Adding Bank Account in Stripe.NET for Managed Account - c#

I've searched through the documentation on both the Stripe website and JaymeDavis' GitHub and still cannot manage to figure out if I'm correctly creating a bank account for a managed stripe account. From Stripe's website, it's clear this is what I need...
curl https://api.stripe.com/v1/accounts/acct_1032D82eZvKYlo2C/external_accounts \
-u sk_test_xxxxxxxxxxxxxxxxxxxxxx: \
-d external_account=btok_xxxxxxxxxxxxxxxxxxx
I have the token (btok....) returned from Stipe.js, and I have the account ID used in the curl link for the managed account, as well as the secret key. However, I cannot figure out what the process is to execute this in C#
My guess so far has been:
//Sample code for creating a managed account
StripeAccountService stripeAccountService = new StripeAccountService();
StripeAccountCreateOptions managedAccountCreateOption = new StripeAccountCreateOptions();
managedAccountCreateOption.Managed = true;
managedAccountCreateOption.Country = "US";
StripeRequestOptions connectAccountRequest = new StripeRequestOptions();
connectAccountRequest.ApiKey = ConfigurationManager.AppSettings["StripeApiKey"];
Stripe.StripeAccount response = stripeAccountService.Create(managedAccountCreateOption, connectAccountRequest);
// ADD Bank Account
var myAccount = new StripeAccountUpdateOptions();
myAccount.ExternalBankAccount.TokenId = "SampleToken";
var accountService = new StripeAccountService();
Stripe.StripeAccount bankAccount = accountService.Update(response.Id, myAccount);
The problem I'm having here is with adding the bank account. I want to create the bank account separately so that I can save the last 4 digits of a card/bank account (non-sensitive data) used in payouts in our database. The way above simply adds a single bank account to the managed user, and will not work as I would like to add multiple bank accounts for payouts. Any sample code in adding a bank account to an already existing managed account would help immensely (i.e. create a bank account with the token returned from Stripe.js, then in a separate action add this bank account to the managed user account so that I can grab the last 4 digits of this bank account as well as any additional accounts that are added in this way in the future). Thank you in advance for your help and time!

You can just retrieve a Managed Account instead of creating one, i.e.:
StripeAccount response = accountService.Get(accountId);
From there you can add additional Bank Accounts. The result of that API call is a BankAccount, and you should be able to access the last4 from there.

Related

Concept of Token Program & Associated Token Account Program

I'm trying to send a token [USDT] from one wallet to another. But I think I'm having some trouble understanding the concept of Associated Token Account [ATA]
According to my understanding:
1 - Every wallet account that wants to keep, receive or send tokens, must register in the account for these tokens in the network?
2 - The sending person can register the account of the receiving person
3- Are these concepts correct?
All of the above are done by the following instructions =>
AssociatedTokenAccountProgram.CreateAssociatedTokenAccount
4 - Once the recipient's wallet address is registered, can send the tokens to him via instructions =>
TokenProgram.Transfer
Account ownerAccount = wallet.Account;
PublicKey UsdtAddress = new PublicKey("Es9vMFrzaCERmJfrF4H2FYD4KCoNkY11McCe8BenwNYB");
PublicKey ToAddress = new PublicKey("CDQ3Gya9QermsPzU3cTNW9QPLbMVLbALQ2S8AwbruVJ");
var Transaction = new TransactionBuilder().
SetRecentBlockHash(blockHash.Result.Value.Blockhash).
SetFeePayer(wallet.Account).
AddInstruction(AssociatedTokenAccountProgram.CreateAssociatedTokenAccount(
ownerAccount, // Sender Account [Wallet Owner] ?
UsdtAddress, // Tether Address On-Chain ?
ToAddress)). // The Recipient Wallet Address ?
AddInstruction(TokenProgram.Transfer(
ownerAccount,
ToAddress,
100,
ownerAccount)).
Build(new List<Account> { ownerAccount });
var txReq = await rpcClient.SendTransactionAsync(Transaction);
I'm so sorry for the long wait, but after a lot of attempts, all of them were unsuccessful, I really think I need someone to explain how sending tokens works.
After a long struggle I was able to reach some results, I will leave this comment as a solution to the problem and an understanding of how things work, and if it contains some errors, please do not hesitate to leave an explanation and a correction for this
Let's agree on some concepts first:
1- Wallet account is a normal account, owned by the system Program and called [account owner]
2- The person who owns the private key is known as the authority
3 - Each token has an account on the chain, has its own owner and authority
what is happening now ?
If you want to own some of these tokens for the first time, you must create an account known as Associated Token Account
Associated Token Account: It is simply an account within the network that associates each wallet with a special and unique address of a token!! Is this clear??
Your wallet number => Associated Token Account <= token account number
G1G2G3G4 => A1T2A3T4 <= USDTADDRESS243
Its job is to save and store data for a specific wallet address with a specific token address, such as quantity, balance and many other features that I have not seen yet
The first time you will send these tokens to an account that does not contain [ATA], you will build instructions to create [ATA] for this account, and attach instructions directly to send the tokens with the same transaction, this structure worked for me,
Finally: It is possible to know the Associated Token Account for a wallet simply, because we will need to send the tokens with the Associated Tokens and not the addresses of the main wallets
Here is the code to create a Associated Token Account and send some USDT to the address:
PublicKey UsdtAddress = new PublicKey("Es9vMFrzaCERmJfrF4H2FYD4KCoNkY11McCe8BenwNYB");
//The [ATA] for my public address in the USDT token account = Sender
Account ownerAccount = wallet.Account;
var FromAssociatedTokenAccount=AssociatedTokenAccountProgram.DeriveAssociatedTokenAccount(ownerAccount,UsdtAddress);
//The [ATA] for Receiver public address in the USDT token account = Sender = Receiver
PublicKey ToAddress = new PublicKey("DqiE6PDXPFMMDC2jzoqY45VEqyEzdGd5qauVCQY8s3A7");
var ToAssociatedTokenAccount = AssociatedTokenAccountProgram.DeriveAssociatedTokenAccount(ToAddress, UsdtAddress);
//Note that a ToAssociatedTokenAccount can be defined, with the possibility that it is not registered/created on-Chain
var blockHash = await rpcClient.GetRecentBlockHashAsync();
var Transaction = new TransactionBuilder().
SetRecentBlockHash(blockHash.Result.Value.Blockhash).
SetFeePayer(ownerAccount).
AddInstruction(AssociatedTokenAccountProgram.CreateAssociatedTokenAccount(
ownerAccount,
ToAddress,
UsdtAddress)).
AddInstruction(TokenProgram.Transfer(
FromAssociatedTokenAccount,
ToAssociatedTokenAccount,
1,
ownerAccount)).
Build(new List<Account> { ownerAccount });
var txReq = await rpcClient.SendTransactionAsync(Transaction);
So finally, please bring a cup of coffee and read this article, I think it is good to clarify some concepts about the Solana Blockchain :
https://www.brianfriel.xyz/how-to-create-a-token-on-solana/

