I am a little bit confused by the Cordova plugin by PayPal in terms of what this means for implementing a safe workflow for interacting with a Magento instance.
Normally, the Express Checkout workflow looks like this:
- Customer visits Magento Site checkout
- Customer is directed to PayPal
- Customer is returned to Magento Site
- Customer clicks 'Place Order' on Magento Site
- Magento Site converts quote to order
- Magento Site accesses PayPal to capture / confirm funds, check for possible fraud, etc...
The workflow imposed by the Cordova plugin appears to be like this:
- Customer visits App checkout
- Customer is directed to PayPal
- Payment is authorized or captured based upon the configuration
- Customer is directed back to App
- App executes a success handler
In the above Cordova Plugin workflow, notice that the step where a quote to order conversion is missing. From my perspective, I see two options:
Insert quote -> order conversion call between 2 and 3
Caveats:
- The customer may not complete checkout and now an order is permanently orphaned in the system
- The customer may wish to change something (which now can't happen -- orders can't be modified)
Insert quote -> order conversion call after 5
Caveats:
- The client is being trusted to notify the server that the payment was made (which requires server-side cross-examination with PayPal / additional complexity)
- The client may never actually send the notification.
I do not like any of the options presented above. Can anyone help clear up my confusion or show me what I hope that I'm missing?