Captcha token retry #5845
Merged
Captcha token retry #5845
+79
−8
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wooj-stripe
reviewed
Dec 24, 2025
...t/StripePaymentSheet/Source/PaymentSheet/ConfirmationChallenge/PassiveCaptchaChallenge.swift
Outdated
Show resolved
Hide resolved
...tripePaymentSheetTests/PaymentSheet/ConfirmationChallenge/PassiveCaptchaChallengeTests.swift
Outdated
Show resolved
Hide resolved
wooj-stripe
reviewed
Dec 24, 2025
...tripePaymentSheetTests/PaymentSheet/ConfirmationChallenge/PassiveCaptchaChallengeTests.swift
Outdated
Show resolved
Hide resolved
wooj-stripe
reviewed
Jan 8, 2026
...t/StripePaymentSheet/Source/PaymentSheet/ConfirmationChallenge/PassiveCaptchaChallenge.swift
Outdated
Show resolved
Hide resolved
wooj-stripe
reviewed
Jan 8, 2026
...tripePaymentSheetTests/PaymentSheet/ConfirmationChallenge/PassiveCaptchaChallengeTests.swift
Outdated
Show resolved
Hide resolved
...t/StripePaymentSheet/Source/PaymentSheet/ConfirmationChallenge/PassiveCaptchaChallenge.swift
Outdated
Show resolved
Hide resolved
| func fetchTokensWithTimeout() async -> ChallengeTokens { | ||
| let startTime = Date() | ||
| let isReady = await passiveCaptchaChallenge?.hasFetchedToken ?? false | ||
| let isReady = await passiveCaptchaChallenge?.isTokenReady ?? false |
Collaborator
There was a problem hiding this comment.
IsTokenReady seems to be used for analytics, and we are changing the underlying definition of it -- I'm guessing we're prepared to update any dashboards/queries to filter out older clients with the older definition?
Collaborator
Author
There was a problem hiding this comment.
HCaptcha on MPE is not public yet, so this isn't affecting anything.
wooj-stripe
approved these changes
Jan 9, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The captcha token can expire. On the back end, its max_age is set to 1800 seconds, or 30 minutes. We treat the token as expired at 29 minutes to prevent the case where a user confirms at, say, 1799 seconds, and the back end sees a token that has just expired. After expiration, when the user confirms, we fetch a new token.
Motivation
HCaptcha project
Testing
Added test
Changelog
N/A