AWS Cognito - User pool xxxx does not exist

var client = new AmazonCognitoIdentityProviderClient("MYKEY", "MYSECRET", RegionEndpoint.USEast1);
var request = new AdminGetUserRequest();
request.Username = "USERNAME";
request.UserPoolId = "POOLID";
var user = client.AdminGetUserAsync(request).Result;
The key/secret are authenticating as a user with Administrator Access. For good measure, I've also given it the AmazonCognitoPowerUser policy.
The region endpoint is correct and the same as the one my user pool is in. The user pool Id is correct. The first part of the user pool ID matches the region.
I'm at a loss for where else this could possibly be going wrong. Any ideas?
Update 8/2/19
Manual CLI command:
PM> aws cognito-idp list-user-pools --region us-east-1 --max-results 10
{
"UserPools": []
}
The region is correct, so there must be some issue with permissions. Is there anything I could try tweaking on the pool, or other policies I may need to add to the user?
So, it looks like this is some sort of AWS glitch with the existing IAM user.
Having created a new user with exactly the same permissions, access works as intended both from CLI and the code in the original question.
Actually your configuration can be wrong , you downloaded awsconfiguration.json and it looks like same I know.. but this configuration can be wrong. When you examine the json you will see a field.. "CognitoUserPool": {PoolId, appclient id ..}
You need to open your user pool and create new client or control existing client information. Check your awsconfiguration.json again with this webpage's pool id, appclient id etc. Update your json... it will solve the problem.
I ran into this problem with the AWS CLI and it puzzled me too, but I learned that I needed to provide the profile name in the parameter list to get it to work. So it looked like this:
aws cognito-idp admin-get-user --profile dev-account ....
My profiles are stored on my Mac at cat ~/.aws/config| grep profile
The config file is created by an in-house custom script. This is the contents of what that file looks like.
[profile dev-account]
sso_start_url = https://yourcompanyname.awsapps.com/start#/
sso_region = us-east-1
sso_account_id = 1234567890
sso_role_name = PowerUserAccess
region = us-east-1
output = json
Also, in this folder is a "credentials" file that has some JSON for these variables: profile name, aws_access_key_id, aws_secret_access_key, aws_session_token, aws_expiration

