search

SGFGOV / medusa-payment-razorpay

A basic implementation for medusajs payment with razorpay
https://github.com/SGFGOV/medusa-payment-razorpay
13 stars 17 forks source link

authorizePayment after verification using RPay's Payment API #3

Closed Hemann55 closed 1 year ago

Hemann55 commented 1 year ago

After a successful payment, we update the payment session's data using the updatePaymentData with the following values we get back from razorpay -

{
  "razorpay_payment_id": "pay_XXXXXXXXXX",
  "razorpay_order_id": "order_XXXXXXXXXX",
  "razorpay_signature": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}

The second-last mandatory step in Razorpay's checkout flow requires signature verification using the above data. This step is currently missing in the authorizePayment method of the plugin. (https://razorpay.com/docs/payments/payment-gateway/web-integration/standard/build-integration/#15-verify-payment-signature)

Also, the authorizePayment method is currently fetching from Razorpay's ORDER API via getStatus method

orders-payment-flow

I think the getStatus method should first verify the signature, fetch from Razorpay's PAYMENT API instead of ORDERS API and then set the medusa status accordingly.

Let me know if this is the right approach or not