Skip to content

feat(authentication): add domain models for authentication and support kafka filters in dashboard #10446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sahkal wants to merge 15 commits into
base: main
Choose a base branch
from
Open

feat(authentication): add domain models for authentication and support kafka filters in dashboard #10446

sahkal wants to merge 15 commits into from
+2,097 −526

Conversation

@sahkal
Copy link
Contributor

@sahkal sahkal commented Nov 26, 2025
edited
Loading

Type of Change

  • New feature

Description

add domain models for authentication and support kafka filters in dashboard

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

Currently when we are doing external authentication we are not pushing event to kafka since domain_models for authentication was missing

Added DeviceDetails to SdkInformation

pub struct SdkInformation {
    /// Unique ID created on installations of the 3DS Requestor App on a Consumer Device
    pub sdk_app_id: String,
    /// JWE Object containing data encrypted by the SDK for the DS to decrypt
    pub sdk_enc_data: String,
    /// Public key component of the ephemeral key pair generated by the 3DS SDK
    pub sdk_ephem_pub_key: HashMap<String, String>,
    /// Unique transaction identifier assigned by the 3DS SDK
    pub sdk_trans_id: String,
    /// Identifies the vendor and version for the 3DS SDK that is integrated in a 3DS Requestor App
    pub sdk_reference_number: String,
    /// Indicates maximum amount of time in minutes
    pub sdk_max_timeout: u8,
    /// Indicates the type of 3DS SDK
    pub sdk_type: Option<SdkType>,
    /// Device details for collecting Device information
    pub device_details: Option<DeviceDetails>,
}

/// Device details for collecting Device information
#[derive(Serialize, Deserialize, Debug, Clone, ToSchema)]
pub struct DeviceDetails {
    /// Device type
    pub device_type: Option<String>,
    /// Device brand
    pub device_brand: Option<String>,
    /// Device OS
    pub device_os: Option<String>,
    /// Device display
    pub device_display: Option<String>,
}

Added error_message to PaymentsExternalAuthenticationResponse

pub struct PaymentsExternalAuthenticationResponse {
    /// Indicates the transaction status
    #[serde(rename = "trans_status")]
    #[schema(value_type = TransactionStatus)]
    pub transaction_status: common_enums::TransactionStatus,
    /// Access Server URL to be used for challenge submission
    pub acs_url: Option<String>,
    /// Challenge request which should be sent to acs_url
    pub challenge_request: Option<String>,
    /// Challenge request key which should be set as form field name for creq
    pub challenge_request_key: Option<String>,
    /// Unique identifier assigned by the EMVCo(Europay, Mastercard and Visa)
    pub acs_reference_number: Option<String>,
    /// Unique identifier assigned by the ACS to identify a single transaction
    pub acs_trans_id: Option<String>,
    /// Unique identifier assigned by the 3DS Server to identify a single transaction
    pub three_dsserver_trans_id: Option<String>,
    /// Contains the JWS object created by the ACS for the ARes(Authentication Response) message
    pub acs_signed_content: Option<String>,
    /// Three DS Requestor URL
    pub three_ds_requestor_url: String,
    /// Merchant app declaring their URL within the CReq message so that the Authentication app can call the Merchant app after OOB authentication has occurred
    pub three_ds_requestor_app_url: Option<String>,
    /// Error message if any
    pub error_message: Option<String>,
}

How did you test it?

Configure JuspayThreeds server

curl --location 'localhost:8080/account/sahkal11/connectors' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key: dev_Tn5tOVGuEQn9XEYJfJphGMJs3gMTJV0vSsSTQzA6UnXRl9eVfvkRSqmlT6QZ0sAS' \
--data '
{
    "connector_type": "authentication_processor",
    "connector_name": "juspaythreedsserver",
    "connector_account_details": {
        "auth_type": "NoKey"
    },
    "test_mode": true,
    "disabled": false,
            "metadata": {
        "merchant_category_code": "5411",
        "merchant_country_code": "840",
        "merchant_name": "Dummy Merchant",
        "endpoint_prefix": "flowbird",
        "three_ds_requestor_name": "juspay-prev",
        "three_ds_requestor_id": "juspay-prev",
        "pull_mechanism_for_external_3ds_enabled": true,
        "acquirer_bin":"400000",
        "acquirer_merchant_id":"00002000000",
"acquirer_country_code": "356"
    }
}

