Exploring Authorization and Authentication for E-commerce Transactions
In this meeting, the participants discussed the topic of authentication and authorization for an e-commerce capability. David expressed his need to ensure that the recipients of funds are authorized and suggested using OAuth for this purpose. Ray advised against managing the money directly and recommended using third-party services like Stripe or Peddle. He explained that the authentication process should focus on verifying the identity of users, while the attribution of transactions can be handled through webhooks and data structures. They also discussed the security considerations for different user types, emphasizing the importance of scalability and the potential trade-off between security and usability. In the context of non-profit organizations, Ray suggested relying on personal relationships and a vigilant approach instead of complex technological solutions. The meeting concluded with David expressing his gratitude for the advice and no further actions were required.