Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to disable paypal one-touch in public kiosk PC #595

Open
joweste opened this issue Feb 10, 2018 · 12 comments
Open

How to disable paypal one-touch in public kiosk PC #595

joweste opened this issue Feb 10, 2018 · 12 comments
Labels

Comments

@joweste
Copy link

@joweste joweste commented Feb 10, 2018

Hi, I am developing a kiosk web app.
This kiosk app will be, off course, in a public PC.
The customers can to buy items in the kiosk and will can pay using paypal.
I am using paypal express checkout with a button.
As I am using a public PC, I´d like to disable one-touch settings for security needs, because many customers can use the Kiosk.

How could I solve it?

I am using angularjs in my front end from paypal development docs in: https://developer.paypal.com/docs/integration/direct/express-checkout/integration-jsv4/client-side-REST-integration/

paypal1

@bluepnume

This comment has been minimized.

Copy link
Member

@bluepnume bluepnume commented Feb 13, 2018

@walmik is this an option provided by login?

@walmik

This comment has been minimized.

Copy link
Member

@walmik walmik commented Feb 13, 2018

Yes @bluepnume the option is provided by login but it is controlled by xo. I ll check if there s some way around this and update this thread tomorrow.

@joweste

This comment has been minimized.

Copy link
Author

@joweste joweste commented Feb 13, 2018

Thank you. I will expect it

@joweste

This comment has been minimized.

Copy link
Author

@joweste joweste commented Feb 13, 2018

Only as additional info, I have noted after a user make login in the kiosk mode and make a acquisition, the next user can use the login of the old user to make acquisitions. Paypal ask no password again. In kiosk mode, we can´t allow it, off course.
Is there a way to logout after the customer make your acquisitions?

@walmik

This comment has been minimized.

Copy link
Member

@walmik walmik commented Feb 13, 2018

Hello @joweste One Touch cannot be bypassed, however we are working with our product owners to find a resolution for this issue. As for your second question regarding signing out, user has to explicitly sign out (or clear cookies)

I d imagine it s not possible but I ll throw it out anyway, is there some control that you have in your Kiosk app such that it opens up Chrome in a incognito mode always so that the cookies dropped dont persist? If you indeed can, then every time the browser is closed, the cookies will be gone and the next one will be a fresh request again.

@joweste

This comment has been minimized.

Copy link
Author

@joweste joweste commented Feb 14, 2018

Hello @walmik , I did a test and run chrome in incognito and kiosk mode as:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk http://localhost --kiosk-printing --incognito

With this settings, after a customer login into paypal checkout at first time and finish your aquistions, it stays logged in paypal forever. The next customer using the KIOSK can to buy items using the account of the previous customer.
This is a Kiosk app and the navigator can´t be closed and reopened to next customer. There will be no worker to do it.
When a customer finish your acquisitions with paypal, the start page of goods is reloaded and wait the next customer.
The problem is the new customer will can buy items using the previous custommer account.
And, we can not trust the customer will click to logout. Many customers will not do that. We have to think about the worst hypothesis, because the money of a customer is in risk.
Additionaly, after a customer finish your acquistion, the paypal checkout is automatically closed and there is no way to logout.

@joweste

This comment has been minimized.

Copy link
Author

@joweste joweste commented Feb 14, 2018

I think a logout javascript function is a real need in many cases. This would bring more security to customers and the paypal. If I can not logout, for security reasons, I will have to use, even against my will, other gateway.
Here is some related questions:
https://www.paypal-community.com/t5/Access-and-security/How-to-be-auto-logged-out-after-being-directed-to-Paypal-from/td-p/651431
https://www.paypal-community.com/t5/About-Settings/Automatic-log-out/td-p/1139217?profile.language=en
https://www.paypal-community.com/t5/eBay-and-PayPal-Archive/if-using-ebay-remember-to-signout-of-paypal/td-p/857

@walmik

This comment has been minimized.

Copy link
Member

@walmik walmik commented Feb 15, 2018

You re right, incognito mode (even if it had worked) certainly cant be a solve. However as I mentioned we are working with our product owners to find a resolution for this issue - which is more like a feature I would say.

@bluepnume bluepnume added the feature label Mar 2, 2018
@Props0

This comment has been minimized.

Copy link

@Props0 Props0 commented Nov 19, 2018

it pass some time, but this feature is not yet implemented ? i have the same problem using a web kiosk

@bluepnume

This comment has been minimized.

Copy link
Member

@bluepnume bluepnume commented Dec 5, 2018

@walmik have there been any developments on this one?

@walmik

This comment has been minimized.

Copy link
Member

@walmik walmik commented Dec 6, 2018

HI @Props0 and @joweste I discussed with @bluepnume and we did identify some options for the way forward. I ll let @bluepnume communicate on the ETA but by the looks of it, we ll have a solution that addresses all the concerns outlined here in this issue.

@sankaran45

This comment has been minimized.

Copy link

@sankaran45 sankaran45 commented Jan 7, 2019

any updates on this ? we need some kind of invalidate session on checkout.js, that will internally cause the cookies that are put from paypal to be deleted -otherwise, even when we switch users, the new user gets to see the full paypal information of the prior user ... which is really bad and makes the checkout.js library completely unusable.

if i misunderstood anything, apologies in advance, please do let me know the correct way to use the APIs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.