#kekk0 - 3DS

Hi 👋
What do you need help with?

I am testing cards with 3D secure on my app and i send to the user the link to confirm payment

but this happens all the time but i'd like to configure the paymet to go automatically

i always get payment_intent.requires_action on webhhok also with cards that are configurable to use in future without the 3D secure

4000002500003155

for example this card from test should be configured to use in future payments but in my code doesn't works automatically.

this is the log

{
"id": "pi_3Koqj3A94JJJ3znb1xcIbsfl",
"object": "payment_intent",
"amount": 300,
"automatic_payment_methods": null,
"canceled_at": null,
"cancellation_reason": null,
"capture_method": "automatic",
"client_secret": "pi_3Koqj3A94JJJ3znb1xcIbsfl_secret_37Dirq7SZibMvyk8cy4g0V3qK",
"confirmation_method": "automatic",
"created": 1650035181,
"currency": "eur",
"description": "Subscription update",
"last_payment_error": null,
"livemode": false,
"next_action": {
"type": "use_stripe_sdk",
"use_stripe_sdk": {
"type": "three_d_secure_redirect",
"stripe_js": "https://hooks.stripe.com/redirect/authenticate/src_1Koqj4A94JJJ3znbvJml4D0U?client_secret=src_client_secret_p6g2vt7Y9e5VhivNHcW9df69&source_redirect_slug=test_YWNjdF8xS2JVR2pBOTRKSkozem5iLF9MVnNVbFFQR0RaeVEyNFpTZmpBUzN5Q2ZyenlJQmt201006Mz6B92I",
"source": "src_1Koqj4A94JJJ3znbvJml4D0U"
}
},
"payment_method": "pm_1KopvyA94JJJ3znbqfQsNh3Q",
"payment_method_types": [
"card",
"sepa_debit"
],
"processing": null,
"receipt_email": null,
"setup_future_usage": "off_session",
"shipping": null,
"source": null,
"status": "requires_action"
}

Yup, 3155 is intended to always require authentication

My business is in italy europe, and i use a subscription for volume of quantity

and i bill every 10 days

how can i have card configured to have billing automatically? Is there a way?

My process of configuration is:

1. Create user and attach payment method

2. Register subscription

I saw here that if you use payment intent you can configure for future payment am i right?

Because is very bad for my business if users have to authorize throw app every single transaction

No you should be able to charge without additional authentication

so with what card i can test if my flow of configuration works?

That is the right card, I'm just looking for the docs to explain how you need to configure your subscriptions for off-session billing

It should be the default

Can you share a request ID for one of your test subscription creations?

Actually wait. When you create your user and attach a payment method, how are you doing that?

I think the customer creation/payment method step is where we can be most effective so let me know when you can tell me what is going on there

So, when i create a new custumer i use a backend function this two stripe methods

stripe.customers.create({
email: email,
description: context.auth?.uid,
name: name,
phone: phoneNumber,
})

and then

const setupIntent = await stripe.setupIntents.create({
customer: customer.id,
payment_method_types,
});

Okay, there the Setup Intent is where I think we can help

ok

Wait so you do or do not see authentication being required when you have the user confirm the setup intent?

No i dont

i only see it required when i process payments

using paymenth sheet (for buying elements) and when the subscription is billed

Okay so how are you collecting payment method details with the Setup Intent?

no sorry i was wrong

i see 3d secure

because i use (on client side ) confirmSetupIntent

await stripe.Stripe.instance.confirmSetupIntent(
clientSecret,
stripe.PaymentMethodParams.card(
setupFutureUsage: stripe.PaymentIntentsFutureUsage.OffSession,
billingDetails: billingDetails,
),
);

Okay, do you have a request ID I could take a look at

That function seems a little odd to me. Are you using some other library? Here's the example I'm familiar with:
https://stripe.com/docs/js/setup_intents/confirm_setup

req_4GnB2SEpb05VZJ

and this is the confirm

req_V2qqlUA2qv1x3t

yes this is dart but is working with the react native and iOS and Android implementations

Okay so I am seeing that this card is configured for off_session usage

yes

And just to make sure I have all the info I need, can you share a request ID or subscription ID where you were asked for authentication again?

req_SeCAAhIhW970gl

here i used the webhook to send a notification to the user with the to complete the payment

I'm sorry but this isn't what I need. This is a /confirm request. I am looking for a subscription that should be automatically billed but wound up requiring authentication

you need the subscription Id?

sub_1KorvJA94JJJ3znbdk8jc6Jm

when i create the subscription i am never asked for the 3D secure

Right, I'm thinking more about when the invoice attempts to collect payment

req_s7bYeNkyMr7AXf

do you need log or activity of the webhook?

