Package com.broadleafcommerce.vendor.stripe.service.paymentintent

Interface PaymentIntentAccessTokenService

All Known Implementing Classes:

DefaultPaymentIntentAccessTokenService

public interface PaymentIntentAccessTokenService

This service is responsible for generating and validating an access token used when gathering a Stripe PaymentIntent.

This was added primarily to assist with custom micro-deposit page interactions for ACH payments by providing a way to obtain the PaymentIntent's client secret. While the client secret is a necessary data point to complete this interaction, it's a key part of the credentials that can be used to execute transactions against the PaymentIntent. Therefore, we need to be cautious about how it can be obtained & who has access to it. To help secure this data point & the overall PaymentIntent, an access token is required to gather a PaymentIntent.

NOTE: The PaymentIntent's client secret should never be persisted, logged, embedded in a url, or exposed to anyone other than the customer.

Author:

Dima Myroniuk (dmyroniuk)

See Also:

• StripeConfigurationProperties.getMicroDepositVerificationURL(java.lang.String, java.lang.String)
• StripeConfigurationProperties.getPaymentIntentAccessTokenSecret(java.lang.String, java.lang.String)

Method Summary

Modifier and Type	Method	Description
String	generateAccessToken(String paymentIntentId, String applicationId, String tenantId)	Generates the access token based on the PaymentIntent's id
void	validatePaymentIntentAccess(String paymentIntentId, String accessToken, String applicationId, String tenantId)	Validates that the PaymentIntent can be read

Method Details

generateAccessToken

String generateAccessToken(String paymentIntentId,
 @Nullable
 String applicationId,
 @Nullable
 String tenantId)

Generates the access token based on the PaymentIntent's id

Parameters:

paymentIntentId - the PaymentIntent ID

applicationId - the id for the current application

tenantId - the id for the current tenant

Returns:

the access token

Throws:

StripePaymentIntentAccessTokenGenerationException - if the token generation failed

validatePaymentIntentAccess

void validatePaymentIntentAccess(String paymentIntentId,
 String accessToken,
 @Nullable
 String applicationId,
 @Nullable
 String tenantId)

Validates that the PaymentIntent can be read

Parameters:

paymentIntentId - the PaymentIntent ID

accessToken - the access token

applicationId - the id for the current application

tenantId - the id for the current tenant

Throws:

StripePaymentIntentAccessTokenInvalidException - if the access token is not valid

StripePaymentIntentAccessTokenGenerationException - if the access token cannot be generated due to invalid configuration or any other error