'

Configure Payment Processor

curl --location 'localhost:8080/account/sahkal11/connectors' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key: dev_Tn5tOVGuEQn9XEYJfJphGMJs3gMTJV0vSsSTQzA6UnXRl9eVfvkRSqmlT6QZ0sAS' \
--data '
{
    "connector_type": "payment_processor",
    "connector_name": "cybersource",
    "connector_account_details": {
        "auth_type": "SignatureKey",
        "api_secret": "API-SECRET",
        "api_key": "API-KEY",
        "key1": "KEY1"
    },
    "test_mode": true,
    "disabled": false,
    "payment_methods_enabled": [
        {
            "payment_method": "card",
            "payment_method_types": [
                {
                    "payment_method_type": "credit",
                    "card_networks": [
                        "Visa",
                        "Mastercard"
                    ],
                    "minimum_amount": 1,
                    "maximum_amount": 68607706,
                    "recurring_enabled": true,
                    "installment_payment_enabled": true
                },
                {
                    "payment_method_type": "debit",
                    "card_networks": [
                        "Visa",
                        "Mastercard"
                    ],
                    "minimum_amount": 1,
                    "maximum_amount": 68607706,
                    "recurring_enabled": true,
                    "installment_payment_enabled": true
                }
            ]
        }
    ],
     "metadata": {
        "merchant_category_code": "5411",
        "merchant_country_code": "356",
        "merchant_name": "Juspay Technologies",
        "endpoint_prefix": "flowbird",
        "three_ds_requestor_name": "juspay-prev",
        "three_ds_requestor_id": "juspay-prev",
        "pull_mechanism_for_external_3ds_enabled": true,
        "acquirer_bin":"271989",
        "acquirer_merchant_id":"00002000000",
        "acquirer_country_code": "356"
    },
    "connector_webhook_details": {
        "merchant_secret": ""
    }
}
'

Update business profile

curl --location 'localhost:8080/account/sahkal11/business_profile/pro_8YCKDddBfhCpSgoF3cPu' \
--header 'Content-Type: application/json' \
--header 'api-key: dev_Tn5tOVGuEQn9XEYJfJphGMJs3gMTJV0vSsSTQzA6UnXRl9eVfvkRSqmlT6QZ0sAS' \
--data '
{
    "authentication_connector_details": {
        "authentication_connectors": ["juspaythreedsserver"],
        "three_ds_requestor_url": "https://google.com"
    },
    "merchant_country_code": "004"
}
'

Create Payment

curl --location 'localhost:8080/payments' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key: dev_Tn5tOVGuEQn9XEYJfJphGMJs3gMTJV0vSsSTQzA6UnXRl9eVfvkRSqmlT6QZ0sAS' \
--data-raw '{
    "amount": 10,
    "currency": "EUR",
    "confirm": false,
    "capture_method": "automatic",
    "capture_on": "2022-09-10T10:11:12Z",
    "customer_id": "StripeCustomer",
    "email": "[email protected]",
    "name": "John Doe",
    "phone": "999999999",
    "phone_country_code": "+65",
    "description": "Its my first payment request",
    "authentication_type": "three_ds",
    "return_url": "https://duck.com",
    "billing": {
        "address": {
            "line1": "1467",
            "line2": "Harrison Street",
            "line3": "Harrison Street",
            "city": "San Fransico",
            "state": "CA",
            "zip": "94122",
            "country": "US",
            "first_name": "PiX",
            "last_name": "Poddar"
        },
        "phone": {
            "number": "123456789",
            "country_code": "12"
        }
    },
    "shipping": {
        "address": {
            "line1": "1467",
            "line2": "Harrison Street",
            "line3": "Harrison Street",
            "city": "San Fransico",
            "state": "CA",
            "zip": "94122",
            "country": "US",
            "first_name": "PiX",
            "last_name": "Poddar"
        },
        "phone": {
            "number": "123456789",
            "country_code": "12"
        }
    },
    "request_external_three_ds_authentication": true,
    "statement_descriptor_name": "joseph",
    "statement_descriptor_suffix": "JS",
    "metadata": {
        "udf1": "value1",
        "new_customer": "true",
        "login_date": "2019-09-10T10:11:12Z"
    }
}'