The webhook shouldn't matter here

because i see the invoice.created in webhook

Oh, one thing you should try is updating the Subscription to use the customer's 3DS authenticated payment method as the default.
https://stripe.com/docs/billing/subscriptions/build-subscriptions?ui=elements#default-payment-method

ok i have tried before but i was still having the issue.

but is wrong that i doesnt have the log of invoice but only the webhook?

but is wrong that i doesnt have the log of invoice but only the webhook?
What do you mean by that? The invoice would get automatically created so you wouldn't see it in your API logs

Ok

so did you understand where is the problem?

because i remove this part of code because so the paymenth method use is the default for the user, am i wrong?

You're not wrong. It should use the default for the customer. I'm still looking at these objects.

ok thankyou so much

Okay this Subscription only has a 0 balance so it's never charged. Is this one of your test ones using the 3155 card?

yes

but i add useage

for example look now

i added one item

Okay this shows the amount is paid. Were you required to provide 3DS authentication again?

what do you mean? I added an item but i wasnt asked when i added the item

We started this discussion because you were saying your test invoices were not being charged automatically due to additional 3DS authentication requirements. That does not appear to be the case with this invoice

if the invoice is empty i'm not asked

but if there is an amount i am always asked

There was an amount on the invoice you just created and it appears to have charged automatically

in this subscirption?

sub_1KorvJA94JJJ3znbdk8jc6Jm

This invoice: in_1KosFTA94JJJ3znbjIgMqOoC

yes

in this invoice i recived the requierd action status in the webhook

so my code send a push notification to user to pat for it

But the events occurred within seconds of each other. How did you go on-session to authenticate?

i send throw the push notification the hosted_invoice_url so the user can confirm the payment

and this was managed using the webhook, but this happends all the times and for my business that is based on smalls charges every 10 days is very bad

this 3D secure process because we bill when user is not using the app

for example now i didn't completed the 3D secure process

@dire dagger I'm sorry we're having trouble following what you're describing unfortunately

so the problem is that i want to configure card to be used for the future without 3D secure

i've implemented all the process but i still recieve 3D secure actions requierements

for cards that as documentation said culd works without 3D secure when confiugured

why i am facing this issue?

That's too vague unfortunately. Please provide a detailed and explicit example of where this happened again

so

Please try all in one unique sentence, not numerous separate messages too.

what details you need

?

Same thing as all your conversation before with my colleague. One clear summary of what is happening with a clear example invoice id (in_123), PaymentIntent id (pi_123) where you got 3DS to happen but didn't expect it

As you can see from this invoice in_1KosmKA94JJJ3znbgSuryB6U i am required to use 3D secure every time a payment is processed for the subscription (sub_1KorvJA94JJJ3znbdk8jc6Jm). My goal is to create paymenths Methods that does not require 3D secure every time to be processed.

yes but that is the same issue you had earlier today. You still aren't passing off_session: true on Subscription update

so i must pass it when i create the subsctiption?

No?

You must pass it when you are updating the subscription, if you want that payment to be off session

That's what my colleague explained earlier in details to you

Every single time a payment is triggered if it's not off session it will require 3DS with that specific Test card

i'm so sorry i didn't understand earlier.

so when i create a subscription then i have to update it with off_session: true ? am i right?

https://stripe.com/docs/api/subscriptions/create this documentation said i can pass it also when i create it

Those are 2 completely different things. off_session is simply a parameter for a specific request. It doesn't apply to future changes. When you create the Subscription, your customer is on session. They are on your website or app and paying. So you don't pass off_session: true and you get them to do 3D Secure.

In the future, when you change their subscription, if they are on your website or app, they are still on session and you don't pass off_session: true either and you have to make them go through 3D Secure if the bank asks.

With that out of the way, the test card you're using explicitly requires 3DS always for on session payments. So that one will never skip 3DS, while in production it might since it's not always required. So if you want to simulate an upgrade without 3DS with that test card you have to pass off_session: true.

Similarly, if you change a customer subscription while they are not on session (not on your app or website) then you pass off_session: true since they are not here to do 3DS and you're the one initiating the charge/payment.

