New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent double spending through retry #882
Comments
Hi @crowgames, The paymentRequestId attribute should help. It is set to the (unique) id of the payment request [1]. So the payment handler should be able to know that this is the same transaction. Let me know if this would work for your use case. Ian |
Thanks for your reply @ianbjacobs! |
A user cannot switch payment handlers during retry. One can only change the things being retried (eg. new credit card expiry date). |
Reading the specification, I wonder how a payment handler would be able to prevent double spending when a user issues a Payment Request retry().
As of my understanding, a Payment Handler probbably triggers a payment after receiving a PaymentRequestEvent.
Through the retry, a second PaymentRequestEvent is triggered, which is identical to the first one. For an unaware Payment Handler this would lead to double spending.
In case of switching Payment Method/Handler through a retry, the first Payment Handler stays unaware of the retry mechanism and the second one is unaware of this being a retry.
Which would lead to double spending as well, wouldn't it?
Am I missing something in this interpretation of the specifications?
Is there a way of the PaymentHandler to detect a retry or deal with this issue in general?
The text was updated successfully, but these errors were encountered: