#helomnr

Did you specify off_session on the Payment Intent?

https://stripe.com/docs/api/payment_intents/create#create_payment_intent-off_session

Yes when I processed the Subscription.modify() but it tried 3DS auth anyway, the only thing different was that the payment was marked as failed.

Ah, so the payment failed and then 3DS was required?

The payment failed because the bank asked for authentication (authentication_required) and this one was incomplete

Hmmm, do you have a request for the request that resulted in failed payment?

Here's how you can find a request ID: https://support.stripe.com/questions/finding-the-id-for-an-api-request

Here is the request, it's from our test account "req_XtvpljL4FVzF2V"

So that happened because you used a test card where 3DS is always required no matter what.

It's the card ending in 3220 here --> https://stripe.com/docs/testing#three-ds-cards

Yes I used it because I have the issue with customers on the live account

Yeah, but that card will always require 3DS, even on off_session payments. Do you have an example request for a charge that failed 3DS on an off_session payment?

Hello ! I already sent this message yesterday but the thread has been closed before I could answer the last question... so I put it here again ! I have an issue with the use of 3D secure 2. I process payment method with a SetupIntent from our web app. Here 3DS is required for card. Which is exactly what I need. But then when I try to update a subscription (while the customer is off session), adding the new payment method as default for the subscription another 3DS auth appears. How can I have 3DS auth only for SetupIntent and not for PaymentIntent?

Can you share an example request that triggers 3DS?

I shared a test example here is a request from live account with one of our customer "req_bjZuxaQ20LaNT8" it triggered a 3DS with a card added by SetUpIntent

that's not really unexpected, that request is an on-session payment attempt(updating a subscription in a way that requires payment without passing off_session:true ) and those will commonly require authentication. Nothing strange about that.

if you pass https://stripe.com/docs/api/subscriptions/update#update_subscription-off_session then we know the payment is 'merchant-initiated' and can claim exemptions from 3DS

Yes I know, that's why I tried with off-session true in my test account (request "req_XtvpljL4FVzF2V"). And I still had the 3DS.

were you using the test card that supports off-session exemptions from 3DS?

https://stripe.com/docs/testing#authentication-and-setup 3155

I need it to work for any card.

not sure what you mean

in test mode, it only works on that card, that's how we built test mode

in live mode it would work in general, but ultimately the customer's bank decides if 3DS is required, uf you pass off-session you are claiming an exemption the only way you can

My customers could have card that requires 3DS. I want 3DS only on SetUpIntents not PaymentIntents

I am asking if there is a way to do that for every customer.

doesn't work that way, you can do 3DS on the SetupIntent and the subsequent off-session PaymentIntents will mostly not require 3DS(that's what the 3155 card simulates, the happy path). Sometimes the bank will still decide to require 3DS, just how it works and you have to handle it. But it would not be the usual case