Unexpected behavior after enabling "new checkout"

[giilby]

Describe the bug We use the WooCommerce Subscriptions plugin and sell both one-off and subscription products. After enabling the "new checkout," I noticed that older saved credit cards (having tokens beginning with src_) were no longer visible on /checkout/ or /my-account/payment-methods/. I know why this is: https://github.com/woocommerce/woocommerce-gateway-stripe/pull/3241. The related changelog entry states, "Prevent saved SEPA Sources from being displayed as available payment methods when the Updated checkout experience is enabled." However, we're not using SEPA Sources at all: every single one of our payment tokens is for a credit card. Per Stripe's Payment Methods API docs, "If you previously collected card customer payment details with Stripe using cards or Sources, you can start using the Payment Methods API immediately without migrating any payment information."

In light of this, shouldn't the plugin allow src_ tokens with type 'CC' to continue to be available for customers to use?

To Reproduce

1. Enable "new checkout" on a test store that has legacy src_ Credit Card (CC) tokens
2. Start a checkout (or navigate to /my-account/payment-methods/) for a user that has a src_ CC token
3. Note that the card is not presented to the user

Expected behavior Old src_ CC tokens remain usable by customers. The current behavior is confusing, as recurring subscriptions do continue to reference the old cards, but those cards are no longer accessible for use/management by the user. Again, Stripe says they support usage of old credit card sources with the new Payment Methods API. If they didn't, we'd have a very big problem on our hands, as subscription renewals would start failing until customers added a new card (or we figured out how to do a migration). Notably, a migration tool is available for folks who've accepted SEPA payments in the past, but this is irrelevant to card payments (as reinforced by another Stripe article titled, "Shutdown of the legacy Sources API for non-card payment methods").

Environment (please complete the following information):

• WordPress Version - 6.6.2
• WooCommerce Version - 9.3.2
• Stripe Plugin Version - 8.7.0
• WooCommerce Subscriptions - 6.7.0

Thanks in advance for looking into this!

[james-allan]

In light of this, shouldn't the plugin allow src_ tokens with type 'CC' to continue to be available for customers to use?

In short, yes, that's correct. I replied to the comment you made on the PR but I just saw you have captured the issue perfectly with this line.

In #3241 we blanketly prevented saved source payment methods from being displayed in the store, partly because we treated src_ objects synonymously with SEPA tokens^* and because Stripe have deprecated Sources. In reality it's more nuanced. Stripe have deprecated source object usage with the payment methods API for LPMs (eg SEPA) but they continue to work for cards - see note at the top of this page https://docs.stripe.com/sources.

* I think we were was also operating on the understanding (perhaps mistakenly) that all payment method types have generated pm_ tokens for a long time. However, Express payment buttons (eg Google Pay) are still generating sources objects (src_) and folks may have been using the legacy system up until recently and may still have source objects in circulation.

[giilby]

@james-allan Thanks for the update; we'll wait to enable the new checkout until a fix is available.

[mattallan]

Thanks @giilby. I'm happy to share that we've merged a fix for this issue (see #3513) and it should be available in the next Stripe release.

Please note that any src_ that were previously removed/deleted as a result of this issue will be automatically fetched from Stripe and re-added to your woocommerce_payment_tokens tables whenever a customer visits the checkout page or their My Account > Payment methods page.