#jfmlima-3DS

Hi! Give me a few minutes to look into this.

hey @gritty terrace, sure thing, thanks!

So yes with the test card 4000000000003063 this error is expected since you are passing off_session:"True".

So you need to remove off_session:"True" to get the requires_action status.

uhm, is it the same with the card ending in 3220? req_iNyRs9W4420wZH

I thought that sending the off_session: True would be required to trigger the 3DS :/

Yes, it doesn't make sense to go though the 3DS flow if the customer if off session. That's why it doesn't work. You need to remove off_session:"True" to get the requires_action status.

ahhhhh

off_session: true means the customer is not on your website/app, so there's no way for them to complete the 3DS flow, so we return an error.

would that affect off_sessions charges that don't require 3DS?

right, my idea here was to have them come back to the site via email

even if they are off_session, does that make sense?

Got it! This case is covered in the documentation here, with a try/catch: https://stripe.com/docs/payments/save-and-reuse?platform=web#charge-saved-payment-method

but that's exactly what I'm doing 🤔 and in the error the requires_action is never filled 😕

Got it! I guess when the first payment intent fail, you can retrieve its ID, and then call confirm while passing the payment_method https://stripe.com/docs/api/payment_intents/confirm, and it will have a requires_action status.

uhm, even if I'm sending the confirm=True while creating the payment in the first place? 🧐

I just tested this, and it worked for me:

1. Create the PaymentIntent with confirm:true. If it works: great! If it fail then...
2. Call https://stripe.com/docs/api/payment_intents/confirm to confirm the PaymentIntent while passing the payment_method, and it will have a requires_action status.

gotcha, I'll give that a try, thank you so much!!

another qq, when the user adds the card (we don't charge right away) he does the 3DS verification, however in the remaining flow of adding the card we might charge, is it always required the he does the 3DS again?

also, does the redirect_url to authenticate 3DS have an expiration date?

and thanks, the confirm step worked 🙌 🙏

Hello, soma had to step out but I am catching up. Can you tell me more about the charge that you might make in that scenario?

It is ultimately up to the bank when to ask for 3DS auth. You won't always have to do 3DS auth again but you should be ready for it to be required on any charge that you try to make

so, here's our flow real quick:

• users adds a card through checkout
• we save the card in our db
• if the user has balance, we trigger a charge if not skip

3DS from my testing, while adding a card and when we try to charge :/

and hi @rain hatch 👋

considering that we will bring the customer back in session, how long does the redirect_url to authenticate lasts?

So that charge may require 3Ds auth. If you set off_session: true we will communicate to the bank that the user is off session and the bank will be less likely to ask for auth https://stripe.com/docs/api/payment_intents/create#create_payment_intent-off_session

yep, we're doing that already

I don't know of an expiration on that link. We don't expire it, I'm guessing some banks might have some policy on how long a user can auth for. Any which way, you should be good to get the user back on session and direct them to the link

can we do that through an email?

I've seen in the documentation we should do that through a iframe

but since we'll bring him back in session via email, can he just go the redirect_url straight from the email?

Good question. I think you can just send them to the URL but will check our docs

Can you send me the doc with the iframe info?

https://stripe.com/docs/payments/3d-secure#when-to-use-3d-secure

So yes, you can definitely just send them to the URL and they will be directed to your return URL at the end of the process

all right, thank you so much 🙏