#codename-mid9it_code

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1219276453716426825

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi 👋 can you tell me more about the problem being encountered that is preventing the completion of the authentication challenge?

Hello toby,

the user doesn't not receive any form of authentication either by OTP or email or via the card app. therefore the user cannot complete the verification step

I'd recommend checking with our support team regarding whether those emails are being sent to the customer, that's not something we can assist with:
https://support.stripe.com/?contact=true

Do you have a part of your integration that allows your cusotmers to complete pending authentication challenges that you're also trying to troubleshoot?

i don't think so (for example if you mean if i have an OTP page where users can input the OTP code they received and finalize checkout -or in my case be redirected to a user account that now has full access after the subscription is paid, then no,

i'm just a week old in using stripe api, i believe there are so many things i'm yet to understand.

The above code i submitted is the only implementation of stripe on the website (no webhooks either)

also i didn't write the entire code from the start else it'd be easy to just use the docs on stripe api

please i need guidance 🙏

what i've been able to do so far (using the testmode & seen in the live mode) is

1. Create a customer in stripe
2. Collect the customer card details
3. Create a product id
4. Start the subscription successfully (using the product id in test mode)

now in the live mode i can't start the subscription due to the 3d secure issue

this is what the payment page looks like and if the payment is successful where "$subscription->active " the the database updates the "payment table as YES" and the user is redirected to a "myaccount" page that gives the users full access

Sorry, I'm still not quite sure what you're looking for guidance on. Right now it sounds like you're expecting your customers to receive an email from Stripe to complete 3DS if needed. Are you wanting to change that?

When you did your testing, did you use our test cards that simulate 3DS challenges needing to be completed to see how your flow handles those?
https://docs.stripe.com/testing#regulatory-cards

Are you using your own fields to collect card details there? If so, that comes with a higher PCI compliance burden than if you used one of our prebuilt elements.

yes i'm expecting the customers to receive an email from Stripe to complete 3DS since what i collected from the user is their email and not phone number

When i was testing, i used the regular test cards and not the cards that simulates 3DS challenges.

Yes i am using my own fields(not written by me) to collect card details. and i'm aware that it comes with a higher PCI compliance burden than if i used one of your prebuilt elements. but like i said earlier i didn't write the initial code, all I've done so far is try to change what is needed for the initial one time pay model that was written for the website to a subscription pay model.

it wasn't included in my job scope to change the ui and all, that's why i've avoided using your prebuilt elements and stuck to what the first developer built

i can share a github gist of what the complete payment code looks like. i'll remove all sensitive information. so you can get an idea of what i'm working with please 🙏

these are the cards i used for testing

👋 stepping in here

hello bismarck

Do you have an example Subscription ID from livemode that I can look at where the customer didn't receive an email about 3DS being required?

yes i do

lemme paste it

si_PlBo4clVlp5HUC

and it currently open

Okay so this is not a renewal payment

sorry i think this is what you need

sub_1OvfRDDLt3ELpQcmJk9CCLFa

So we would not send a 3DS auth email

The way it works here is that since this is the initial payment for the Subscription, the assumption is that your customer is on-session. That means they are present to complete 3DS.

So we don't send them an email

You would instead handle this in your flow

(Confirm the PaymentIntent again client-side to trigger 3DS)

Okay, please i'm still a noob to stripe.

i haven't setup any paymentintent before now. do i need too? and how?

Subscriptions create Invoices which create PaymentIntents. What you want to do is you want to expand the latest_invoice.payment_intent when you create your Subscription (like we show here: https://docs.stripe.com/billing/subscriptions/build-subscriptions?ui=elements#create-subscription )

Then in the API response you will see the PaymentIntent and its status

If the status is requires_action then you know 3DS is required

Ah wait you aren't using Stripe.JS at all here, right?

