In my Masters' thesis, I found a set of issues with the Web Payment APIs (see #903 for further reference). This is one of the mentioned issues.
It is important that a user agent does not allow for a change of payment handler/method during a retry of a payment request (see #882).
Sadly the specification is not very clear concerning that fact.
The payment handler of a pymen request is selected in the 8th step of the user accepts the payment request algorithm.
Let handler be the payment handler selected by the user.
This 8th step corresponds to a selection that the user performs.
In the retry mechanism, the user accepts the payment request algorithm is executed a second time.
This time the 8th step does not correspond to a payment handler that the user chooses, but to the earlier selected payment handler.
This differentiation is vital since if a second selection of the user is possible, it introduces a possibility of charging a user in one transaction repeated times (depending on the payment handler implementation - see #882).
Since this misinterpretation did already happen in earlier implementation of the Chromium project, a clarification of the spec should take place in my opinion.
In my Masters' thesis, I found a set of issues with the Web Payment APIs (see #903 for further reference). This is one of the mentioned issues.
It is important that a user agent does not allow for a change of payment handler/method during a retry of a payment request (see #882).
Sadly the specification is not very clear concerning that fact. The payment handler of a pymen request is selected in the 8th step of the user accepts the payment request algorithm.
This 8th step corresponds to a selection that the user performs. In the retry mechanism, the user accepts the payment request algorithm is executed a second time. This time the 8th step does not correspond to a payment handler that the user chooses, but to the earlier selected payment handler.
This differentiation is vital since if a second selection of the user is possible, it introduces a possibility of charging a user in one transaction repeated times (depending on the payment handler implementation - see #882).
Since this misinterpretation did already happen in earlier implementation of the Chromium project, a clarification of the spec should take place in my opinion.