Iam a partner platform developer working on integrating Stripe Connect for diverse customers. We’ve encountered a challenge with organizations that have Single Sign-On (SSO) enforced on their Stripe accounts:
• Our current flow redirects users to https://connect.stripe.com/oauth/authorize. However, when an organization requires SSO, users are initially presented with the regular email/password login form rather than being directed straight to their Identity Provider.
• We aim to create a unified “Connect” experience that automatically accommodates both SSO-enabled accounts and standard accounts, without requiring our end users to make a selection or us to perform manual domain lookups.
Could you please advise on the following:
- Does Stripe provide any API or metadata that allows us to programmatically determine if a given customer domain is SSO-enabled?
- Are there any recommended best practices or alternative endpoints/parameters for directing users through SSO first and then into the OAuth grant screen?
- Is there any planned support for a “login_hint”-style parameter on the Connect OAuth endpoint to automatically trigger SAML/SSO?
Any guidance, sample snippets, or documentation pointers you can share would be greatly appreciated. Thank you in advance for your help!
Currently, we have built the OAuth flow based on the documentation found at Connect OAuth reference | Stripe Documentation