recurly-client-ruby: 3DS2 Error Handling Issue when submitting the 3DS2 Action Result Token ID

Describe the bug

I am receiving an error when sending recurly the 3DS2 Challenge response token: three_d_secure_action_result_token_id via the BillingInfo.save! method.

NoMethodError message undefined method value’ for nil:NilClass exception undefined method value' for nil:NilClass

To Reproduce

Test card: 4000000000003220 - challenge flow

  1. Using the Challenge test card, trigger the 3DS2 Challenge flow and call BillingInfo.save! with the resulting three_d_secure_action_result_token_id
 billing_info[:three_d_secure_action_result_token_id] = options[:three_d_secure_action_result_token_id]
 acc.billing_info = billing_info
 acc.billing_info.save!
  1. Notice the following error
NoMethodError message undefined method `value' for nil:NilClass exception undefined method `value' for nil:NilClass

This is coming from here: https://github.com/recurly/recurly-client-ruby/blob/272db3f5dd5258d8f1453bd11c57be11a2b4d52d/lib/recurly/resource.rb#L1049

If possible, please provide example code which we can run to reproduce the bug. The faster we can reproduce the bug, the faster we can help you.

Expected behavior

I expected a Recurly::Transaction::Error to be raised due to the transaction being invalid?

Please let me know if this is the expected behaviour

Your Environment

  • Which version of this library are you using? 2.17.11
  • Which version of ruby are you using? 2.3.0?

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 4
  • Comments: 26 (4 by maintainers)

Most upvoted comments

Hi all,

Quick update on this issue: We’ve identified the root cause for the token mismatch error and are planning to deploy a patch to resolve it this week. The issue is on the API side, and while it is a valid error code, it is being returned in many cases where it should not.

Separate, but related, the client library isn’t handling this specific error in the XML gracefully. We are working with other teams to decide where it will be fixed (i.e client library or API). However, our first priority is to patch the issue where the error is returned erroneously. This should remove the current blocker.

Thanks for your patience as we continue to work through this issue.

+5
neuronicnobody on Aug 20, 2019

Update: This worked for purchases, but not for saving billing info.

Still getting the <error_code>three_d_secure_action_result_token_mismatch</error_code>

when trying to update billing info.

+2
cfortuner on Aug 17, 2019

@bhelx I think that the guide that @thevasya linked should be updated to mention that Account / Billing info / credit card token have to match.

I also think that recurly-js-examples can not currently work at leat ruby one since SecureRandom.uuid is called on each request.

As a work around, recurly account code should be pass to /3d-secure/authenticate.html as a param like token_id or action_token_id. Other field like account firstname and lastname should be forwarded to be submitted again… So it would be even better if those data could be unpacked from (three_d_secure_action_result_)token_id too (as billing info are extracted from token_id )

+1
sebastienluquet on Sep 13, 2019

It seems 3DS integration guide was updated recently and now includes a few suggestions

One of them specifically mentions token mismatch error. Maybe this could be helpful

The three_d_secure_action_result_token_id is a valid parameter on the Create Billing Info endpoint and on any Recurly API endpoint that accepts a Billing Info, including Create Purchase, Create Subscription, Update Subscription, Create Account, Collect Invoice, Create Gift Card

When you submit the new request it is essential that the billing info / credit card token match that of the previous request as the authentication data encapsulated in the 3-D Secure Action Result Token is tightly coupled to the payment information. Changing the billing info / credit card token between requests will result in a token mismatch error.

https://dev.recurly.com/page/recurly-3d-secure-2-integration-guide#section--step-106-submit-new-purchase-request

+1
thevasya on Sep 12, 2019

Hi @bhelx, it looks like the issue hasn’t been resolved yet. First of all, we still receive three_d_secure_action_result_token_mismatch in unexpected situations. Additionally, the library is not able to parse the response just like in the OP’s case.

Could you provide any ETA on these two problems?

Gem version: 2.17.11 Ruby version 2.4.6

+1
walerian777 on Sep 11, 2019

The 3D secure flow worked for me previously (tested on 2019-08-08), using 2.17.11, now it fails in both client versions (2.18 and 2.17.11), with the

<error_code>three_d_secure_action_result_token_mismatch</error_code>

Using 4000000000003220 number, 4222222222222220 (frictionless) works.

It seems to me this is some kind of server-side regression

+1
vrodic on Sep 4, 2019

Hey everyone, sorry for the confusion. There were two issues here:

  1. The occurrence of this error in unexpected situations
  2. The improper xml format of the three_d_secure_action_result_token_mismatch error

We’ve fixed 1 on the server and I’m working with the team to deal with 2. Hoping to get out another server-side only fix. Worst case scenario I push out a patch to the clients. Thanks again for your patience. We’re working hard to meet the PSD2 deadline and get everyone on solid footing.

+1
bhelx on Aug 27, 2019

All,

The patch was just pushed to production and our QA team has verified that they’re not seeing the issue. Please feel free to test again and let us know if you’re still seeing the issue.

+1
neuronicnobody on Aug 20, 2019

@bhelx Any update on getting this working for billing info?

Edit:

I also get this error if I include billing information into the data structure for creating a subscription

+1
lauramosher on Aug 19, 2019

I’m also experiencing this issue, with both the challenge flow and 4000000000003063 (device) fingerprint flow, and the xml had the same three_d_secure_action_result_token_mismatch error too

+1
ciaran16 on Aug 16, 2019

@bhelx Any update on this? Specifically on my last question about if I should be receiving a three_d_secure_action_result_token_mismatch ?

+1
cfortuner on Aug 13, 2019

Update: I printed out the xml document and it shows

DOCUMENT <errors>  <error>    <error_code>three_d_secure_action_result_token_mismatch</error_code>    <error_category>hard</error_category>    <merchant_message>Expected token does not match the action that created it.</merchant_message>    <customer_message>An error occurred while processing your transaction. Please contact support.</customer_message>  </error></errors>

I have tried resubmitting the same form token and submitting a different form token with the same result.

+1
cfortuner on Aug 7, 2019
Read more comments on GitHub
← rector: Xdebug doesn't work within custom rule's `refactor` method.
recyclarr: App data directory is not set properly on unRaid OS due to lack of HOME directory →