search

jacobarriola / gatsby-woocommerce-oc-wordpress-meetup

8 stars 3 forks source link

How to handle extra payment authentication #2

Open gavinhenderson opened 3 years ago

gavinhenderson commented 3 years ago

Huge thanks for creating this repo and the blog post to go along with it. I have leaned on it heavily whilst setting up headless payment system. You can see my headless wordpress site here, if you're interested.

I have a question about the flow, I was hoping you might be able to offer advice / pointers. Although if you don't know or don't have time to answer then no worries feel free to just close this issue.

Have you looked at handling extra card authentication from stripe? Sometimes (in the UK at least) when you make a card payment it show a window from your bank and ask you to verify the card payment, via SMS / OTP etc. On my current setup, closely based on yours if you need extra card payment then the order goes through but is left on pending and from what I can tell there is no way to get redirect out of the GraphQL API.

You can see what im talking about by using one of the stripe tests cards that will cause the authentication to be used: https://stripe.com/docs/testing#regulatory-cards

Any insight or pointers would be hugely appreciated

gavinhenderson commented 3 years ago

So I managed to figure it out and thought I would share my results.

Currently the wp-graphql-woocommerce already exposes some meta data on the order. The one you want to look for is _stripe_charge_captured. If this is the value 'no' then you know the charge has not been made.

Once you know the charge has not been made you then want to request the authentication on the front end. So you use the confirm payment function in the stripe library. See here.

To call that function you need a payment_intent_secret. The woocommerce stripe gateway does return this when it is required but currently its not passed through to the graphql schema. Its quite straight forward to add. You do it like so:

  register_graphql_field('CheckoutPayload', 'paymentIntentSecret', [
      'type' => 'String',
      'resolve' => function( $payload ) {
          return $payload['payment_intent_secret'];
      },
  ]);

No if _stripe_charge_captured is false you can charge pass the secret to stripe and ask it to verify it for you.

Hope this helps :)