Jkas - consumed sources | Stripe Developers | Page 1

strange topazBOT Nov 28, 2022, 5:24 PM

#

kindred dew Nov 28, 2022, 5:26 PM

#

Another example: src_1M3oUaEkTO8kaKcKyRrxr9AJ

obsidian wagon Nov 28, 2022, 5:34 PM

#

I'm taking a look but there isn't much I can see besides that both sources show up as consumed. Doing a little more digging

kindred dew Nov 28, 2022, 5:35 PM

#

Are they both apple_pay -> apple_pay?

#

Thanks for your help looking into this with me.

#

Another example: src_1M7NlhEkTO8kaKcKM2zCfys0

obsidian wagon Nov 28, 2022, 5:39 PM

#

Yes, both are Apple Pay

#

As is the third

kindred dew Nov 28, 2022, 5:40 PM

#

It's too bad apple pay needs to be stored as a source, as opposed to a newer payment method.

obsidian wagon Nov 28, 2022, 5:40 PM

#

The associated Payment Intents show a large number of failing attempts to /pay

kindred dew Nov 28, 2022, 5:40 PM

#

Why is this? I wonder if it's buggy because of this fact.

obsidian wagon Nov 28, 2022, 5:40 PM

#

pi_3M6dxoEkTO8kaKcK0aJF0pp8

kindred dew Nov 28, 2022, 5:40 PM

#

We wish we could store everything as a pm_

obsidian wagon Nov 28, 2022, 5:40 PM

#

That would make this easier to debug

kindred dew Nov 28, 2022, 5:44 PM

#

Those large number of failing attempts is a sidekiq job on our end retrying the paying of unpaid invoices, I think. That will be resolved on our end since we have the 4x auto-retries setting enabled in our Stripe account.

obsidian wagon Nov 28, 2022, 5:46 PM

#

So I am seeing these sources being created with a call to /v1/sources like this:https://dashboard.stripe.com/logs/req_kE3mGz2jUnqz91

#

I'm reviewing one of the customers involved (cu_1FwiJcEkTO8kaKcKZqKUpbKj) and I am seeing a regular updating of default_source settings, pretty much every month

#

Jkas - consumed sources

kindred dew Nov 28, 2022, 5:53 PM

#

Interesting. It looks like we started seeing this issue around Oct 29. Backend doesn't deal with ApplePay sources - it must be a frontend frame or something that accepts those payment types.

#

But how they're getting auto-consumed and detached is beyond me. I'm looking through backend commits for any clues.

obsidian wagon Nov 28, 2022, 5:53 PM

#

The source is created with your account's secret key so it must be occurring in the back-end

#

If that key is exposed on your front-end that is a major security concern as it grants a user full access to your account via the APIs.

#

So I very much hope it is occurring on the server

kindred dew Nov 28, 2022, 5:55 PM

#

Attempting to track down where we'd be creating those in the backend.

obsidian wagon Nov 28, 2022, 5:58 PM

#

Not sure if it helps but you're using the Stripe Ruby client library to make the requests.

kindred dew Nov 28, 2022, 6:09 PM

#

That's correct.

#

I'll need to see if I can reproduce in staging, as I do have an idea of how to fix locally.

#

Thanks for your help! I'll start a new thread if I run into any other issues.

obsidian wagon Nov 28, 2022, 6:11 PM

#

That makes sense. I just know some larger deployments run multiple languages for separate services so I thought it might help narrow down the codebase a bit. Feel free to come back if/when you have more questions. We'll be here.

kindred dew Nov 28, 2022, 6:11 PM

#

Thanks again!

#Jkas - consumed sources