Do Payments Confirm

curl --location 'localhost:8080/payments/pay_1Y1j486UO3IiV4nDRPIe/confirm' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key: dev_Tn5tOVGuEQn9XEYJfJphGMJs3gMTJV0vSsSTQzA6UnXRl9eVfvkRSqmlT6QZ0sAS' \
--data '{
    "browser_info": {
        "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
        "accept_header": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
        "language": "nl-NL",
        "color_depth": 24,
        "screen_height": 723,
        "screen_width": 1536,
        "time_zone": 0,
        "java_enabled": true,
        "java_script_enabled": true,
        "ip_address": "115.99.183.2"
    },
    
    "payment_method": "card",
    "payment_method_data": {
        "card": {
             "card_number": "4111111111111111",
            "card_exp_month": "09",
            "card_exp_year": "31",
            "card_holder_name": "Sahkal Poddar",
            "card_cvc": "013"
        }
    }
}'

Do Authenticate Call

curl --location 'localhost:8080/payments/pay_hmeDs7TyEYoTyekGLTAx/3ds/authentication' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key: pk_dev_9cdad9d11657409687c41f1aa70c5c31' \
--data '{
    "client_secret": "pay_hmeDs7TyEYoTyekGLTAx_secret_52SCEkt9VwYWILBX62yJ",
    "device_channel": "BRW",
    "threeds_method_comp_ind": "Y"
}
'

Data added to clickHouse

Screenshot 2025-12-09 at 2 24 54 PM

FOR SANITY PURPOSE CHECK ALL THREE_DS CONNECTOR TRANSACTIONS AND FLOWS

such as NETCETERA, CARDINAL, JUSPAYTHREEDS SERVER, 3DSECURE.IO

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@semanticdiff-com
Copy link

semanticdiff-com bot commented Nov 26, 2025
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  crates/router/src/core/authentication/types.rs  91% smaller
  crates/router/src/core/payments/operations/payment_status.rs  91% smaller
  crates/router/src/services/kafka/authentication_event.rs  79% smaller
  crates/router/src/routes/app.rs  75% smaller
  crates/router/src/types/api/authentication.rs  64% smaller
  crates/router/src/db/kafka_store.rs  52% smaller
  crates/router/src/core/payments.rs  38% smaller
  crates/diesel_models/src/authentication.rs  34% smaller
  crates/api_models/src/payments.rs  33% smaller
  crates/hyperswitch_connectors/src/connectors/unified_authentication_service/transformers.rs  32% smaller
  crates/router/src/core/payments/operations/payment_confirm.rs  21% smaller
  crates/router/src/core/authentication.rs  19% smaller
  crates/router/src/db/authentication.rs  19% smaller
  crates/router/src/core/unified_authentication_service.rs  17% smaller
  crates/router/src/services/kafka/authentication.rs  11% smaller
  crates/hyperswitch_domain_models/src/router_request_types/authentication.rs  5% smaller
  crates/router/src/core/authentication/transformers.rs  3% smaller
  crates/hyperswitch_domain_models/src/authentication.rs  2% smaller
  crates/router/src/services/kafka.rs  1% smaller
  crates/router/src/core/payments/operations/payment_response.rs  1% smaller
  api-reference/v1/openapi_spec_v1.json  0% smaller
  api-reference/v2/openapi_spec_v2.json  0% smaller
  crates/common_enums/src/enums.rs  0% smaller
  crates/diesel_models/src/schema.rs  0% smaller
  crates/diesel_models/src/schema_v2.rs  0% smaller
  crates/hyperswitch_connectors/src/connectors/netcetera/netcetera_types.rs  0% smaller
  crates/hyperswitch_connectors/src/connectors/netcetera/transformers.rs  0% smaller
  crates/hyperswitch_connectors/src/connectors/threedsecureio/transformers.rs  0% smaller
  crates/hyperswitch_connectors/src/connectors/unified_authentication_service.rs  0% smaller
  crates/hyperswitch_domain_models/src/router_request_types/unified_authentication_service.rs  0% smaller
  crates/hyperswitch_domain_models/src/router_response_types.rs  0% smaller
  crates/openapi/src/openapi.rs  0% smaller
  crates/openapi/src/openapi_v2.rs  0% smaller
  crates/router/src/core/authentication/utils.rs Unsupported file format
  crates/router/src/core/unified_authentication_service/types.rs  0% smaller
  crates/router/src/core/unified_authentication_service/utils.rs Unsupported file format
  crates/router/src/core/webhooks/incoming.rs  0% smaller
  crates/router/src/utils.rs  0% smaller
  crates/storage_impl/src/mock_db.rs  0% smaller
  migrations/2025-11-26-112831_add-authentication-analytics-related-fields-in-authentication-table/down.sql Unsupported file format
  migrations/2025-11-26-112831_add-authentication-analytics-related-fields-in-authentication-table/up.sql Unsupported file format

