#martyna - confirm after 3DS

martyna

You said: hi, we at Recruitee had this issue in production as well - we have 200 respnse on payment_intent, but we got 404 on Request URL: https://hooks.stripe.com/csp-report?p=three_d_secure%2Fauthenticate Request Method: POST Status Code: 404 csp-report : {,…} blocked-uri : "wasm-eval" column-number : 218267 disposition : "enforce" document-uri : "https://hooks.stripe.com/three_d_secure/authenticate?client_secret=src_client_secret_1IWDMZmJPuay4CvUSAshLp2l&livemode=false&merchant=acct_15OzyvHpcg3Dmd9G&return_url=https%3A%2F%2Fhooks.stripe.com%2Fredirect%2Fcomplete%2Fsrc_1MGonJHpcg3Dmd9GC49VTPMU%3Fclient_secret%3Dsrc_client_secret_1IWDMZmJPuay4CvUSAshLp2l%26source_redirect_slug%3Dtest_YWNjdF8xNU96eXZIcGNnM0RtZDlHLF9OMHFVNGdOajVyVW5GM010WEZmdmVzY0NRa0JJT1ln0100N3CCKrXP&source=src_1MGonJHpcg3Dmd9GC49VTPMU&source_redirect_slug=test_YWNjdF8xNU96eXZIcGNnM0RtZDlHLF9OMHFVNGdOajVyVW5GM010WEZmdmVzY0NRa0JJT1ln0100N3CCKrXP&usage=single_use" effective-directive : "script-src" line-number : 2 original-policy : "report-uri /csp-report?p=three_d_secure%2Fauthenticate; connect-src 'none'; manifest-src 'none'; media-src 'none'; object-src 'none'; base-uri 'self'; font-src 'self'; img-src 'self' https://q.stripe.com/; script-src 'self' https://js.stripe.com/ 'report-sample'; style-src 'self'" referrer : "https://js.stripe.com/" script-sample : "" source-file : "chrome-extension" status-code : 200 violated-directive : "script-src"

Yep can you provide the request ID for that 404?

Hmm wait

You are seeing a 404 upon redirecting to handle 3DS?

and then our api has a response that. the card was declined
payment_processing_failed

this is with using your test 3ds secure and 3ds 2 secure cards on test env but we have this issue since 9.12 and support is constantly closing the issue 🙈 and we simply do not know what to tell our customers as they are using 3ds secure required cards in prod as well

Gotcha

Can you provide me an example PaymentIntent that I can look at?

sure

Thanks, give me a moment

then Stripe modal appears (and i click confirm or fail - doesn't matter actually) and it is followed by csp hooks 404 and then purchase fails

Okay so for that example it is using the manual_confirmation flow

So that means that after 3DS is completed on the client, you must confirm again on the server to complete the payment

but i assumed when testing 2 cards from your documentation they should be passing the confirmation 👀 in that case should we do something?

I'm not sure what you mean exactly?

i mean what we can do to prevent such issues - 3ds secure cards are not passing confirmation (stripe test cards) and our customers on production

those two Rita mentioned, they are not working and we saw that in production logs as well

They do pass confirmation, you just aren't completing the payment after confirmation is succesful. You need to call https://stripe.com/docs/api/payment_intents/confirm to confirm from your server after 3DS is completed in order to complete the payment

ok so we should call paymentIntent twice, am i correct?

before, and after confirmation?

Yep, let me find the docs. One sec

right now, we have paymentIntent 200, csp stripe hooks for 404, subscription not purchased card declined - patch 422

and the proper way should be paymentIntent 200, csp stripe hooks 200, paymentIntent 200 (second), and then patch should pass?

Let's back up a sec

So you are completing 3DS using handleCardAction, correct?

honestly idk i am QA not dev, but gimme few mins maybe i'll find it 😄

yes, we do

we use handleCardAction

Okay I'm confused by the fact that you are seeing a 404 for card declined. The examples you have provided me have not been declined

They just haven't been completed yet

ye i know, we are confused since 9th of december when i found it 😄 we do not have any idea why this is happening (especially when those are stripe test cards from your documentation with outcome OK)

and we are more even confused why 3ds cards worked before on production and stopped working last week 😄

3DS2 Required OK 4000000000003220 3D Secure 2 authentication must be completed for the payment to be successful. By default, your Radar rules request 3D Secure authentication for this card.
3DS Required OK 4000000000003063 3D Secure authentication must be completed for the payment to be successful. By default, your Radar rules request 3D Secure authentication for this card.

so in test mode - after clicking FAIL or COMPLETE AUTH there is always the same reason - card declined

Is there somewhere we can reproduce this?

yes, i can do this on out testing env

Is there a link we can go to and see it ourselves?

do you have access to recruitee logs in stripe? I dont 🙈

Do you have other radar rules in place that might be blocking payments? Are there any details in the outcome that provide context for you?
https://stripe.com/docs/api/charges/object#charge_object-outcome

let me check the code, and do you have access to stripe logs of recruitee testing env? i can also manually reproduce and all of it will be in stripe (as we checked them last week in stripe as well)

no i don't see any outcome usage

If you can share example request IDs or payment intent ID yes I can inspect those details

im using this card from you Test documentation: 3DS Required OK 4000000000003063 3D Secure authentication must be completed for the payment to be successful. By default, your Radar rules request 3D Secure authentication for this card.

and i chose Complete auth on stripe modal

Ok this looks to be successful, but you need to confirm the payment again after the 3ds auth

Because you're using manual confirmation

Try calling this again: https://stripe.com/docs/api/payment_intents/confirm

but where? should i log in to stripe and then confirm it? how and where i can confirm it on our test env?

With the API, you can use eg curl or whatever SDK you prefer

martyna - confirm after 3DS

we have a confirmation in API 🙈

we DO NOT confirm if we have account balance less or equal 0 or paymentIntent is not available

Hello 👋
Taking over for synthrider as they had to step away
Let me know if you have a follow up question 🙂

Hello, yeah i do 🙈 , could you see my last few messages in the thread 😅 it would be helpful

I see the messages but I'm not sure what your question is as this is a long running thread 🙂
Would you mind writing a quick summary of your current state and the question?

sorry, no thank you. we were trying to reach via customer support since 9th of december and we were ghosted 😄 and today i don't have energy for that to do it all over again 😅 we will probably be back after xmas/new years eve tho. Have a nice evening/night/day. And happy holidays

NP! 🙂 Happy Holidays to you too!

thanks and sorry for being a pain in the 🍑 👋

all good!