Omnipay with 3D secure

Question

I'm trying to create a custom gateway using omnipay for an unsupported payment gateway. However I'm having a difficult time creating the response class for my provider's 3D secure implementation.

I've had a look at sagepay, but the response for 3D secure seems to all be returned in 1 api request.

To complete a 3D secure payment I need to perform the following actions:

API request to check if the card is enrolled in 3D secure
Redirect the user (POST - Hidden Form) to a url
API request to verify the 3D secure value
Make the payment (PurchaseRequest)

Do I need a different response classes for each api request? So VerifyEnrolledResponse, VerifySigResponse and PurchaseResponse?

or do I need something like this:

if ($response->isSuccessful()) {
    // payment was successful
} elseif ($response->isRedirect()) {
    // redirect to offsite payment gateway
    $response->redirect();
} elseif ($response->notEnrolled() {
    // User not enrolled in 3D secure - make auth or display error
} elseif ($response->3DSecureSuccess() {
    // Card passed 3D secure
} else {
    // payment failed: display message to customer
    echo $response->getMessage();
}

Really lost here, I want to keep it abstracted with isSuccessful(), isRedirect() etc. Any help is really appreciated.

Documentation: https://resourcecentre.globaliris.com/documents/pdf.html?id=98

Can you post a link to the gateway docs? – Adrian Macneil Oct 31 '13 at 21:58 — Adrian Macneil, Oct 31 '13 at 21:58
I've added a link to the question. Thanks for your help. – paul Nov 01 '13 at 15:55 — paul, Nov 01 '13 at 15:55

score 2 · Accepted Answer · answered Nov 01 '13 at 19:45

2

It looks like global iris does things differently, in that they require you to make the 3d secure request separately to the initial charge. So there are three steps (request 3dsecure, verify 3dsecure, make payment).

To keep things in line with the omnipay way of doing things I would combine the last two steps. So when you call purchase(), make the 3ds-verifyenrolled request and return a redirect response if the request is successful.

Then, when the customer returns from 3dsecure, in your completePurchase() method, first verify the 3dsecure signature, then if the signature/3dsecure was successful, make a payment request to their server and return the response.

answered Nov 01 '13 at 19:45

Adrian Macneil

13,017
5
57
70

The result from "verifyenrolled" could be 00 if a redirect is required or 110 if a purchase should be straight away. So in the send() method, I need to check this value and either return a RedirectResponse or make a payment request? – paul Nov 04 '13 at 11:56
Also, the docs state that the completePurchase() method must have the same params as purchase(), but how do I verify the 3dsecure signature unless I pass it in to the completePurchase() method? – paul Nov 04 '13 at 14:56
Yes that sounds about right. Have a look at the other gateways. The httpRequest is passed into the request class as well so you can use that to access GET/POST variables. – Adrian Macneil Nov 04 '13 at 21:10
Apologies for my lack of understanding, this is the first library I've used (it's great)! If possible, can you point me to some example usage of the completePurchase method? I'm a bit confused about the params I need to pass into the completePurchase method. – paul Nov 05 '13 at 11:40
Sure. This is probably a good example: https://github.com/adrianmacneil/omnipay/blob/master/src/Omnipay/AuthorizeNet/Message/SIMCompleteAuthorizeRequest.php – Adrian Macneil Nov 05 '13 at 11:47

Omnipay with 3D secure

1 Answers1