jameswoo-stripe
commented
2 years ago @josemifever thanks for reporting this issue, our team will take a look.
Open josemifever opened 2 years ago
jameswoo-stripe
commented
2 years ago @josemifever thanks for reporting this issue, our team will take a look.
josemifever
commented
2 years ago @brnunes-stripe @skyler-stripe Hi guys, any update on this? sorry for the ping 🙏
skyler-stripe
commented
2 years ago Hey there,
Still investigating this. I'm curious if you have a a minimal app to reproduce this or some example code. I'm mostly wondering why you're forcing 3ds2 on a non 3ds2 card, I think that's maybe causing the issue.
josemifever
commented
2 years ago Hey,
I don't have any simple code, but you should be able to reproduce it with the same code that you used in the another issue.
Have you tried to force 3ds? We are sending { "required_3ds": True } in the payment intent metadata, at creation time, and then in our rules we have the following:
This way you should reproduce it.
Following the trace, I found that the callback url is different than the last issue, it looks this way:
https://hooks.stripe.com/three_d_secure/authenticate?client_secret=src_client_secret_wAYsIMmCJZUlaRcIiPWqiEEK&livemode=false&merchant=acct_1EIHscLQ9tHHlgNY&return_url=https%3A%2F%2Fhooks.stripe.com%2Fredirect%2Fcomplete%2Fsrc_1LDNxqLQ9tHHlgNYPOM3fe4S%3Fclient_secret%3Dsrc_client_secret_wAYsIMmCJZUlaRcIiPWqiEEK%26source_redirect_slug%3Dtest_YWNjdF8xRUlIc2NMUTl0SEhsZ05ZLF9MdkVReWlTVTFaYjg3TnZPbHN2cWZjWTF3dm9mcnBM0100eGcGozyL&source=src_1LDNxqLQ9tHHlgNYPOM3fe4S&source_redirect_slug=test_YWNjdF8xRUlIc2NMUTl0SEhsZ05ZLF9MdkVReWlTVTFaYjg3TnZPbHN2cWZjWTF3dm9mcnBM0100eGcGozyL&usage=single_useThis don't match any completion URL, so I think the problem comes from there.
Hope it helps 🙏
skyler-stripe
commented
2 years ago That should be all I need. We're currently investigating another 3ds2 issue internally and this may be related. It's difficult to test, but I should have an update for you in the coming ~week.
Feel free to ping me if you want an update, but I'll try to keep this issue updated too.
skyler-stripe
commented
2 years ago Hey there,
We're still trying to prioritize working on 3ds2 things. For now, a work around would be using the webflow. It uses webviews instead of our native SDK and circumvents a lot of issues.
If you're interested you can email your merchant IDs to 3ds2-mobile-fallback@stripe.com and we can get it going for you. Otherwise I'll keep this ticket updated for you
tgensol
commented
1 year ago Any news on this one ?
jameswoo-stripe
commented
1 year ago Hi @josemifever, is it possible to share the payment intent object related to this issue? It should look like pi_abc123 do not share the client secret. We are seeing other issues like this.
josemifever
commented
1 year ago @jameswoo-stripe Sure, this was obtained from our sandbox env pi_3M4OtyLQ9tHHlgNY1sHSFaso.
jameswoo-stripe
commented
1 year ago @josemifever thank you! It appears that each payment flow is going through the web fallback and not through the mobile SDK. I am working with our authentication team (who know more about this web flow) to get some more insights. It could be happening because the card doesn't require 3DS flow? I will investigate more and let you know what I find. Thanks for your patience!
josemifever
commented
1 year ago Yes, this card doesn't require it, but we are forcing it through a rule. Thank you for your help 🙏
jaynewstrom-stripe
commented
2 months ago Hi @josemifever I suspect this has been fixed. Are you still able to reproduce it?
Summary
This problem was fixed in https://github.com/stripe/stripe-android/issues/5059 for 3DS2 cards. But the same issue is happening for non-required 3DS cards, like 4242424242424242. See the video attached. This card usually doesn't trigger the 3DS flow but we are forcing it when the payment intent is created in the backend. Can you please take a look? 🙏
Video
https://user-images.githubusercontent.com/98746994/172122550-4d628932-4e27-4738-befe-f419cd36f99c.mp4
Stripe logs