- 🇺🇸United States TomTech
This has been implemented. in the 8.x-1.x version.
There are no plans to backport this functionality.
Stripe Connect users should support a webhook on the site that can listen for events sent by Stripe. For example, you might listen for the account.application.deauthorized event dispatched when a connected account's access is being revoked at Stripe itself and delete the local configuration when we detect it.
This will require a path (/stripe-connect/webhooks) that we can implement a generic handler for that dispatches incoming events to be processed based on the type of event. This path should be reachable even in maintenance mode. Direct browser access to the /stripe-connect/* path should results in a 404.
Additionally, webhook processing needs to implement signature checking as described in https://stripe.com/docs/webhooks/signatures. (All of the best practices here should be implemented, including acknowledging receipt, preventing replays, and logging locally that an event was processed.) To support signature checking, we need to add a configuration option on the Stripe Platform config (defined in #2957472: Create a site-wide Stripe platform configuration form → ) where the administrator can input their webhook’s signing secret.
Note: this is not in scope for Commerce Guys' current requirements, because our use case involves multiple sites all connecting to the same platform; we would not have a central point for receiving events. cf. #2958908: Log an error message when a site attempts a transaction with a disconnected account →
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
This has been implemented. in the 8.x-1.x version.
There are no plans to backport this functionality.