#vitorLeitao

1 messages · Page 1 of 1 (latest)

pastel zephyrBOT
silk peak
#

👋 happy to help

#

you're not really creating a Payment Intent here but rather a Checkout Session right?

compact flower
#

Yes, you are 100% correct apologies.
We are creating a session by using the SessionCreateOptions and the SessionService

silk peak
#

no worries, it's just so I'm sure I'm fully understanding your Q

#

basically CheckoutSessions expire in 24hrs by default (but you can change that to less). In a perfect world, you should only redirect to the Checkout Session for an already existing customer if you already have them authenticated on your website. you shouldn't share the link

compact flower
#

I understand, my point is, is there any way no the stripe side as well to ensure any authentication happens?

#

Because we had queries asking why no authentication on stripe's side happened, and I understand the point of our customers

#

where they login our system in a fresh browser, and stripe auto-filled the data without any validation on the stripe side

#

hence my question if there is any option we missed to force stripe to also authenticate the user, and not just on our side

silk peak
silk peak
#

and thankfully it's the case otherwise it wouldn't be PCI compliant

#

from the moment they login to your system you identified their customer id which is kind of them signing in to Stripe in a sense

compact flower
#

Is there any plan on adding this, or a place where I can request this as a feature?

I understand we are meant to make sure only the authorized parties should have access to this link and mechanism (which we are validating), but I am sure you can see how from the customers point of view this looks bad, where a browser that never accessed his payment details has a prefill without any permission check from the user or a login into the stripe website

silk peak
compact flower
#

Cool, that clarifies things for me.
Thanks @silk peak