hyperswitch icon indicating copy to clipboard operation
hyperswitch copied to clipboard

Published 20 hours ago verified publisher icon juspay

[BUG] invalidate `payout_token` once the txn is processed

Open kashif-m opened this issue 5 months ago • 5 comments

Bug Description

payout_token can be used for processing payout txns for saved payout methods. This is a short lived token which is generated by customer's PM list API. These tokens should only be used once. However, these are not being invalidated post usage.

Expected Behavior

Tokens should only be used once per payout request. These must be invalidated after completing the payout txn. Same tokens should not be allowed to be consumed for multiple payouts.

Token generated -> Token attached to a payout

Actual Behavior

Same token is being across multiple payout txns. Moreover, these are not being invalidated once the txn reaches the end of it's lifecycle.

Steps To Reproduce

  1. Save a payout method
  2. List customer payment methods for generating payment_token
  3. Use this payout_token in payout create APIs
  4. Complete the payout txn
  5. Use this as payout_token again - should be allowed. Ideal scenario is throwing an error stating Invalid token

Have you spent some time checking if this bug has been raised before?

  • [X] I checked and didn't find a similar issue

Have you read the Contributing Guidelines?

kashif-m avatar Sep 24 '24 08:09 kashif-m