18F · amirbey · Aug 21, 2025 · Aug 7, 2025 · Aug 7, 2025 · Aug 7, 2025
diff --git a/app/controllers/concerns/idv/doc_auth_vendor_concern.rb b/app/controllers/concerns/idv/doc_auth_vendor_concern.rb
@@ -11,7 +11,11 @@ def doc_auth_vendor
         if socure_user_set.maxed_users?
           bucket = choose_non_socure_bucket
         elsif resolved_authn_context_result.facial_match?
-          bucket = ab_test_bucket(:DOC_AUTH_SELFIE_VENDOR)
+          if idv_session.passport_allowed
+            bucket = choose_non_socure_bucket
+          else
+            bucket = ab_test_bucket(:DOC_AUTH_SELFIE_VENDOR)
+          end
         elsif idv_session.passport_allowed
           bucket = ab_test_bucket(:DOC_AUTH_PASSPORT_VENDOR)
         else

diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb
@@ -130,10 +130,6 @@ def track_document_request_event(document_request:, document_response:, timer:)
       analytics.idv_socure_document_request_submitted(**analytics_hash)
     end
 
-    def choose_id_type_path
-      idv_choose_id_type_path
-    end
-
     def doc_auth_upload_enabled?
       # false for now until we consolidate this method with desktop_selfie_test_mode_enabled
       false

diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb
@@ -87,7 +87,7 @@ def self.step_info
     def extra_view_variables
       {
         id_type: id_type_requested,
-        document_capture_session_uuid: document_capture_session_uuid,
+        document_capture_session_uuid:,
         mock_client: document_capture_session.doc_auth_vendor == 'mock',
         flow_path: 'standard',
         sp_name: decorated_sp_session.sp_name,
@@ -96,7 +96,7 @@ def extra_view_variables
         skip_doc_auth_from_handoff: idv_session.skip_doc_auth_from_handoff,
         skip_doc_auth_from_socure: idv_session.skip_doc_auth_from_socure,
         opted_in_to_in_person_proofing: idv_session.opted_in_to_in_person_proofing,
-        choose_id_type_path: choose_id_type_path,
+        choose_id_type_path: idv_choose_id_type_path,
         doc_auth_selfie_capture: resolved_authn_context_result.facial_match?,
         doc_auth_upload_enabled: doc_auth_upload_enabled?,
         socure_errors_timeout_url: idv_socure_document_capture_errors_url(error_code: :timeout),

diff --git a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb
@@ -61,10 +61,10 @@ def extra_view_variables
           id_type: id_type_requested,
           flow_path: 'hybrid',
           mock_client: document_capture_session.doc_auth_vendor == 'mock',
-          document_capture_session_uuid: document_capture_session_uuid,
+          document_capture_session_uuid:,
           failure_to_proof_url: return_to_sp_failure_to_proof_url(step: 'document_capture'),
           doc_auth_selfie_capture: resolved_authn_context_result.facial_match?,
-          choose_id_type_path: choose_id_type_path,
+          choose_id_type_path: idv_hybrid_mobile_choose_id_type_path,
           doc_auth_upload_enabled: doc_auth_upload_enabled?,
           skip_doc_auth_from_socure: @skip_doc_auth_from_socure,
           socure_errors_timeout_url: idv_hybrid_mobile_socure_document_capture_errors_url(

diff --git a/app/controllers/idv/welcome_controller.rb b/app/controllers/idv/welcome_controller.rb
@@ -95,8 +95,10 @@ def update_doc_auth_vendor
     end
 
     def update_passport_allowed
-      if !IdentityConfig.store.doc_auth_passports_enabled ||
-         resolved_authn_context_result.facial_match?
+      if !IdentityConfig.store.doc_auth_passports_enabled || (
+        resolved_authn_context_result.facial_match? &&
+        !IdentityConfig.store.doc_auth_passport_selfie_enabled
+      )
         idv_session.passport_allowed = nil
         return
       end
@@ -109,7 +111,8 @@ def update_passport_allowed
     end
 