So if you don't want to use Stripe.JS then you confirm the PaymentIntent again on the server and set a return_url: https://docs.stripe.com/api/payment_intents/confirm#confirm_payment_intent-return_url

That will provide you a URL in the response that you can show client-side to complete 3DS. See: https://docs.stripe.com/payments/3d-secure/authentication-flow#when-to-use-3d-secure

tbh this the one thing i have written for stripe

try{
        
         $stripe = new \Stripe\StripeClient('sk_live_1211I...............bDz');
        // Creat Customer In Stripe
        
        $customer = \Stripe\Customer::create(array(
            "email" => $email,
            "name" => $membernamedata,
            'source'  => $token,
        ));

        
        $finalamount = $amount*100;
        
        $paydesc = "BNLF Members Online Directory";

        // Create the subscription with the found product ID
         $subscription = $stripe->subscriptions->create([
            'customer' => $customer,
            'items' => [['price' => $product_id]],
            "currency" => $_currency,
            "description" => $paydesc,
            //'amount' => $finalamount,
        ]);

for the stripe js this is what i found (i didn't write this so i have no idea what iit does)

<!-- Stripe JavaScript library -->
<script src="https://js.stripe.com/v2/"></script>
<script>
// Set your publishable key
Stripe.setPublishableKey('pk_live_5.....................................fXWI');

// Callback to handle the response from stripe
function stripeResponseHandler(status, response) {
    if (response.error) {
        // Enable the submit button
        $('#payBtn').removeAttr("disabled");
        // Display the errors on the form
        $(".payment-status").html('<p>'+response.error.message+'</p>');
    }
    else{
        var form$ = $("#payment-form");
        // Get token id
        var token = response.id;
        // Insert the token into the form
        form$.append("<input type='hidden' name='stripeToken' value='" + token + "' />");
        // Submit form to the server
        form$.get(0).submit();
    }
}

$(document).ready(function(){
    // On form submit
    $("#payment-form").submit(function(){

        // Disable the submit button to prevent repeated clicks
        $('#payBtn').attr("disabled", "disabled");

        // Create single-use token to charge the user
        Stripe.createToken({
            number: $('#crad_number').val(),
            exp_month: $('#month').val(),
            exp_year: $('#year').val(),
            cvc: $('#cvv').val()
        }, stripeResponseHandler);

        // Submit from callback
        return false;
    });
});

</script>

Ah that uses Stripe.JS v2 (our old version) to create a Token

So that is how you are collecting card details

i believe so. although i updated the library to version 13.13.0

You would need Stripe.JS v3 (our newer library) to handle 3DS via Stripe.JS

So unless you want to update the above code, I'd recommend just handling this server side like I noted above

please can you give me 5 mins to read thru the needed links you sent me? so i can understand you fully🙏

yep this sounds easier

Yep take your time

alright so i think i understand the idea in a testmode but my head can't wrap around the live mode since none of the values would be fixed

It works exactly the same in test and live. What you need to do here is to test in test mode first with our 3DS test cards

so i just write this

$stripe->paymentIntents->confirm(
'pi_3MtweELkdIwHu7ix0Dt0gF2H',
[
'payment_method' => 'pm_card_visa',
'return_url' => 'https://www.example.com',
]
);

after my //create the subscription..etc code....

where the pi_3........ is $customer->id,
return_url is 'return_url' => 'https: where i want the customer to go to after successful payment',
and payment method is what?

where the pi_3........ is $customer->id,
No, the pi_xxx is your $subscription -> latest_invoice -> payment_intent -> id

ohhhh

And the payment_method is your $customer -> default_source

oohh okay!! i understand now

so where does this come in

next_action: {
type: 'redirect_to_url',
redirect_to_url: {
url: 'https://hooks.stripe.com/...',
return_url: 'https://mysite.com'
}
}

still on the same payment page?

That next_action.redirect_to_url.url is what you pass client-side and then you use an iframe (or a separate webpage) to render that URL

That is where the 3DS authentication will take place

please i still don't understand 🙏 do i create a new.php file and put that there? i'm not much of a js developer.

I can't write this code for you, sorry.

I can answer specific questions about Stripe that you have

But you have to do the work otherwise

i understand. can i follow this yeah? https://docs.stripe.com/payments/3d-secure/authentication-flow#custom-iframe.

Yep

what is supposed to be there?

url: 'https://hooks.stripe.com/...',

does stripe give us the url?

Yes we give you the URL via the paymentIntent.next_action.redirect_to_url.url

It will be in the response to the server-side PaymentIntent confirmation

so url is going to be

url: 'paymentIntent.next_action.redirect_to_url.url', .yeah?

No you don't set the url property

That is provided in the confirmation response

Just do the server-side part first and then examine the response you get

Then handle the client-side part

@fast canopy thanks a lot!!!

this is for the client side i believe?

https://docs.stripe.com/payments/3d-secure/authentication-flow?lang=php#handle-redirect

i take more time to read the doc, you've been a great help

thank you