I am entirely new to making E-commerce website. Already I have built the basic interface and all required features. I am stuck in one thing. Basically I am working on Paypal integration. At the moment, the money comes to my account after checkout since I have setup with my credentials. But in my Website, one can be a publisher too. How do I ensure that the money goes from the customer to the publisher account? As for the admin, since I am the admin so I already configure with necessary credentials. But what about those publishers who sign up in my website? Thanks. Just give me an idea. I am using React.js in my front end.
You can use the official react-paypal-js
When creating the order, specify the recipient payee with an email or merchant id.
A server integration to create the order is not required, but more robust for the usual reasons.
Related
I'm creating the user authentication in a web application, and I want to use Identity Server for resource protection.
The sample code and documentation shows how the user logs into Identity Server after creating an account for it. That is to say, they log in with their own Identity Server account. The quickstart even provides a UI.
But I don't want users of my application to have to log in to Identity Server, an external website. I want them to only have to log in to the web application.
So how to proceed? It just doesn't seem at all clear from the documentation how you're supposed to handle this scenario, which I would have thought would be the most common.
Do I just use a pre-defined API scope and user for token validation, holding for all the website's users? That doesn't seem to be very secure given that any user of the website or anyone with the client name and secret would have a valid token. Not sure what the point is in having the security if it's that easily worked around.
Or do I interact with my Identity Server instance somehow after the user is registered in the web application, and store the new user in a database? I can't find any mention of this in the documentation . It all seems to be very muddled to be honest.
Please could anybody shed light on some of this? What is the "standard" approach here? To have the user sign in to the external Identity Server website? That seems a great way to annoy your users.
If you only have one application and you don't intend to add more applications that needs to share users, then you should look at ASP.NET Core Identity
The whole point with OpenID-Connect/IdentityServer is to delegate the managing and handling of users/passwords (authentication) to a central entity. So individual applications don't need to deal with that complexity. IdentityServer is useful when you have multiple applications or if you have more complex integration needs. It is also perfect if you need to customize it to your own needs. If you don't need the customization part you can also outsource it to someone else like Auth0 that give you an IdentityServer like experience as a service.
I have a client that is using a third party custom membership database for a an online service that currently collects member data and payment information. They recently switched their landing page to Squarespace where non-members can find out more about their service and then they are forwarded over to the database site. My clients would like to use the eCommerce option on the Squarespace website, so my question would be does anyone know of how to integrate payment and membership information to be directed from Stripe or SquareSpace to a third party membership database?
Unfortunately, Squarespace doesn't offer the ability to "call out" to any 3rd party services, server-side.
Having said that, I see three ways to accomplish this.
Use client-side Javascript injected into the Order Confirmation
Page. That means that the server on the receiving end would have
to have CORS support (allowing such a request to come from your
Squarespace site) or it would either have to provide its own API or
support JSONP.
Use some type of service to parse the email that you receive when an order is made. When an order is placed, users of your Squarespace site with admin or store-manager permissions will receive an email. If you have a service that can "watch" for this type of email to come in (or run every X minutes) it is possible to parse the email and then take some kind of action as a result. One drawback here is that Squarespace doesn't allow much customization to emails, so if Squarespace heavily modifies the format of the email, it could break your service. Zapier is a service that might help you accomplish this approach.
Because any activity from your Squarespace "store" will generate activity within your Stripe account, it may be possible to use Stripe's Events/Webhooks service to call out to your database service. I have not attempted this, but it is something that may be possible.
Of course, these all assume that there is an "endpoint" URL associated with your membership database that can receive the data and handle it accordingly.
We are developing an app which our customer would like to install for some of their teams. However, we have not yet listed this app on the App Marketplace and would like to install this application for our client's sub-org without needing to do so. Is there any way to have the admin grant access to our app for only this sub-org?
We checked out domain wide delegation, but it seems to be for the whole domain. The only other method seems to be using OAuth, but this would involve every person individually signing up, and not a one time action by the admin.
Thanks!
As far as I know.... no.
But you definitely could simulate that. For instance make your app completely public, but on the login page check for the IP of the logged customer and then decide if it comes from the right subdomain. If not, send the customer to a "403" page.
Or you might be able to create ONE user, using the same email for the whole organization?
I'm building a web application using CakePHP (which I'm new to). The app is going to require some sort of login where I'm going to use Facebook Connect. I've got a table for storing names, emails etc (for newsletter purposes etc) but not any password.
My question is: do/should I use CakePHP Auth combined with the Facebook Connect plugin (http://www.webtechnick.com/blogs/view/229/CakePHP_Facebook_Plugin_Auth_Facebook_and_more) or should I just use the plugin without any CakePHP auth? What makes the most sense?
I don't think there is a straight answer to this, but I guess it depends on your users. Some people still feel uneasy logging in with their facebook accounts, worrying about what you will do with their valuable facebook data. If you're not worried about that, just use facebook connect, if you are, use both native and facebook connect.
If you choose to use both, you can generate a random password for the facebook connected accounts, which they will never use, since the login with facebook.
Hope this helps.
We are trying to build one simple website using force.com sites.Here User logged into website and need to perform different actions by moving to different VF pages.
We are facing a Problem to maintaine Session of particular user. We need help regarding how to maintaine session for particular user.
Kindly give your help. Please provide any sample code.
Thanks.
You can't ;)
Think about it, you can store usernames/passwords in your data objects and if they allow you to login and maintain a session for that user and use it to walk around apex pages and builtin forms why would you buy a salesforce license? You could operate a 1000 employees rig with just one administrative license and a site URL. For that reason salesforce does not allow you session control, it grants you one when you buy and expense a license.
For sites, you have to purchase either Customer Portal license or volume-based High Volume Customer Portal set and then use those to "promote" a contact into a login user with the above license. Then, when that user logs into site it has its own session.
This document http://wiki.developerforce.com/index.php/Authenticating_Users_on_Force.com_Sites might be of great help.
This tutorial shows you how to authenticate users on Force.com Sites. It provides a description of Customer Portal, which is needed for the authentication, and shows you how to set up such a site and process to allow site visitors to become authenticated users.
The points on customer portal are correct, and you have to pay for these licences. If you build your own auth on Force.com Sites and salesforce.com finds out they'll be very unhappy. That said you can still do it using cookies (http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_sites_cookie.htm) but it's not perfect because it's client-side.
I highly recommend that you steer clear of this approach though. You're better off building your UI layer on another platform (Google App Engine or Heroku) and using web services created on the Force.com platform through that UI.