I just played with Customer Account Data API yesterday so I am a completely newbie to this platform.
I have tried to google and search for description of Banking Userid but I didn't succeed. For a real Banking Userid, what is it? Let's say I have a checking account at CIBC. Is the "Banking Userid" the account number? Card number? And the password as well. Is the password required in discorverAndAddAccount() the password of the card? or the password when we do online banking?
If you were to login to their web interface, what do they ask for. This would be what you would enter.
Related
Currently I am capturing the users email and phone when they sign up. Once they are signed up, they log in with their email and password. I would like to change this so they login with their phone and password instead of their email address. What update do I need to make in my custom policies to achieve this?
There is GitHub sample Where you can login users solely on Phone Number and MFA via SMS or Phone Call. This approach is passwordless. Hope this will helps your query
I’m looking at building a solution that allows for users to have an account with my website that is linked somehow to their corresponding stripe customer account. The way I am currently doing this is by using an external database server which holds customer account info such as email, password and stripe customer id. The stripe customer id is used to look up stored credit cards and billing info for the user. The problem I have with this current implementation is that the only reason why I am using an external database for this is to store a password securely (hashed of course) and this seems a little unnecessary.
Another thought I did have was to take advantage of the metadata property of the stripe customer object to store the hashed password. This way all customers live in stripe and that’s it. Is there any issues with doing it this way?
Sounds plausible. Did you try it out?
Context
Sign-up form and one of the fields is Instagram account
When the user will finish sing up, there's a link to the person's Insta account
(No integrations)
Goal
I want to make sure the user can only sign up with his own Instagram,
much like e-mail verification
My thoughts
I took a look at the Instagram API documentation and didn't find an option for it. Any thoughts about how to do that?
There would be an option to use the Insta auth basic, allow the user to sign-up via Instagram. Although this seems to be a proper overkill and it's getting deprecated anyways.
I am using Stripe for payment for the first time. While clicking on Pay button when we enter email, card number, date and cvc, I get an error message which asks me to activate my account. I learned that it takes all this information and returns a token which we can save in the database. How do I get a token in return?
thanks for thinking of using Stripe! I work on Support there and can help.
If you're getting that error message about activating your account, it's probably because you're using live keys but don't have a live, active account yet. If you email into Stripe support using the email address associated with your Stripe account, I could look into this for you further (e.g., looking at your logs and status).
As for the token, the token is a short-term representation of the customer's credit card information. You wouldn't need to store the token in your database. You should instead use it to process a charge, or create a customer, and then ignore it (because, at that point, the token will have been consumed).
For more, see this page in our docs:
https://stripe.com/docs/tutorials/charges
Cheers,
Larry
I am currently developing a c# web application that allows users to login with a password. A feature that I need to include is a forgot password function.
What is the recommended process for forgot password?
I was considering this:
User clicks forgot password, enter email address
Email sent
Click on link in email (link only valid once and within time period)
Taken to the site and asked to enter new password (should they also give answer to security question?)
Password changed, email sent to user of such
User now can log in with new password
Your idea looks solid, but I would add some other considerations:
Be sure that the token you are generating in the email using is using a the .Net Framework crypto classes designed for randomization, not something that seems random but is not designed for that purpose.
Take no action on the account from the sending of the reset email (otherwise people will be able to lock other people's accounts if they know their email)
Add a rate limiter on how many resets per hour can be generated for a given email. Otherwise somebody could DOS a user by: (a) using x bad passwords to lock the account and then (b) generating reset emails for them faster than the email system can deliver.
Where possible defer to other systems such as OpenID. It's easy to get things wrong when you roll your own.
We have two ways to retrieve the forgot password:
1. Through registered email id
2. Through registered mobile number
Registered Email id:
a. Ask the user to provide the registered email id
b. The system checks the provided email id is available in the DB or not
c. If Email ID is there in the DB then system send the Email to reset the password but if Email id is not there in the DB then system show the alert messaged.
d. The user must provide strong password while resetting the forgot password.
e. Password reset successfully and is also change in the DB with respect to the Email ID.
Registered Mobile number:
The process is almost same as the email but in this case, OTP will be sent over the registered mobile number.
We need to integrate the 3rd part SDK for this or we can use the imessage in IOS.