Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nonce is already 3D Secure #165

Open
danielebart opened this issue Dec 3, 2019 · 5 comments
Open

Nonce is already 3D Secure #165

danielebart opened this issue Dec 3, 2019 · 5 comments

Comments

@danielebart
Copy link

danielebart commented Dec 3, 2019
edited
Loading

General information

  • SDK/Library version: 4.4.1
  • Environment: Sandbox and Production

Issue description

The result of the DropInActivity is ErrorWithResponse (422): Nonce is already 3D Secure when the activity is destroyed.

Steps to Reproduce:

  • Enable Don't keep activities in the Android Dev Menu.
  • Perform a payment with a saved payment method which requires a 3D Secure verification.
  • Complete the 3DS verification.
  • The result from the DropInActivity in the onActivityResult is ErrorWithResponse (422): Nonce is already 3D Secure.

This is an old related issue in the braintree_android repo: braintree/braintree_android#181

I was able to reproduce this issue also on the Demo app in the repo:

Screenshot_1575384256
@danielebart
Copy link
Author

danielebart commented Dec 4, 2019
edited
Loading

After digging a bit into the Dropin code, it's quite clear that ThreeDSecure#performVerification it's called again after retuning from the 3DSecure verification when the DropInActivity is destroyed.

@sestevens
Copy link
Contributor

@danielebart Thanks for opening this issue. We'll take a closer look and post updates here.

@sarahkoop
Copy link
Contributor

Hi @danielebart - We've released version 6.0.0-beta2 of the Drop-in SDK that should resolve this issue. We will post an update here when it has reached general availability.

@soarb
Copy link

soarb commented Aug 11, 2022

@sarahkoop @danielebart I can confirm that this still appears to be in issue with drop-in:6.2.0.

This is in our Sandbox environment with test cards: 4000000000001091 and 4000000000001109. Seemingly anything that actually triggers the 3DS Flow.

On entering the OTP code in the challenge UI, once the browser switch returns to our App, I can see in our logs the expected liability shifted and possible flags are correct, based on the test card's scenario as described here

We're able to mitigate this, as the first successful lookup and verification is returned to our App and we don't process the duplicate, which causes the "nonce is already consumed" error to be logged in the background.

Can anyone please confirm that there's a fix for this?

@soarb
Copy link

soarb commented Aug 11, 2022

Also the same occurs when choosing Google Pay as the payment method (for a non network tokenized card).

Again, I only take the first response as all associated Activities (should!) have been disposed of, so the second call doesn't make it back to my App

In this case the second lookup which gets triggered (I honestly have no idea how!) and subsequently handed off to the ThreeDSecureClient's continuePerformVerification method results in the following error:-

{"error":{"message":"Record not found"},"fieldErrors":[]}

Whereas the first call works fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@soarb @danielebart @sestevens @sarahkoop