#gkleinig-3DS

👋 happy to help

legend

I don't seem to follow the question, could you please explain what are you trying to achieve?

sure can!

i'm using the handleCardAction method to advance a payment intent with some card details

and we've been noticing a series of payment intents that have been 'created, then authenticated against 3d secure and an hour or so later they just expire... and i was wondering if there's a 3dsecure modal, or redirect that can occur, which would actually redirect our users off our site to their bank

and then upon returning to our payment form after completing the 3d secure steps, they're essentially just looking at a blank form again - since we have nothing in place to handle redirecting

that might be the case yes

i was just reading the docs for the new Payment Element JS and noticed there's a return_url parameter which i dont believe exists / existed when i built this haha

if you want to test it you could use the 3DS cards you could find here https://stripe.com/docs/testing#regulatory-cards

yeah i have tried them but none of them seemed to redirect off-site

https://stripe.com/docs/testing#three-ds-cards

the normal implementation would get you a modal within the same page

oh the webview one might do it

are you using it on mobile?

not a mobile app, but mobile browser

yeah it's tricky to test

the expiry might just be a case of a user not passing 3DS

all the payment intents show that they have indeed passed 3DS

do you have a Payment Intent Id I could take a look at?

sure! one moment

take your time

here's some examples for 2 different customers that have reported the issue (just FYI, these are being handled via a Connected Account)
Customer A
pi_3LCUyNJjNzQSQg5H0DX6eDc9
pi_3LCUzaJjNzQSQg5H0Hnvi6CA
pi_3LCV0aJjNzQSQg5H0ZnsoJ23

Customer B
pi_3LCS1aJjNzQSQg5H1QZ3xxIJ
pi_3LCS2uJjNzQSQg5H1EQg59Ey
pi_3LCP0CJjNzQSQg5H0P0grzKJ

pi_3LCUyNJjNzQSQg5H0DX6eDc9 this PI wasn't confirmed, let me check a bit the others and get back to you with my findings

not confirmed, that's right yep

they're passing 3DS but not being confirmed which makes me think that the handleCardAction is redirecting them off site

the pseudo code im using for processing is:

1. prevent form resubmission
2. generate a payment intent for the desired amount
3. inspect the payment intent response

• if "error" [showError(response.error)]
• else if "requires_action" [Stripe Elements.JS - handleCardAction(response.client_secret)]
• else if "success" [//internal business logic stuff]
• else [fallbackErrorHandling]

so my query is that if it's possible for the handleCardAction method to initiate a redirect off our website to another website (for eg, to get bank authentication), then when the user comes back to the form, they're essentially just coming back to a reloaded form, since we have no logic / handling for them returning from an external website. i was under the assumption that all 3DS challenges were performed on the same URL in a modal window

apologies for the information overload

no worries, but I'm a bit confused of some things I found while I was looking at your PIs

I see you are passing the payment method and confirm true in the backend

so are you generating a payment method on the front-end and sending its id to the backend?

yes, in order to attach it to the customer record

if I might be straightforward with you, this approach would give you more issues then you'd expect

absolutely, be straightforward haha

we're processing ~$1.8m AUD through our connected accounts with Stripe and this seems to be the first time its popped up

each month

the best way of attaching the payment method to the customer and follow our best practices is doing the following

ok

create a payment intent with setup_future_usage
https://stripe.com/docs/api/payment_intents/create#create_payment_intent-setup_future_usage

sending the client_secret to the front-end

using either CardElement or PaymentElement and let us handle the rest

without having to do anything else on the front-end for the redirection etc

yeah that is essentially what I'm doing

$intentParams = [
'customer' => $customer->id,
'amount' => round($amount),
'currency' => strtolower($currency['code']),
'description' => 'Booking',
'metadata'=> [
'MASCHOOLID' => $this->school_id
],
'setup_future_usage' => 'off_session',
'statement_descriptor' => 'Martialytics Booking'
];

however im also adding confirm=true and confirmation_method=manual

yes this is the issue

ah ok!

OH, coz the payment intent is trying to authenticate immediately?? as its created?

and you're also passing the payment method id right?

OH, coz the payment intent is trying to authenticate immediately?? as its created?
💯

haha, so if i just remove the confirm=true part

you shouldn't pass the payment method as well

yeah ok, i see where im going wrong there

for pi_3LCUyNJjNzQSQg5H0DX6eDc9
you passed

  confirmation_method: "manual",
  confirm: "true"```
instead just leave these out, and pass the client_secret of that intent to the front-end

if($payment_method_token) {
$payment_method = \Stripe\PaymentMethod::retrieve($payment_method_token);
$intentParams['payment_method'] = $payment_method->id;

            $payment_method->attach(['customer' => $customer->id]);
            \Stripe\Customer::update(
                $customer->id,
                ['invoice_settings' => ['default_payment_method' => $payment_method_token]]
            );
        } else {
            $payment_method = \Stripe\PaymentMethod::all(['limit' => 1, 'customer' => $customer->id, 'type' => 'card']);
            $intentParams['payment_method'] = $payment_method->data[0]->id;
        }

ok, can do

so the Stripe Elements system will make sure that customer and that payment method are attached due to the setup_future_usage flag being set

?

yes

ILU.

i'll try it out.

thanks so SO much for your time, seriously

I think you could remove the whole snippet you just sent me

from your code

yeah im going to 🙂

❤️

let me know if you need any more help

have a great night / day wherever