Ch 10 - (2020-02-21) - Full Page Redirect statement
Changes made on 2020-02-21 are delineated below.
Additions are underlined in Green. Deletions are underlined in Red. Modifications are underlined in Blue.
Change Occurred On: https://cardinaldocs.atlassian.net/wiki/spaces/CC/pages/805699644
Change Log:
Under Step 4: Continue with Consumer Authentication
Added Note regarding usage of full page redirect
Step 4: Continue with Consumer Authentication
After the Lookup Response is returned, take the ACSUrl, Payload, TransactionId, and the Merchant's ReturnUrl and generate a JSON Web Token (JWT) with these values. When adding these values to the JWT, you will securely sign them with a secret key provided during the onboarding process.
StepUp JWT Sample
{
"jti": "4595beb0-a4a9-11e8-8fd8-bdf5ff435fec",
"iat": 1534790755,
"iss": "Midas-XXXXX-Key",
"OrgUnitId": "59c2745f2f3e7357b4aa516a",
"ReturnUrl": "http://localhost:8189/cart/enterprise/term",
"Payload": {
"ACSUrl": "https://merchantacsdev.cardinalabs.com/MerchantACSWeb/pareq.jsp?vaa=b&gold=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
"Payload": "eNpVUV1PwjAUfe+vIMRX13ZAMsmlCTKJmIAwBzw3XeMaWTe6TfHf25ZNtE/3nNv7cc6FNDdSxm9StEYyWMu65u9yoLLZsE7W2+NiV+7MkzpcZJ7qlgwZbOeJPDP4lKZWpWY0IEEIuIfItjAi57phwMX5cbVh1D3AHUJQSLOKr6xPXDECzQvJ1irj9X36VcZl85oD9iQCUba6Md8sGhPAPUDQmhPLm6aaYtfFj61VIwNRFoBdEgG+7bNtXVRbmReVMUFfNvtlFu+PD4n4OFQHnZ/4MmmzdD4D7H4gyHgjWUhoRKKQDGg0HU+mI6vW8wh44TZhd3QSELtXBxFUbtD8iujEpf4yVk1rjNSil9MjBPJSlVraP3bGb2w13DZfPDtfRWMdG9HQ2+qBr1XWlJCQkS9W3iHsCnB3M9yd10b/zv4DGhKoaw==",
"TransactionId": "sRMPWCQoQrEiVxehTnu0"
},
"ObjectifyPayload": true
} |
Once you have the StepUp JWT, you will need to pass that up to the web frontend and create an iFrame to POST the StepUp JWT to the StepUpUrl that was returned on the Lookup Response. The size of the iframe can vary depending on which 3DS Version of the transaction (e.g. 3DS 1.0 or EMV 3DS) in addition for EMV 3DS transactions, the size of the challenge window can be sent to the Issuer ACS.
NOTE: it is not recommended to deviate from iFrame usage; performing a full page redirect may be technically possible, though it is not an officially supported method of render.