Upcoming changes for PaymentRequest and SPC in Chrome 102

Hey folks,

I wanted to draw attention to a few upcoming changes in Chrome version 102
(releasing to Beta next week, and to Stable in late May) that affect
PaymentRequest and Secure Payment Confirmation. These changes were all
announced previously, but just a reminder!

*PaymentRequest*

   - As of version 102, the show() method in Chrome will require a user
   activation (or delegated capability
   <https://github.com/WICG/capability-delegation/>) to call, or it will
   reject with a SecurityError. This finally aligns us with the spec
   <https://w3c.github.io/payment-request/#:~:text=If%20the%20relevant%20global%20object%20of%20request%20does%20not%20have%20transient%20activation>
   !
      - *This will also affect SPC authentication.*

*Secure Payment Confirmation (SPC)*

   - SPC authentication has a new *required* input parameter of the Relying
   Party id, rpId
   <https://w3c.github.io/secure-payment-confirmation/#dom-securepaymentconfirmationrequest-rpid>
   .
      - This is a *breaking change*, and code calling SPC will need to be
      updated.
      - However it is forwards-compatible, so you can add the rpId
      parameter to your code today and it will just be ignored in
Chrome versions
      < 102.
   - SPC authentication now supports the *optional* payeeName
   <https://w3c.github.io/secure-payment-confirmation/#dom-securepaymentconfirmationrequest-payeename>
input parameter,
   which can be used as-well-as or instead-of the payeeOrigin.
   - SPC authentication now supports the *optional* iconMustBeShown
   <https://w3c.github.io/secure-payment-confirmation/#dom-paymentcredentialinstrument-iconmustbeshown>
input
   parameter for the card art icon (default false). If set to true and the
   icon fails to download/decode, the browser will show a generic fallback
   card art icon instead.


As always, feel free to ask us any questions :)

Thanks,
Stephen

-- 
smcgruer • he / him