You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The instrument id is minted by the relying party. Could we design this so that the instrument id never leaves the payment handler or browser?
For example, if the browser returned a hash of the instrument id and the merchant origin, then the merchant could send that hash (and their origin) to the RP and the RP could figure out the underlying instrument id. I realize that may be cumbersome for the RP (e.g., if they have to process a large number of instrument ids). I mention it here as an example of trying to figure out a way to not reveal the instrument id to the PR API caller.
The instrument id visibility problem seems relevant with or without payment handlers.
The text was updated successfully, but these errors were encountered:
Reposting a question from @ianbjacobs:
The instrument id is minted by the relying party. Could we design this so that the instrument id never leaves the payment handler or browser?
For example, if the browser returned a hash of the instrument id and the merchant origin, then the merchant could send that hash (and their origin) to the RP and the RP could figure out the underlying instrument id. I realize that may be cumbersome for the RP (e.g., if they have to process a large number of instrument ids). I mention it here as an example of trying to figure out a way to not reveal the instrument id to the PR API caller.
The instrument id visibility problem seems relevant with or without payment handlers.
The text was updated successfully, but these errors were encountered: