Currently using a conditional statement that checks if a client_id exists in the database to determine whether to update or create a new PayPal configuration record. This approach is fragile because:
client_id values are encrypted, making them difficult to match accurately- It assumes global uniqueness without user or context scoping
- It lacks support for sandbox/live mode distinction or multi-user environments
🔧 Temporary workaround:
Store client_id in plaintext to enable lookup, and use updateOrCreate() based on it.
✅ Permanent solution (post-authentication):
Once the authentication functionality is in place:
- Add
user_id to the paypal_config table
- Update logic to
updateOrCreate based on a composite key of user_id and mode
- Encrypt only the sensitive fields like
secret, not identifiers
- Enforce uniqueness via database constraints (
unique: [user_id, mode])
This will allow each authenticated user to have their own set of PayPal credentials scoped by environment (sandbox or live), with secure and reliable logic.
📌 Related feature: user authentication and session management
📌 Related table: paypal_config
Currently using a conditional statement that checks if a
client_idexists in the database to determine whether to update or create a new PayPal configuration record. This approach is fragile because:client_idvalues are encrypted, making them difficult to match accurately🔧 Temporary workaround:
Store
client_idin plaintext to enable lookup, and useupdateOrCreate()based on it.✅ Permanent solution (post-authentication):
Once the authentication functionality is in place:
user_idto thepaypal_configtableupdateOrCreatebased on a composite key ofuser_idandmodesecret, not identifiersunique: [user_id, mode])This will allow each authenticated user to have their own set of PayPal credentials scoped by environment (
sandboxorlive), with secure and reliable logic.📌 Related feature: user authentication and session management
📌 Related table:
paypal_config