Support radarOptions for saved PMs with CSC in ConfirmationToken flow #11757
+76
−6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add tests to verify that hCaptcha tokens (radarOptions) are properly passed through to confirm params when using saved payment methods with client-side confirmation (CSC) and confirmation tokens. Tests verify: - radarOptions included in confirm params when hCaptchaToken is provided - radarOptions excluded when hCaptchaToken is null Updated test helpers to support CSC flow testing by adding parameters for observing confirmPaymentIntent calls and controlling intent status. Tests currently fail as implementation is pending. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> Committed-By-Agent: claude
Add radarOptions/hCaptcha support for saved payment methods when using client-side confirmation (CSC) with confirmation tokens. This addresses the gap where radarOptions couldn't be passed for saved PMs in the CT flow, only for new PMs (via payment_method_data.radar_options). Implementation: - Add radarOptions parameter to ConfirmStripeIntentParamsFactory.create(confirmationTokenId) - Thread hCaptchaToken through ConfirmationTokenConfirmationInterceptor CSC flow - Convert hCaptchaToken to RadarOptions when creating confirm params The solution "tacks radar_options onto the confirm params outside of the CT" as discussed, since the ConfirmationToken API doesn't support radar_options directly for saved PMs. This is a CSC-only feature - SSC is not supported (merchant responsibility). Tests verify radarOptions are correctly included/excluded based on hCaptchaToken presence for saved PM + CSC flow. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> Committed-By-Agent: claude
Remove the unused observedConfirmParams parameter from test helper functions. The radarOptions tests now extract params directly from the action result using asConfirmParams<ConfirmPaymentIntentParams>(), making the Turbine observation of network calls unnecessary. Changes: - Removed observedConfirmParams parameter from createFakeStripeRepositoryForConfirmationToken - Removed confirmPaymentIntent override (never called in CSC flow) - Removed observedConfirmParams from runConfirmationTokenInterceptorScenario signature - Updated radarOptions tests to not pass unused observedParams parameter This simplifies the test helpers and makes them more focused on what they actually need to observe. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> Committed-By-Agent: claude
cttsai-stripe
requested review from
amk-stripe,
jaynewstrom-stripe,
porter-stripe and
toluo-stripe
|
Diffuse output: APKDEX |
| abstract fun create( | ||
| confirmationTokenId: String | ||
| confirmationTokenId: String, | ||
| radarOptions: RadarOptions? = null |
There was a problem hiding this comment.
I'd think we'd always want to specify a value for radar options here. Should we remove the null default?
There was a problem hiding this comment.
Not sure this looks right we should:
- New PMs: Don’t set radar options on confirm, it is already present on payment method data when creating a confirmation token
- Saved PMs: Set radar options at confirm time (not when creating the confirmation token)
There was a problem hiding this comment.
For saved payment methods we should confirm the intent with the following args:
- confirmation_token
- radar_options
There was a problem hiding this comment.
There was a problem hiding this comment.
Oh nvm this is on the create params, not create CT.
There was a problem hiding this comment.
Yeah I think this PR has done what is required. I just removed the null default, which is not needed.
| intent = intent, | ||
| confirmationToken = confirmationToken, | ||
| shippingValues = shippingValues, | ||
| hCaptchaToken = null, |
There was a problem hiding this comment.
Why is this null?
There was a problem hiding this comment.
For new PM, radar options is attached in paymentMethodData.radarOptions if provided. hCaptchaToken = null here means we don't need to send radar options when confirming the intent. Sending radar options when confirming the intent is only required for saved PM.
There was a problem hiding this comment.
Probably worth a code comment saying this!
There was a problem hiding this comment.
Yh, this is accurate. For new PMs, radar options is added to the create_params which will be transformed to paymentMethodData.radarOptions
You can find more details here
cttsai-stripe
force-pushed
the
cttsai/ct-radar-options
branch
from
7d956f9 to
8a54a8a
Compare
jaynewstrom-stripe
approved these changes
Oct 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Add radarOptions/hCaptcha support for saved payment methods when using client-side confirmation (CSC) with confirmation tokens. This addresses the gap where radarOptions couldn't be passed for saved PMs in the CT flow, only for new PMs (via
payment_method_data.radar_options)Motivation
The solution "tacks radar_options onto the confirm params outside of the CT" as discussed in this Slack thread, since the ConfirmationToken API doesn't support radar_options directly for saved PMs.
Testing
Screenshots
Changelog