#guillaume-subs-changedefault

Hello! We'll be with you shortly. Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• guillaume3562, 5 hours ago, 26 messages

Yeah looks like hosted invoice page

crazy

hence, hosted invoice page uses legacy POST /sources endpoint, I can't change this

What's the problem?

long story short: when a payment is declined, I redirect customer to the stripe_invoice.hosted_invoice_page so that they add a new credit card; yet the new card is created via POST /sources and hence is not strongly authenticated, and user is asked for 3DS per email, and I see "authorization required"

=> Stripe HPI cannot be trusted as a place where a user can add a credit card securely

Wait so are these subscription payments? And when a subscription invoice's payment fails, you just send customer to that invoice's hosted page to collect a new card and then set that as the default?

you're 💯

that's exactly what I'm doing

before subscription, I collect the first card with SetupIntent with 3DS "any" param to ensure strong authentication as I pay invoice off session

hosted invoice page is very convenient to me but by using legacy sources API, SCA is not fullfilled

How do you collect payment info initially? Checkout or Payment Element?

custom payment element (web + iOS + android)

SetupIntent given to SDK then create a PaymentMethod (not a Source)

setup intent : req_U9UiMTcBYqi4Mq
attach pm : req_OdtXZH2lbVwnAr

👋 I'm hopping in here to take a look as well - give me a mi nute to catch up

So backing up for a second here - Sources can still be used with SCA/3DS. It's using Sources with the Charges API that doesn't work with 3DS

i use it with stripe_invoice /pay

If the Source has been correctly setup with a Payment Intent that had setup_future_usage set then it would behave the same as a PM that was also set up with setup_future_usage

I don't know how it was setup as it's done on invoice hosted page (see req_r3bWdEhhttzETz)

For your problem specifically, I think the issue is that the Payment Intent tied to this Invoice does not have setup_future_usage set, so when a new source is collected it's not being correctly set up for future off-session payments

Generally, I wouldn't recommend using the Hosted Invoice Page if you want to collect a new default for your customer - instead, it'd be better to use the Customer Portal

Payment Intent tied to this Invoice
I use Stripe::Invoice.pay(@stripe_invoice.id, { off_session: true }) so no question of PaymentIntent here

I don't think my account allow me to have customer portal

No it's not a question of the Payment Intetn being there or not - the issue is that the Paymet Intent has attributes set on it that are not setting up the collected source/pm for future usage

Are you seeing errors when you try to use the customer portal?

mmmh weird I really thought I needed to upgrade Billing plan

a link to https://billing.stripe.com/p/session/live_xx/payment-methods instead of hosted invoice page would do the trick

Yup!

https://stripe.com/docs/api/customer_portal/sessions/create

thank you very much @jovial pagoda

guillaume-subs-changedefault

maybe it's worth to add this to documentation