Get parameters for Plaid link token based on platform

[marcaaron]

cc @Dal-Papa unsure if we have yet added the necessary redirect_uri and android_package_name fields to the production instance of Plaid, but I think these native versions will not work properly until we do. This is done now

Details

Passes the redirect_uri and android_name fields to Plaid_GetLinkToken command

Fixed Issues

IDK if there is a specific issue. It's more of a follow up to: #6362

Tests

I tested this using the steps in the linked PR above. However, also saw that the OAuth stuff is not testable with the Plaid sandbox.

I think we won't know for sure unless we test against production, but can simulate this by modifying our local `Web-Secure to use the Plaid dev app Development secret and connecting with BofA.

QA Steps

Internal / See Comments below

Tested On

• Web
• Mobile Web
• Desktop
• iOS
• Android

Screenshots

Web

Mobile Web

Desktop

iOS

Android

[marcaaron]

@nickmurray47 adding you here since I think these changes might intersect with the work you are doing for https://github.com/Expensify/Expensify/issues/160148

[marcaaron]

I think we probably want to hold this PR on confirmation that the android package name and redirect uri for iOS are registered with the production version of our Plaid instance. Done

[nickmurray47]

Looks good to me! On this:

tested this using the steps in the linked PR above. However, also saw that the OAuth stuff isn't really testable with the Plaid sandbox

Does this mean the Platypus OAuth sandbox credentials are not sufficient? What do we need to test for in this PR (or are we just gonna test the whole flow together)?

[marcaaron]

Does this mean the Platypus OAuth sandbox credentials are not sufficient? What do we need to test for in this PR (or are we just gonna test the whole flow together)?

Good question. I'm actually not sure yet, but the docs had this to say:

I'm guessing the "sandbox-only" institution they're referring to is Platypus OAuth, but really unsure if our "dev" instance that everyone can access is set up for OAuth testing or not.

I think what we need to test is:

• The production instance of Plaid a.k.a. we need to hit Web-Secure prod to get the right token (we can do this locally by passing in the prod web-secure endpoint)
• Once merged, verify we can go through one of the approved OAuth bank flows on staging (while switched to the prod token). Looking at the most recent pic that @flodnv shared here it seems like we can only test a Capital One connection. I'm confused about why some of these other banks are "Processing" - but guessing it has to do with some missing required information.

[nickmurray47]

this all sounds good and lgtm

[marcaaron]

Chatting with @Dal-Papa now about testing for Mobile-Expensify, but I think we can use a similar testing strategy for this PR to verify that mobile is working. Which is:

1. Update the Web-Secure local to use our Development secret key
2. Use ngrok to point the local native apps at the local web-secure
3. Go through the VBA flow and select BofA (the only bank set up for OAuth in our Plaid dev app atm)
4. See if we can complete the flow in iOS and Android
5. Merge this PR
6. Test again on staging but with the www-secure not staging-secure

I don't have a BofA account to test this with otherwise I'd do it myself. Going to make this internal QA in any case.

[github-actions]

⚠️ ⚠️ Heads up! This pull request has the CP Staging label. ⚠️ ⚠️
Merging it will cause it to be immediately deployed to staging, even if the open StagingDeployCash deploy checklist is locked.

[marcaaron]

Ok this is ready to be merged - but I think we are still stuck since we need actual accounts set up with participating banks to test and are only able to test BofA with the Plaid dev app anyway. Thinking more on this... really we should test them all to make sure they work before the change is deployed so we might as well use the Plaid production app Development secret.

IMO we shouldn't skip this step (and should do it for all the participating banks) because we have no idea if those connections will actually work unless we test them first.

Two options I can think of:

1. Find engineer volunteers with the various banks to test this stuff and share the Plaid production app Development secret with them and have them hardcode it in their local Web-Secure then test the flows on native platforms.

2. Just merge this and hope everything works on staging - but if it doesn't work we'll need an engineer with access to one of those banks to test the flow anyway and we will need to go back to option 1 anyway.

This option actually cannot work because we must use the Development secret anyway. Seems the Production one won't necessarily send the user through the OAuth flow.

[marcaaron]

Discussed a 3rd option with @nickmurray47 1:1 which is to add a beta and allow non engineers to also test the flow. But if we do this idea we still need to solve for how to "switch" to the Development secret for test purposes under the beta.

Ultimately, I'm not sure it's worth building out that kind of functionality yet - but one benefit is that it opens up more testing options (i.e. non engineers could test) and enable us to switch on the beta once testing is complete (even if that happens after 11/30).

[marcochavezf]

The changes look good to me (I was catching up on the OAuth migration to understand this a little bit more) 👍🏽

[Dal-Papa]

Looks even better to me now that I get it 😆

[VictoriaExpensify]

@marcaaron once this is implemented, would this resolve the Plaid issue that Chase customers were having in this GH?

[marcaaron]

@VictoriaExpensify Looks unrelated to me as OAuth should not be forced for any users yet.

[MelvinBot]

Triggered auto assignment to @sketchydroide (InternalQA), see https://stackoverflow.com/c/expensify/questions/5042 for more details.

[botify]

@marcochavezf looks like this was merged without passing tests. Please add a note explaining why this was done and remove the Emergency label if this is not an emergency.

[OSBotify]

🚀 Deployed to staging by @marcochavezf in version: 1.1.17-8 🚀

platform	result
🤖 android 🤖	success ✅
🖥 desktop 🖥	success ✅
🍎 iOS 🍎	success ✅
🕸 web 🕸	success ✅

[marcaaron]

Gonna check this off the deploy list. There doesn't seem to be a clear way to test this beyond regressions for the VBA flow. It's basically Production QA.

[OSBotify]

🚀 Deployed to production by @roryabraham in version: 1.1.18-3 🚀

platform	result
🤖 android 🤖	success ✅
🖥 desktop 🖥	success ✅
🍎 iOS 🍎	success ✅
🕸 web 🕸	success ✅

[marcochavezf]

There is no emergency here, so I'm removing the label. Seems the checklist was not completed