Contribution of new Stripe module supporting Apple Pay, Google Pay, SCA (incl. 3D Secure)

[fhebel]

Ciao ragazzi,

for my own purposes I had to develop a new Stripe module, which supported SCA (Strong Customer Authentication) because of the European Union PSD2 (Payments Service Directive 2). The new module is based on PaymentIntent and as a nice add-on it comes with Apple Pay and Google Pay.

Is there any interest in the new module and if so, should it replace the old Stripe module or should it be an entirely new module?

I'm looking forward to receiving your comments.

Tanti saluti

Florian

[thiennn]

A new module for Stripe is preferred. Really looking forward to your PR

[fhebel]

@thiennn Any suggestions for the name?

[thiennn]

SimplCommerce.Module.PaymentStripeV2 ?

[tavershimafx]

SimpleCommerce.Module.PaymentStripeRev

[fhebel]

Short update on this issue: The module will be called SimplCommerce.Module.PaymentStripeV2 as suggested by thienn. In the meantime I added already the persistence layer for the stripe session-ids. The only part still missing is the PaymentBackgroundService, which will finalize the payment, if the call-back is not triggered by the user's browser.

Hopefully I will have some time these days to finish the development ...

[horseyhorsey]

@fhebel Thanks for doing this. I have noticed Stripe are sending out email warnings for using the existing payment module.

[fhebel]

Hi @horseyhorsey,

would you be willing to help me testing the new module once I finished coding? You know, I believe the developer is the worst tester for his own code.

Thanks in advance.

Best regards,

Florian

[horseyhorsey]

@fhebel Yes sure, I would need to test before going live anyway, no problem.

[fhebel]

One issue has still to be solved: for registration of Apple Pay one needs to provide a url like e.g. https://demo.simplcommerce.com/.well-known/apple-developer-merchantid-domain-association (.well-known/apple-developer-merchantid-domain-association in the root path) containing some kind of guid.

Unfortunately the .Net Core PhysicalFileProvider interprets the full stop in ".well-known" as hidden file or directory and doesn't offer it for download.

Advice is welcome!

[fhebel]

@horseyhorsey Ready for testing (#928)

[horseyhorsey]

Sorry, only just caught this message last night. Looks like September 14th is deadline for SCA.

This is too hard for me to test without making work. Spent a good hour or so trying to build it then I decided to roll my own. There are changes to the database and additions I don't the see the point of when already has a payment table that can deal with "Failed attempts".

Personally for me StripeV2 is very much like the module we have but we will create order after payment and cater for some webhook to create the order.

[fhebel]

Hi @horseyhorsey,

actually the deadline for SCA was already on 14th of September 2019 ...

The implementation of the StripeV2 module is totally different because it's based on Stripe.net version 37.8.0 using Sessions and PaymentAttempts.

The need for the additional table comes from the fact that the new process is divided into the following steps:

1. We create a so-called Session server-side (with call-back urls for success & failure)
2. The user is redirected to the stripe.com site specifying the Id of the previously created session
3. If we're lucky we get a call-back to handle the status of the payment

So it's really important to keep track of that session otherwise our customer might have paid and SimplCommerce is not aware and doesn't create an order for the customer. This is the job of the background service.

Regarding the db schema changes it's really easy. If you use mssql then a simple "dotnet ef database update" will do the trick, otherwise you have to issue the command "dotnet ef migrations add AddPaymentAttempts" first.

I hope that helps.

Best regards,

Florian

[horseyhorsey]

Oh, Thought it was this year, better get it finished tonight then! I forgot to point out we're using MySql for the database work I'd have to do.

My implementation is a simple migration using their checkout page and webhooks which developed locally using the new session. I can create the order / payment before the user is directed to the success page

[fhebel]

I voluntarily chose the client-and-server approach (https://github.com/stripe-samples/checkout-one-time-payments) for two reasons:

• It offers the complete functionality
• It is less prone to be tampered with (successful checkout without having received the payment)

@horseyhorsey Anyway, you might want to share your solution as well?

[horseyhorsey]

Sorry. We dumped Stripe last night and just use Paypal now.