Ultimately, no matter what you do, it's all up to the bank. Banks will or won't require 3DS depending on many factors. You always have to plan for getting your customer to go through 3DS no matter what

Let me know if any of this is unclear!

My customer doesn't pay when create the subscription

because is a subscription based on value of consumption.

you still need to collect their card details at some point, whenever that happens, this will be on session

i collect them before creating the subscription

and i pass setupFutureUsage: stripe.PaymentIntentsFutureUsage.OffSession,

Sure, then you're good. But still, the bank might want 3DS, no matter what.

So pass off_session: true on Subscription creation or update, and you're good

const subscription: any = await stripe.subscriptions.create({
customer: customerId,
items: [
{
price: priceId,
},
],
off_session: true,
// expand: ["latest_invoice.payment_intent"],
});

this should work? Witch card i shuld use to test it?

I'm sorry you still seem totally lost. This is still the creation. The creation works. There's nothing to change for the creation. What you need to change is the update code

so when you go and update the subscription right now, also add off_session: true and see it work

thankyou for your pacience, what do you mean for right now?

in the webhook, when is triggered something like customer.subsctiption.updated?

https://stripe.com/docs/billing/subscriptions/webhooks covers in details all the events

customer.subscription.updated will happen every time the subscription is updated. So when you call https://stripe.com/docs/api/subscriptions/update for example or when the subscription renews each cycle, or when it changes status after a failed payment, etc.

and there i shuold update using off_session:true ?

in the code that calls https://stripe.com/docs/api/subscriptions/update yes. await stripe.subscriptions.update()

ok thanyou

sure!

I'm sorry but my system is still not working, how can i get support with my code? I need to make possibility for automatic charge works or my business will not be efficent.

koopajah had to step out for a bit. I am catching up here. What is the current error that you are seeing in your code?

Are you passing off_session: true in the update call?

yes in my webhook i have this code case "customer.subscription.updated": {
const subscriptionUpdated: any = event.data.object;

      const subscription = await stripe.subscriptions.update(
        subscriptionUpdated.id,
        {
          off_session: true,
        }
      );

and also before i create the subscription when i receive the pathemnt method, i create a setup intent with const setupIntent = await stripe.setupIntents.create({
customer: customer.id,
payment_method_types,
usage: "off_session",
confirm: true,
});

but when it time to pay the invoice i have always to use 3Dsecure as you can see from this invoice

in_1KouupA94JJJ3znbifIOarE5

i think what i am missing is the configuration of the card as documented here https://stripe.com/docs/payments/save-and-reuse

Thanks for the additional info, trying to see why you needed 3DS auth on that update...

For that subscription, I am not seeing the off_session variable set in either your subscription creation call or your subscription update call:
https://dashboard.stripe.com/test/logs/req_AmZ8QiSqCWkcR8
https://dashboard.stripe.com/test/logs/req_ItNSEeHPtlprRf

Are you sure that that is a subscription that you created with that exact code?

I rebuild my code and deploy then i will send you new ids

I can see it on some of your recent calls but not those ones.

Can you try running your code one more time right now and we can take a look at the newest Subscription+Invoice?

ok sure

This is the subscription

sub_1KowDAA94JJJ3znbF8t6XUev

in_1KowGlA94JJJ3znbvdYdJvqx

from the dashboard it says that now is configured for future usage, but if i create new invoices i need always to confirm 3Dsecure

this is the payment method pm_1KowBZA94JJJ3znbrPef3U1Q

@dire dagger you sadly still never changed the code

I'm sorry but we spent many hours with you on that one question and you still have not made the one line code change 3 of us have told you multiple times

We really want to help, but we're reaching the limit of what we can do.

sorry but i've changed them

i've added all the code you told me

you haven't though

https://dashboard.stripe.com/test/logs/iar_eNwXwZmWImdfvr

you're still not passing off_session: true

i'm really sorry

i didn't mind about the code i use to force billing

i'm completly sorry

i'm so so sorry now i've tested with the curl code and added the off_session: true also there and works perfectly

yay!

can i ask one last

question

now when it will bill automatically and not forced with my curl code will works?

it should, but like I said earlier: it's up to the bank to ask for 3DS and it will always ask for it sometimes so you have to plan for it

yes of perfect, thank you so much for the amazing support. You guys make the difference! Best in class 🥳

Glad we could help 🙂

I’m sure I was the toughest of the day 😂😅

hahaha

3DS can be tricky to grasp especially as some cards do a specific behaviour that doesn't happen in test mode