skleung / Community

A rails application to simplify cooking costs among friends.
3 stars 0 forks source link

Venmo Authentication #13

Closed skleung closed 10 years ago

skleung commented 10 years ago

Will need the following validations:

skleung commented 10 years ago

Venmo API:

kacasey8 commented 10 years ago

might be useful https://developer.venmo.com/docs/quickstart#create-an-app

Need to sign in w/ venmo to get access token. I know there is a gem for this but its an extension on devise. We need to decide if we want to force all users to sign in with venmo (instead of devise accounts) or have users sign into venmo right before they make payments and then save the access token in the session ourselves

curl https://api.venmo.com/v1/payments -d access_token=4e4sw1111111111t8an8dektggtcbb45 -d email="someemail@gmail.com" -d amount=5 -d note="Delivery."

skleung commented 10 years ago

I like the second way you proposed. I think it makes the most sense if we're not assuming that everyone has a venmo account. Would it be possible to use their login email as their venmo email when we make the POST request? Or is the access_token necessary for the request to work (aka, could we try to POST before knowing whether this email is actually their venmo email and then prompt them to authenticate if it isn't)

kacasey8 commented 10 years ago

I think its better to get the authentication token first. First off people can use any venmo account they have to MAKE payments. This is useful esp if the email they have on our site is different from their venmo login email. Second it's what if the user sends the post request but refuses to authenticate. It seems fairly easy to make a payment for the user once we have the auth token, and this way we can be sure the payment occurred so that we can mark it in our database.

The flow seems fairly easy:

  1. user clicks pay button
  2. send them to oauth if they don't have a venmo access_token
  3. get venmo access_token back from venmo
  4. make payment through venmo API and log in DB as user + access_token clicks on pay button

I just emailed the venmo compliance people with the details of how we're planning to use venmo, so they will probably give me back a developer token soon