthorized
prior to v2.0.0, because Stripe::Event.retrieve
no longer had access to the account (i.e. the API Key is no longer valid once the event arrives).
You shouldn't need to "retrieve" any events in your event_filter
in v2.0.0. The events are already verified and validated from the StripeSignature
header. i.e. We don't make any requests that could even throw an API key exception anymore.
In other words, are you still having trouble with this event if you avoid an event_filter
override?
Because this sounds like a Connect application that you're managing, you just need to specify the signing secret for your Connect webhook. If you need to verify both your Connect webhook and your main Account webhook, you can configure stripe_event to try multiple signing secrets:
https://github.com/integrallis/stripe_event#support-for-multiple-signing-secrets
Oh my mistake completely, I misinterpreted what the event
argument was (I didn't realise it was a Stripe::Event that had been verified already 🙄).
Thank you for your help! Am I ok to close this issue?
When upgrading to 2.0.0, I ran into an unauthorised API key exception when testing the
account.application.deauthorized
event.In the README.md configuration I think the connect example should include how to handle the 'account.application.deauthorized' event. For example:
What do you think? Or is there a better way to handle this event type?