It looks like global iris does things differently, in that they require you to make the 3d secure request separately to the initial charge. So there are three steps (request 3dsecure, verify 3dsecure, make payment).
To keep things in line with the omnipay way of doing things I would combine the last two steps. So when you call purchase()
, make the 3ds-verifyenrolled
request and return a redirect response if the request is successful.
Then, when the customer returns from 3dsecure, in your completePurchase()
method, first verify the 3dsecure signature, then if the signature/3dsecure was successful, make a payment request to their server and return the response.