Change stripe payment api from `checkout.Session` to `PaymentIntent`

[lilliputten]

• [x] View makes call to Stripe PaymentIntent api to get client secret
• [x] Client secret is populated correctly into HTML template
• [x] Payment element is rendered in correct template
• [x] The same template has a place to render any error messages
• [x] Payment event response is handled correctly (i.e. either show error or redirect to user profile with message)

See docs:

• https://docs.stripe.com/payments/accept-a-payment?platform=web&ui=elements
• https://docs.stripe.com/payments/payment-intents

[lilliputten]

View makes call to Stripe PaymentIntent api to get client secret

What does it mean?

To retrieve the secret without usage of js code? Only in python?

But as I see it in the documentation, it's about the same:

https://docs.stripe.com/payments/accept-a-payment?platform=web&ui=elements#retrieve-the-client-secret

-- with the server and the client parts.

[lilliputten]

Client secret is populated correctly into HTML template

Can you point what is incorrect there now?

Are you talknig about STRIPE_PUBLISHABLE_KEY parameter?

Or that secret which we get from teh server-side stripe api with a local request?

[cmutel]

But as I see it in the documentation, it's about the same:

I was looking at the Python docs with server side rendering. But I think it's perfect to do this in JS and avoid the redirect, if possible. The Python docs show the call to get the client secret on the server.

Can you point what is incorrect there now?

We don't call the API, so don't have access to the specific PaymentIntent client secret in the first place? Please read the docs, they do a very good job explaining this, better than I can.

[lilliputten]

Payment element is rendered in correct template

Is it about iframe node? What is wrong now?

But as I see it in the documentation, it's about the same:

I was looking at the Python docs with server side rendering. But I think it's perfect to do this in JS and avoid the redirect, if possible. The Python docs show the call to get the client secret on the server.

Can you point what is incorrect there now?

We don't call the API, so don't have access to the specific PaymentIntent client secret in the first place? Please read the docs, they do a very good job explaining this, better than I can.

Api is already calling in the billing_event_payment_stripe_create_checkout_session method of dds_registration/views/billing_event_stripe.py. It's calling from js code and the secret passes to stripe js client to render the form.

I still don't understand. I haven't dug the intents docs completely, but I saw there the similar approach (by the link above: js client asks the local endpoint which gets the secret from stripe backend api).

[cmutel]

Is it about iframe node? What is wrong now?

I don't know if anything is wrong now or not, just listing off the elements of the expected workflow

Api is already calling in the billing_event_payment_stripe_create_checkout_session method of dds_registration/views/billing_event_stripe.py. It's calling from js code and the secret passes to stripe js client to render the form.

Yep, I see that now. So I think the changes needed should be minimal - that's great! The biggest difference is that Checkout is built around payment links which are already defined, but I want to move to completely custom defined purchases. But all across their docs Stripe recommends using PaymentIntent for regulatory and future-looking reasons, so best to get it done now.