Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Onsite payment gateways need to support 3D Secure.
When the PaymentProcess pane is reached, the onsite payment gateway should be able to request a redirect and handle the return, just like the offsite payment redirect/return is handled (plugin form & onReturn method). The plugin form is important to give gateways an option between redirect/iframe/fancy JS dialog.
Stripe: https://stripe.com/docs/sources/three-d-secure
Braintree: https://developers.braintreepayments.com/guides/3d-secure/client-side/ja...
Comments
Comment #2
bojanz commentedI'll handle this when the time comes.
Comment #3
mitrpaka commentedMay not be ideal solution, but for Payone's credit card payments I added support for 3D Secure by "borrowing" relevant routes and controller from offsite payment gateway.
https://www.drupal.org/sandbox/mitrpaka/2849906
Comment #4
bojanz commentedThis will have to happen after RC1.
Comment #5
nishruu commentedHi @bojanz. I know it's only a feature and more urgent issues are probably in the queue, but do you know when this can be added ? I would like to help but I'm not sure I understand how to cover the whole issue apart from my Stripe need (you mentioned redirect but also iframe or fancy JS dialog...)
Comment #6
aumcara commented+1 for Nishruu
This should be nice to have the 3D Secure supported within Stripe.
Comment #7
bojanz commentedLooks like there is no need to do this, thanks to the imminent arrival of 3D Secure 2.0.
The EU is mandating 3D Secure 2.0 from September 2019, which supports not using redirections (you can use an iframe/modal), and both Stripe and Braintree are implementing that, so they no longer need the redirect support.
Comment #8
longwaveTentatively reopening this, as I have recently implemented 3D Secure 1 and 2 on top of a custom Adyen payment gateway module, which takes credit card onsite except when an offsite redirect to 3D Secure is required.
To implement this in the cleanest way I had to subclass PaymentProcess and override the default pane with hook_commerce_checkout_pane_info_alter(). I added a new Needs3DSecureException which is thrown by the gateway plugin as required and caught in the subclass where I use the standard offsite form to redirect automatically to the 3D Secure URL. The payment gateway plugin implements both OnsitePaymentGatewayInterface and OffsitePaymentGatewayInterface in order to handle both types of transaction with standard Commerce methods.
I can probably clean this up and post a patch if this would be useful in core for other payment gateway plugins to use. At the very least it would be helpful if PaymentProcess::buildPaneForm() was refactored and the main if statement was broken down into different protected methods - this would make overriding the class simpler.