#PJ1-authentication

Hello! Starting up a thread for you

The general idea is that you need to bring your user back on to your app so that they can go through the authentication flow - you can build this on the web or a mobile app (it doesn't matter either way). I also want to clarify - when you say "re-authenticate on the web via an email link" are you thinking that just clicking the web email link will complete the authentication? Because that's not what I'd recommend - you should be linking your user to your own site which then calls confirmCardPayment which will potentially surface some authentication UIs that the user has to complete

Thanks Karbi, so with this method, the user will be able to re-authenticate their previously saved card, rather than need to add a new card?

Correct! As long as you use confirmCardPayment with the same client secret and payment method ID they should be able to use the already saved card

Also, when using the Payments API for fixed price subscriptions, should we always require card authentication on the first payment and how do we request an exemption for future off session payments (or does Stripe handle this part automatically)?

Stripe should handle this automatically when you create the Subscription - the payment Intent generated for the first Invoice should set setup_future_usage: off_session which should collect all the necessary information needed to request exemption for future off session payments