Currently, SessionToken in payment.proto is a oneof wallet_name designed for wallet payment methods (Google Pay, PayPal, Apple Pay). However, PaymentServiceCreateOrderResponse uses optional SessionToken session_token = 9 to also carry connector-specific CreateOrder data (e.g. client_secret via ConnectorSessionTokenResponse).
This is a semantic mismatch — ConnectorSessionTokenResponse is not a wallet session token. It's a connector-level response field (like a PaymentIntent client_secret) that happens to be piggybacking on the wallet token infrastructure.
Proposed change:
- Introduce a separate field on PaymentServiceCreateOrderResponse for connector-specific session data (e.g. optional SecretString client_secret = 10 or a new ConnectorCreateOrderData message)
- Remove ConnectorSessionTokenResponse connector = 4 from the SessionToken oneof
- Keep SessionToken purely for wallet flows as originally intended
Why this matters:
- SessionToken.wallet_name oneof naming makes no sense for non-wallet data
- As more connectors implement CreateOrder, they'll all need to add variants to a wallet-specific enum
- Clean separation makes the proto self-documenting and prevents misuse
Currently, SessionToken in payment.proto is a oneof wallet_name designed for wallet payment methods (Google Pay, PayPal, Apple Pay). However, PaymentServiceCreateOrderResponse uses optional SessionToken session_token = 9 to also carry connector-specific CreateOrder data (e.g. client_secret via ConnectorSessionTokenResponse).
This is a semantic mismatch — ConnectorSessionTokenResponse is not a wallet session token. It's a connector-level response field (like a PaymentIntent client_secret) that happens to be piggybacking on the wallet token infrastructure.
Proposed change:
Why this matters: