#thedietingdev

It may be worth noting that the customer is not present for the 2nd additional payment

Can you share the request id req_xxx?

Do you mean this? pi_3Nfdq2F0ydlQC8ek041oqnZj

I mean the 2nd payment intent which you got Your card was declined error

That's the one there

No that's succeeded with a status of requires_action

To clarify, the first SetupIntent should already done 3DS for you. And then from next time you should just create PaymentIntent with off_session=true and most of the time the issuer bank will accept it

Yeah, it's requesting 3DS when attempting

for the 2nd attempt

This request right? https://dashboard.stripe.com/test/logs/req_TI94UAezZDMpTo I am not seeing off_session = true

So sorry, pi_3NfdpAF0ydlQC8ek08pVdRXw

is the right one

Okie, I see you are passing in pm_1NdJDZF0ydlQC8ekvx73wmOI and that doesn't seem to come from a SetupIntent

How did you create it?

                        'payment_method_types' => ['card'],
                        'mode' => 'setup',
                        'currency' => 'AUD',
                        'customer' => $customer_id,
                        'success_url' => $stripe_info->getResponseSuccessUrl() . '?stripe_session_id={CHECKOUT_SESSION_ID}',
                        'cancel_url' => $stripe_info->getResponseFailUrl(),
                    ]);```

then redirect the user to the URL

You sure? What is the Checkout Session Id ? cs_test_xxx

https://dashboard.stripe.com/test/logs/req_4gXAcrhFSP7P8B

req_4gXAcrhFSP7P8B

Taking over here. To clarify the confusion is why auth is being requested on future off-session payments with a previously setup payment method, yes?

That's correct

To be clear, that can happen. We do optimise off-session payments to try and prevent that, but ultimately banks can (and do) request 3DS for ad-hoc payments even if the card was 'setup'

Is it this payment, pi_3NfdpAF0ydlQC8ek08pVdRXw?

That's right yeah

However in that example the payment_method used was seemingly created via the /v1/payment_methods endpoint and not via a Setup Intent: https://dashboard.stripe.com/test/logs/req_AxZuRZTwjIbM7e

pm_1NdJDZF0ydlQC8ekvx73wmOI -> https://dashboard.stripe.com/test/logs/req_wQt3Q9JgRTWDKf

Mmm, so how do i create via a setupIntent, as we're creating a session and redirecting to stripe hosted card input page and then retrieving the setupIntent it creates

                        'payment_method_types' => ['card'],
                        'mode' => 'setup',
                        'currency' => 'AUD',
                        'customer' => $customer_id,
                        'success_url' => $stripe_info->getResponseSuccessUrl() . '?stripe_session_id={CHECKOUT_SESSION_ID}',
                        'cancel_url' => $stripe_info->getResponseFailUrl(),
                    ]);```

mode is set to setup

We're then storing the card token and using that as the payment method in any paymentIntents

Wait, you're using 4000000000003220?

That test card always requires 3DS for every payment

So this behaviour is expected. Instead you should use 4000002500003155:

This card requires authentication for off-session payments unless you set it up for future payments. After you set it up, off-session payments no longer require authentication.

Ok got ya!

Thanks you

np

The one thing that confused me

was the set up for off_session payments

i thought i'd done this

You have. But using 3220, and that card will always need 3DS even if you set it up

Perfect thanks

I've just tried with a different card and it seems to be working and just needs capture now