bachir-subscription-manual3ds | Stripe Developers | Page 1

versed plazaBOT Nov 13, 2023, 6:28 PM

#

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

bachir-3ds-manual, 19 minutes ago, 12 messages

jagged trellis Nov 13, 2023, 6:28 PM

#

@nimble haven can you give a clear summary of the context and your overall question so that I can help you further?

nimble haven Nov 13, 2023, 6:30 PM

#

sure, sorry

#

I'd like to get the return_url in order to handle the 3DS flow on the client when creating a subscription through a POST request.
The issue is that in the response, when looking inside the latest_invoice.payment_intent, the return URL is not present. But, when looking in the payment_intent object on Stripe, the return_url is present.

Do I have to refetch the payment intent, after creating the subscription in my code, in order to access the return_url ?

jagged trellis Nov 13, 2023, 6:33 PM

#

@nimble haven Why aren't you using our official SDKs for this? It is strongly discouraged for anyone but the most advanced large users to do their own redirect like this

#

bachir-subscription-manual3ds

nimble haven Nov 13, 2023, 6:38 PM

#

What do you mean ?

jagged trellis Nov 13, 2023, 6:38 PM

#

You shouldn't be manually extracting the URL like this. You should instead be confirming the PaymentIntent client-side instead with Stripe.js

nimble haven Nov 13, 2023, 6:39 PM

#

by confirming client side, it triggers the 3DS flow ?

#

automatically ?

jagged trellis Nov 13, 2023, 6:40 PM

#

yes

nimble haven Nov 13, 2023, 6:42 PM

#

We basically moved the payment confirmation to the backend (apart from confirming 3DS / ACH payments...) to protect against card testing, so this is why we ended up having to do it this way.

jagged trellis Nov 13, 2023, 6:42 PM

#

That's not what I would recommend at least. Everyone does the client-side confirmation

nimble haven Nov 13, 2023, 6:44 PM

#

oh ok!

#

how do they protect againt card testing ?

jagged trellis Nov 13, 2023, 6:45 PM

#

You make sure that card testers can't come and create subscriptions over and over again. But there's a maximum number of confirmations per PaymentIntent so they can't really take one PaymentIntent and then confirm it thousands of time.

#

I'm not an expert at card testing though, that might be a better question for our support team

#bachir-subscription-manual3ds