BOX: Add Collaboration to a folder using AppUser user token

I am building an integration between my organization back-end systems and BOX.
One of the scenarios is that when certain event is happening inside my organization there is a need to create a folder in BOX and add collaboration objects to that folder (connect groups to the folder).
I have no problem to create the folder but when trying to create the collaboration I am getting the following error:
Box.V2.Exceptions.BoxException: Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."
I am using BOX SDK for .Net to interact with BOX.
The application I created in BOX is assigned to use AppUser User Type and I provided all the scopes that BOX allows me (All scopes except "Manage enterprise" which is disabled).
The code that fails is (C#):
var privateKey = File.ReadAllText(Settings.JwtPrivateKeyFile);
var boxConfig = new BoxConfig(Settings.ClientID, Settings.ClientSecret, Settings.EnterpriseID, privateKey, Settings.JwtPrivateKeyPassword, Settings.JwtPublicKeyID);
var jwt = BoxJWTAuth(boxConfig);
var token = jwt.AdminToken();
var client = jwt.AdminClient(token);
var addRequest = new BoxCollaborationRequest(){
Item = new BoxRequestEntity() {
Id = folderId,
Type = BoxType.folder
},
AccessibleBy = new BoxCollaborationUserRequest(){
Type = BoxType.#group,
Id = groupId
},
Role = "viewer"
};
var api = client.CollaborationsManager;
var task = api.AddCollaborationAsync(addRequest);
task.Wait();
When running this code but replacing the Admin Token with Developer Token generated from the Box Applicaiton Edit Page it works.
Any help is appreciated
OK, I had long discussion with BOX Technical team and here is the conclusion: Using AppUser is not the right choice for my scenario because it is limited only to the folders it creates. There is no way to bypass it.
The solution is:
1. Configure the Application to use standard user
2. Create User with administrative rights that will be used by the API to do activities in BOX. I named this user "API User"
3. Follow the oAuth 2 tutorial to generate access token and refresh token that the API .Net application can use instead of generating token for the AppUser. the oAuth 2 tutorial can be found at https://www.box.com/blog/get-box-access-tokens-in-2-quick-steps/
If the app user is a member of the group(s) you want to be able to access the folder then you shouldn't need to set up a collaboration, the users should just have access.

Enroll new user in 2-Step verification through the Google API

We are using Google API to create new google accounts (users and their emails).
New requirement is that we should support 2-Step authentication enabled in admin.google.com (for sub-organization) and we need to enforce the rule.
Now comes the problem: If we create new user in this sub-org it will try to enforce 2-Step authentication and, as it is not setup, user will not be able to login to set it up. And admin cannot setup 2-step verification for the user.
Even more... I need to be able to setup users 2-step verification through the API.
Does workaround for this exist, or does anyone have any idea how to do it?
Any suggestions are welcome,
thanks
UPDATE 1
Thanks to Jay Lee's answer I am expanding a bit with working C# code using Google.Apis.Admin.Directory.directory_v1 SDK
private string GenerateVerificationCode(string userKey)
{
var _service = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = _applicationName,
});
var generateVerificationCodesRequest = _service.VerificationCodes.Generate(userKey);
generateVerificationCodesRequest.Execute();
var verificationCodesRequest = _service.VerificationCodes.List(userKey);
var verificationCodes = verificationCodesRequest.Execute();
var verificationCode = verificationCodes.Items[0].VerificationCodeValue;
return verificationCode;
}
You can:
Make sure user is created in an OU where 2SV is forced. Set the orgUnitPath attribute when calling users.create()
Call VerificationCodes.generate() for the new user to create backup codes to get backup 2SV codes for the user.
Share the backup codes with the new user along with their password and instructions for first login and setup of 2SV.
User will be able to pass 2SV with the backup codes for first login. Then they can setup normal 2SV via SMS or app. You'll want to provide new users with a good set of detailed instructions for this process as it does complicate onboarding but it means they are secure on day one.

How to get user name, email, etc. from MobileServiceUser?

After a lot of digging around I've got my WPF application signing users in via Azure Mobile Service. My Mobile Service is connected to an Azure Active Directory that I have set up. However, when I log the user in with MobileServiceClient.LoginAsync(...) the MobileServiceUser UserId is in an unreadable hash it seems. For example it looks like: "Aad:X3pvh6mmo2AgTyHdCA3Hwn6uBy91rXXXXXXXXXX". What exactly is this?
I'd like to grab the user's display name to use but I can't figure out how.
That is the userID of Azure Active Directory. You need to create a service to expose your AAD info through a service and retrieve the additional information using the access token you get from your user.
First:
ServiceUser user = this.User as ServiceUser;
var identities = await user.GetIdentitiesAsync();
var aad = identities.OfType<AzureActiveDirectoryCredentials>().FirstOrDefault();
var aadAccessToken = aad.AccessToken;
var aadObjectId = aad.ObjectId;
This will give you the access token and objectID , then you need to query the information through AAD graphy API.
https://msdn.microsoft.com/library/azure/dn151678.aspx
Look at the sample request part. You should provide the query with the access token you got and objectId.
Here is an alternative approach, after reading http://justazure.com/azure-active-directory-part-2-building-web-applications-azure-ad/ scroll to the section on Identity in .Net it talks how claims are a standard part of the framework. So once you get the credentials object like provided by #beast
var aad = identities.OfType<AzureActiveDirectoryCredentials>().FirstOrDefault();
You can actually grab a dictionary with the various properties. Examples of some the properties can be found at https://msdn.microsoft.com/en-us/library/system.identitymodel.claims.claimtypes(v=vs.110).aspx
So from there you can do the following:
if (aad != null)
{
var d = aad.Claims;
var email = d[ClaimTypes.Email];
}
I did this to pull the user id which was cross referenced in a table. FYI I am using App Service, but I believe the credentials object is the same in Mobile Service

Categories