Front end / back end, user authentication questions

[leaf-node]

Thanks for making paypal-sdk! Is your library intended for use in a Dart-based back end only, or can it also be used in the front end? How does the paying user authenticate?

https://developer.paypal.com/api/rest/ is a bit vague, but it suggests that without the client (payee) secret, a basic PayPal button is still possible, so I imagine it's possible to run the library on the front end?

If the client secret is used, that would have to be protected in the back end, and there would be no need to run this module on the front end, right?

Also, how is the paying user's authentication handled? Must passwords be passed to the back end, or is it up to the front end to open a webview at paypal.com, and to pass an access token to the back end? How long is that token valid? Thanks! : )

[chirag729]

You're welcome. The library is intended to be used in the back end although there's nothing stopping you from using it's functions in a front end app.

It does not handle payments. In the app I developed the sdk for I use PayPal buttons which I host in an in-app webview. When these buttons are clicked the native browser is opened to the paypal site and the user enters their credentials there to complete the purchase so your app doesn't need to worry about handling sensitive tokens. When the transaction is completed you'll get an order id through a callback in your in-app webview. This is where the paypal-sdk is useful as it allows you to query the status of a purchase or ongoing subscription, typically from your backend.

It's also worth setting up a webhook on your backend so that you can get notifications whenever the status of a purchases changes which is useful for refunds or subscription cancellations.

[leaf-node]

Thanks for the clarification. : ) By "native browser," do you mean the default browser? If using the that is possible, it would prevent requiring the user from having to copy and paste passwords between their default browser and the webview.

It would be helpful for people new to your library if this your above text were documented. Also, I don't know if this part is out of scope, but if there was some code showing how you open the webview, get a callback, and set up web hooks, I'm sure that would help people understand how to so use it. Thanks! ; )

[chirag729]

Yes exactly whatever their default browser is. I would consider setting up the webview/callbacks out of scope, the sdk is purely to facilitate calling their REST API which has nothing to do with processing actual payments however I might add an example anyway as you're not the first to ask me about this!