@codecov
Copy link

codecov bot commented Nov 26, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 1088 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@a690a40). Learn more about missing BASE report.

Files with missing lines Patch % Lines
...es/hyperswitch_domain_models/src/authentication.rs 0.00% 435 Missing ⚠️
crates/router/src/db/authentication.rs 0.00% 267 Missing ⚠️
crates/router/src/core/authentication/utils.rs 0.00% 140 Missing ⚠️
crates/diesel_models/src/authentication.rs 0.00% 92 Missing ⚠️
crates/router/src/core/authentication.rs 0.00% 49 Missing ⚠️
.../router/src/core/unified_authentication_service.rs 0.00% 34 Missing ⚠️
crates/router/src/services/kafka/authentication.rs 0.00% 23 Missing ⚠️
crates/router/src/db/kafka_store.rs 0.00% 15 Missing ⚠️
crates/router/src/types/api/authentication.rs 0.00% 7 Missing ⚠️
...ors/unified_authentication_service/transformers.rs 0.00% 5 Missing ⚠️
... and 9 more
Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #10446   +/-   ##
=======================================
  Coverage        ?    6.44%           
=======================================
  Files           ?     1252           
  Lines           ?   313428           
  Branches        ?        0           
=======================================
  Hits            ?    20205           
  Misses          ?   293223           
  Partials        ?        0

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sahkal sahkal self-assigned this Nov 27, 2025
@hyperswitch-bot hyperswitch-bot bot added the M-database-changes Metadata: This PR involves database schema changes label Nov 27, 2025
@sahkal sahkal changed the title 12194 add domain models for authentication and support kafka filters feat(authentication): add domain models for authentication and support kafka filters in dashboard Dec 8, 2025
@sahkal sahkal added this to the July 2025 Release milestone Dec 8, 2025
@sahkal sahkal marked this pull request as ready for review December 8, 2025 12:02
@sahkal sahkal requested review from a team as code owners December 8, 2025 12:02
@hyperswitch-bot hyperswitch-bot bot added the M-api-contract-changes Metadata: This PR involves API contract changes label Dec 8, 2025
@sahkal sahkal added A-core Area: Core flows A-Analytics labels Dec 9, 2025
@sahkal sahkal added authentication C-feature Category: Feature request or enhancement labels Dec 9, 2025
@sahkal sahkal requested a review from hrithikesh026 December 10, 2025 08:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sai-harsha-vardhan sai-harsha-vardhan Awaiting requested review from sai-harsha-vardhan

@deepanshu-iiitu deepanshu-iiitu Awaiting requested review from deepanshu-iiitu

@hrithikesh026 hrithikesh026 Awaiting requested review from hrithikesh026

At least 2 approving reviews are required to merge this pull request.

Assignees

@sahkal sahkal

Labels

A-Analytics A-core Area: Core flows authentication C-feature Category: Feature request or enhancement M-api-contract-changes Metadata: This PR involves API contract changes M-database-changes Metadata: This PR involves database schema changes

Projects

None yet

Milestone

July 2025 Release

Development

Successfully merging this pull request may close these issues.

2 participants

@sahkal