> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/classic-push-provisioning/use-cases/view-and-control/in-app-authentication/google-and-samsung-pay.md).
# Google & Samsung Pay
#### ID\&V flow for Google Pay
The following figure shows the Google Pay app-to-app ID\&V flow, where Google Pay calls the issuer application ("Bank App").
**Step 1: Choose app ID\&V option**
The end user is prompted to select the ID\&V authentication method inside the Google Pay wallet. The end user selects "Sign in to the bank app".
**Step 2: Log into issuer application**
The end user uses their bank app credentials to log in.
**Step 3: Issuer application UI**
The bank app shows the last four PAN digits of the card added to Google Pay. The end user selects **Next** to activate the card in Google Pay.
**Step 4: Success screen**
A success screen shows the activation status in Google Pay. This screen includes a button that returns the end user to Google Pay.
#### Scheme TSP configuration
For complete instructions from Google, refer to Google Pay's [TSP Settings](https://developers.google.com/pay/issuers/tsp-integration/app-to-app-idv#tsp_settings).
Issuers must provide the following parameters to their TSPs. Google Pay receives these parameters from the TSPs during Tokenization and uses them to call your issuer application.
| PARAMETER | EXAMPLE | DESCRIPTION |
| ------------ | ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Package Name | `com.example.mybank` | The package name (applicationId) identifies the issuer mobile app that Google Pay should call when invoking the [intent](https://developer.android.com/reference/android/content/Intent) to start the app to app flow. If the app is not installed on the cardholder’s mobile device, the end user will be prompted to install it from the Google Play Store. |
| Action | `com.example.mybank.action.ACTIVATE_CARD` | When calling the issuer mobile app, Google Pay app creates an explicit intent. The action must be provided in its fully qualified form, including the package name. Also, the action must be specific for use in token activation. |
| Extra text | | This parameter is used to pass extra data that will be included in the intent. It is typically a JSON structure, Base64-encoded. The value of this string is opaque to Google and will be provided as-is in the standard field EXTRA\_TEXT. |
#### App development flow
When an end user selects the app-to-app method to verify their identity, the issuer application must:
1. Receive the Intent from Google/Samsung Wallet.
2. Authenticate the cardholder.
3. Activate the token.
4. Return the end user to Google Wallet by calling `activity.setResult(RESULT_OK, ...)`.
**Receiving the intent**
When an end user chooses to verify their identity using the issuer application, Google/Samsung Wallet calls the issuer application using the package name, action, and `EXTRA_TEXT` provided to Google/Samsung Pay through the TSP. To receive the intent from Google Pay, the issuer must update its application manifest file and create an activity to activate the token.
**Updating the Android manifest file**
Issuers must update the Android manifest file in their issuer applications to handle the action so that Google Wallet can call it during the app-to-app flow.
To update the manifest file to register the action and activity to handle app redirection:
```
```
**Token activation activity**
To complete activation, the issuer application must start an activity that performs token activation using the activation parameters passed in the `Intent`.
```java
/*
* Within issuer's mobile app AppToAppActivity (CardActivationActivity)
* extra library: com.fasterxml.jackson.core:jackson-core & com.fasterxml.jackson.core:jackson-databind
*/
import android.util.Base64;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
/*
* After receiving the intent, the application must use the Activity.getCallingPackage() API to
* validate that the request is coming from Google Pay as follows:
*/
// Validate caller is Google Wallet (Google Play Services)
if ("com.google.android.gms".equals(getCallingPackage())) {
// Proceed with token activation
} else {
// Abort token activation: handle error
}
String data = getIntent().getStringExtra(Intent.EXTRA_TEXT);
// Parse base64 to retrieve the activation parameters as a JSON object in a String
byte[] decodedDataBytes = Base64.decode(data, Base64.DEFAULT);
String decodedData = new String(decodedDataBytes, StandardCharsets.UTF_8);
// Read the JSON string using jackson
ObjectMapper mapper = new ObjectMapper();
JsonNode node = mapper.readTree(decodedData);
String tokenId = null;
String scheme = CardScheme.VISA.getScheme();
String panLast4 = null;
String tokenRequestorId = "";
if (node.get("tokenReferenceID") != null) { // VISA Scheme
// For VISA -> tokenReferenceID : tokenId
tokenId = node.get("tokenReferenceID").asText(); //VISA
panLast4 = node.get("panLast4").asText(); //VISA
// tokenRequestorId -> For Google Pay or "40010043095" for Samsung Pay - relevant only in case SCHEME is VISA, for MASTERCARD put empty string
tokenRequestorId = node.get("tokenRequestorID").asText(); //VISA
} else { // MASTERCARD
// For MasterCard -> tokenUniqueReference : D1 -> tokenId
tokenId = node.get("tokenUniqueReference").asText(); //MasterCard
panLast4 = node.get("accountPanSuffix").asText(); //MasterCard
scheme = CardScheme.MASTERCARD.getScheme();
}
String authorizationCode = ""; // provide JWT value related to particular card, retrieved from issuer backend
// Note: Application must show panLast4 as Card Identification.
TPCManager.getInstance().getTSHProxy().updateTokenState(tokenId,
tokenRequestorId,
scheme,
authorizationCode,
TokenAction.ACTIVATE,
new TPCSDKListener() {
@Override
public void onStart() {
// on start
}
@Override
public void onSuccess(TPCResult result) {
Log.i(TAG, "Token State Updated, card activated");
Boolean status = result.getResult();
// TODO: refresh UI for new status
}
@Override
public void onError(TPCSDKException exception) {
Log.e("TAG", "updateTokenState request Error = " + exception.getMessage());
}
});
```
#### Card and Token identification
When Google Pay triggers the issuer application, it provides a Base64-encoded string called `EXTRA_TEXT` in Google's [TSP Settings](https://developers.google.com/pay/issuers/tsp-integration/app-to-app-idv#tsp_settings).
The issuer application must decode the Base64 string to retrieve the token details required for activation. The format depends on the scheme used.
The following example shows the JSON object encapsulated in the `EXTRA_TEXT` for Visa and Mastercard:
> :exclamation-circle:
>
> #### Caution
>
> These JSON samples are provided as is. You are responsible for using the latest scheme specifications. Thales is not responsible for any changes the schemes may introduce to the following JSON objects.
An example of Visa scheme:
```json
{
"panReferenceID ":"V-3815023863409817870482",
"tokenRequestorID":"42301999123",
"tokenReferenceID":"DNITHE381502386342002358",
"panLast4":"1234",
"deviceID":"DEiOiJBMjU2R_0NNS1-ciLCJiI",
"walletAccountID":"AiOiJBMjU-2_R0NNS1ciLCJiI6"
}
```
An example of Mastercard scheme:
```json
{
"paymentAppProviderId": "123456789",
"paymentAppInstanceId": "123456789",
"tokenUniqueReference": "DWSPMC000000000fcb2f4136b2f4136a0532d2f4136a0532",
"accountPanSuffix": "6789",
"accountExpiry": "1018"
}
```
#### Note
The `tokenReferenceID` and `tokenUniqueReference` correspond to the `token ID` in TSP. You can use these IDs to activate the token. `panLast4` and `accountPanSuffix` are the last four digits of the PAN that was tokenized. You can use these values to retrieve the card art and display it to the end user during the authentication request.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.payments.thalescloud.io/classic-push-provisioning/use-cases/view-and-control/in-app-authentication/google-and-samsung-pay.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.