stripe-android
stripe-android copied to clipboard
stripe
[BUG] Payment authentication get stuck
Summary
This problem was fixed in https://github.com/stripe/stripe-android/issues/5059 for 3DS2 cards. But the same issue is happening for non-required 3DS cards, like 4242424242424242. See the video attached. This card usually doesn't trigger the 3DS flow but we are forcing it when the payment intent is created in the backend. Can you please take a look? 🙏
Video
https://user-images.githubusercontent.com/98746994/172122550-4d628932-4e27-4738-befe-f419cd36f99c.mp4
Stripe logs
I/StripeSdk: Request-Id: req_XWD7l5wTs53bbl, Status Code: 200
I/StripeSdk: Event: stripe_android.payment_intent_confirmation
I/StripeSdk: Request-Id: req_HVF9T5Ex9ICyPf, Status Code: 200
I/StripeSdk: Event: stripe_android.payment_intent_retrieval
I/StripeSdk: Event: stripe_android.3ds1_sdk
D/StripeSdk: PaymentAuthWebViewActivity#onCreate()
D/StripeSdk: PaymentAuthWebViewActivity#customizeToolbar()
D/StripeSdk: PaymentAuthWebViewActivity#onCreate() - PaymentAuthWebView init and loadUrl
I/StripeSdk: Event: stripe_android.3ds1_challenge_start
I/StripeSdk: Event: stripe_android.auth_with_webview
D/StripeSdk: PaymentAuthWebViewActivity#onCreateOptionsMenu()
I/StripeSdk: Request-Id: null, Status Code: 200
I/StripeSdk: Request-Id: null, Status Code: 200
I/StripeSdk: Request-Id: null, Status Code: 200
I/StripeSdk: Request-Id: null, Status Code: 200
D/StripeSdk: PaymentAuthWebViewClient#shouldOverrideUrlLoading(): https://hooks.stripe.com/three_d_secure/authenticate?client_secret=src_client_secret_ohKbrOvJzFfjO0YRiZAUSKKc&livemode=false&merchant=acct_1EIHscLQ9tHHlgNY&return_url=https%3A%2F%2Fhooks.stripe.com%2Fredirect%2Fcomplete%2Fsrc_1L8L3bLQ9tHHlgNYRP9P6i8b%3Fclient_secret%3Dsrc_client_secret_ohKbrOvJzFfjO0YRiZAUSKKc%26source_redirect_slug%3Dtest_YWNjdF8xRUlIc2NMUTl0SEhsZ05ZLF9McTE1Vmtqb2lGbEIzWkNJNEFPVWs3MFpYYW5JNGpY0100untc9PQl&source=src_1L8L3bLQ9tHHlgNYRP9P6i8b&source_redirect_slug=test_YWNjdF8xRUlIc2NMUTl0SEhsZ05ZLF9McTE1Vmtqb2lGbEIzWkNJNEFPVWs3MFpYYW5JNGpY0100untc9PQl&usage=single_use
D/StripeSdk: PaymentAuthWebViewClient#updateCompletionUrl()
D/StripeSdk: PaymentAuthWebViewClient#isReturnUrl()
I/StripeSdk: Request-Id: null, Status Code: 200
D/StripeSdk: PaymentAuthWebViewClient#onPageFinished() - https://hooks.stripe.com/three_d_secure/authenticate?client_secret=src_client_secret_ohKbrOvJzFfjO0YRiZAUSKKc&livemode=false&merchant=acct_1EIHscLQ9tHHlgNY&return_url=https%3A%2F%2Fhooks.stripe.com%2Fredirect%2Fcomplete%2Fsrc_1L8L3bLQ9tHHlgNYRP9P6i8b%3Fclient_secret%3Dsrc_client_secret_ohKbrOvJzFfjO0YRiZAUSKKc%26source_redirect_slug%3Dtest_YWNjdF8xRUlIc2NMUTl0SEhsZ05ZLF9McTE1Vmtqb2lGbEIzWkNJNEFPVWs3MFpYYW5JNGpY0100untc9PQl&source=src_1L8L3bLQ9tHHlgNYRP9P6i8b&source_redirect_slug=test_YWNjdF8xRUlIc2NMUTl0SEhsZ05ZLF9McTE1Vmtqb2lGbEIzWkNJNEFPVWs3MFpYYW5JNGpY0100untc9PQl&usage=single_use
D/StripeSdk: PaymentAuthWebViewClient#hideProgressBar()
@josemifever thanks for reporting this issue, our team will take a look.
@brnunes-stripe @skyler-stripe Hi guys, any update on this? sorry for the ping 🙏
Hey there,
Still investigating this. I'm curious if you have a a minimal app to reproduce this or some example code. I'm mostly wondering why you're forcing 3ds2 on a non 3ds2 card, I think that's maybe causing the issue.
Hey,
I don't have any simple code, but you should be able to reproduce it with the same code that you used in the another issue.
Have you tried to force 3ds? We are sending { "required_3ds": True } in the payment intent metadata, at creation time, and then in our rules we have the following:
This way you should reproduce it.
Following the trace, I found that the callback url is different than the last issue, it looks this way:
https://hooks.stripe.com/three_d_secure/authenticate?client_secret=src_client_secret_wAYsIMmCJZUlaRcIiPWqiEEK&livemode=false&merchant=acct_1EIHscLQ9tHHlgNY&return_url=https%3A%2F%2Fhooks.stripe.com%2Fredirect%2Fcomplete%2Fsrc_1LDNxqLQ9tHHlgNYPOM3fe4S%3Fclient_secret%3Dsrc_client_secret_wAYsIMmCJZUlaRcIiPWqiEEK%26source_redirect_slug%3Dtest_YWNjdF8xRUlIc2NMUTl0SEhsZ05ZLF9MdkVReWlTVTFaYjg3TnZPbHN2cWZjWTF3dm9mcnBM0100eGcGozyL&source=src_1LDNxqLQ9tHHlgNYPOM3fe4S&source_redirect_slug=test_YWNjdF8xRUlIc2NMUTl0SEhsZ05ZLF9MdkVReWlTVTFaYjg3TnZPbHN2cWZjWTF3dm9mcnBM0100eGcGozyL&usage=single_use
This don't match any completion URL, so I think the problem comes from there.
Hope it helps 🙏
That should be all I need. We're currently investigating another 3ds2 issue internally and this may be related. It's difficult to test, but I should have an update for you in the coming ~week.
Feel free to ping me if you want an update, but I'll try to keep this issue updated too.
Hey there,
We're still trying to prioritize working on 3ds2 things. For now, a work around would be using the webflow. It uses webviews instead of our native SDK and circumvents a lot of issues.
If you're interested you can email your merchant IDs to [email protected] and we can get it going for you. Otherwise I'll keep this ticket updated for you
Hi @josemifever, is it possible to share the payment intent object related to this issue? It should look like pi_abc123 do not share the client secret. We are seeing other issues like this.
@jameswoo-stripe Sure, this was obtained from our sandbox env pi_3M4OtyLQ9tHHlgNY1sHSFaso.
@josemifever thank you! It appears that each payment flow is going through the web fallback and not through the mobile SDK. I am working with our authentication team (who know more about this web flow) to get some more insights. It could be happening because the card doesn't require 3DS flow? I will investigate more and let you know what I find. Thanks for your patience!
Yes, this card doesn't require it, but we are forcing it through a rule. Thank you for your help 🙏