-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add verification token to payment request for 3DS/SCA #74
Add verification token to payment request for 3DS/SCA #74
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for making this PR because I was thinking of doing something similar. I just never got the time to focus on the library due to my IRL stuff.
src/SquareService.php
Outdated
@@ -236,6 +236,7 @@ public function charge(array $data) | |||
'amount' => $data['amount'], | |||
'currency' => $currency, | |||
], | |||
'verification_token' => array_key_exists('verification_token', $data) ? $data['verification_token'] : null, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To cover the cases where there is no verification token needed, can we instead of setting it's value as null set the attribute itself only if the value for it exists.
Something along these lines:
if (array_key_exists('verification_token', $data)) {
$prepData['verification_token'] = $data['verification_token'];
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reason for this is that it's bad practice to keep sending null values for attributes used in securing someones identity, especially in financial apps.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, no worries. It's null anyway in the Square CreatePaymentRequest
so you're still kind of sending null values, unless they strip it themselves, but it's not a problem.
@@ -59,6 +59,7 @@ public function buildChargeRequest(array $prepData) | |||
$request->setAutocomplete($prepData['autocomplete']); | |||
$request->setLocationId($prepData['location_id']); | |||
$request->setNote($prepData['note']); | |||
$request->setVerificationToken($prepData['verification_token']); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer if we apply the same approach here for the request, only set the attribute if it's value exists:
if (array_key_exists('verification_token', $prepData)) $request->setVerificationToken($prepData['verification_token']);
No problem on making the PR. A guy working on our project made a fork with this change initially. We only used it to build a create a charge and we store all of the data elsewhere so refactored things so the additional dependency wasn't necessary but I this might be worth pushing back up. |
Can you rebase your changes off of master? There was a glitch with autoloading and github actions |
It should be good now. I'm doing this all through the GitHub site because I'm being too lazy to clone it on my local so sorry if I'm missing something. |
3D Secure (Strong Customer Authentication, or SCA, in the EEA) requires a verification token that is generated on the frontend be sent with the charge.
This just adds the
verification_token
to the$prepData
(null if not present) and then sets it in theCreatePaymentRequest
.In addition the Simple Example could be updated to