Greetings, To reset passwords, we try to require members make a small payment using the checkout or paypal account listed with the portal. Stripe, unfortunately, is a bit looser with its notion of an account for customers, and they really only amount to an email address.
So: the question is how we support Stripe for password resets...
There's a complicated way involving Stripe Customer instances and other
things I'd like to avoid for the moment.
A simpler way that I'm not entirely sure of... Stripe provides a
unique fingerprint of every card used to pay us. We could:
* Store the fingerprint along with the stripe_payment, allowing a reset
using any card ever used to pay for that member.
or
* Store the last used fingerprint for each member, requiring password
resets to use the last used card.
or
* ???
For the time being, I am going to punt on non-Paypal password
resets. I'd really like to hear some ideas -- I don't want to march
forward blindly into accidentally weaking identity verification.
If we figure this out, password resets via Stripe should be much nicer
than Paypal/Checkout. The passgen id# can be displayed and then added to
the Stripe transaction programatically, and we can trivially charge and
then refund a small payment ($1? $5?) after verifying the card. This
would leave us with only one manual step (actually resetting the
password).
--
Jessie: i thought your beard took the oxygen from the air and made it
breathable for you
pgp4gE0P4IgaT.pgp
Description: PGP signature
_______________________________________________ HCoop-Discuss mailing list [email protected] https://lists.hcoop.net/listinfo/hcoop-discuss