     def passport_status
-      if resolved_authn_context_result.facial_match?
+      if resolved_authn_context_result.facial_match? &&
+         !IdentityConfig.store.doc_auth_passport_selfie_enabled
         idv_session.passport_allowed = nil
       end
 

diff --git a/app/views/idv/document_capture/show.html.erb b/app/views/idv/document_capture/show.html.erb
@@ -1,20 +1,20 @@
 <%= render(
       'idv/shared/document_capture',
-      document_capture_session_uuid: document_capture_session_uuid,
+      document_capture_session_uuid:,
       flow_path: 'standard',
-      id_type: id_type,
+      id_type:,
       sp_name: decorated_sp_session.sp_name,
-      failure_to_proof_url: failure_to_proof_url,
-      acuant_sdk_upgrade_a_b_testing_enabled: acuant_sdk_upgrade_a_b_testing_enabled,
-      use_alternate_sdk: use_alternate_sdk,
-      acuant_version: acuant_version,
-      opted_in_to_in_person_proofing: opted_in_to_in_person_proofing,
-      skip_doc_auth_from_how_to_verify: skip_doc_auth_from_how_to_verify,
-      skip_doc_auth_from_handoff: skip_doc_auth_from_handoff,
-      skip_doc_auth_from_socure: skip_doc_auth_from_socure,
-      socure_errors_timeout_url: socure_errors_timeout_url,
-      choose_id_type_path: choose_id_type_path,
-      doc_auth_selfie_capture: doc_auth_selfie_capture,
-      doc_auth_upload_enabled: doc_auth_upload_enabled,
-      mock_client: mock_client,
+      failure_to_proof_url:,
+      acuant_sdk_upgrade_a_b_testing_enabled:,
+      use_alternate_sdk:,
+      acuant_version:,
+      opted_in_to_in_person_proofing:,
+      skip_doc_auth_from_how_to_verify:,
+      skip_doc_auth_from_handoff:,
+      skip_doc_auth_from_socure:,
+      socure_errors_timeout_url:,
+      choose_id_type_path:,
+      doc_auth_selfie_capture:,
+      doc_auth_upload_enabled:,
+      mock_client:,
     ) %>
diff --git a/app/views/idv/hybrid_mobile/document_capture/show.html.erb b/app/views/idv/hybrid_mobile/document_capture/show.html.erb
@@ -1,20 +1,20 @@
 <%= render(
       'idv/shared/document_capture',
-      document_capture_session_uuid: document_capture_session_uuid,
+      document_capture_session_uuid:,
       flow_path: 'hybrid',
-      id_type: id_type,
+      id_type:,
       sp_name: decorated_sp_session.sp_name,
-      failure_to_proof_url: failure_to_proof_url,
-      acuant_sdk_upgrade_a_b_testing_enabled: acuant_sdk_upgrade_a_b_testing_enabled,
-      use_alternate_sdk: use_alternate_sdk,
-      acuant_version: acuant_version,
+      failure_to_proof_url:,
+      acuant_sdk_upgrade_a_b_testing_enabled:,
+      use_alternate_sdk:,
+      acuant_version:,
       opted_in_to_in_person_proofing: false,
       skip_doc_auth_from_how_to_verify: false,
       skip_doc_auth_from_handoff: nil,
-      skip_doc_auth_from_socure: skip_doc_auth_from_socure,
-      socure_errors_timeout_url: socure_errors_timeout_url,
-      choose_id_type_path: choose_id_type_path,
-      doc_auth_selfie_capture: doc_auth_selfie_capture,
-      doc_auth_upload_enabled: doc_auth_upload_enabled,
+      skip_doc_auth_from_socure:,
+      socure_errors_timeout_url:,
+      choose_id_type_path:,
+      doc_auth_selfie_capture:,
+      doc_auth_upload_enabled:,
       mock_client: mock_client,
     ) %>
diff --git a/app/views/idv/shared/_document_capture.html.erb b/app/views/idv/shared/_document_capture.html.erb
@@ -12,39 +12,39 @@
         flow: :idv,
         step: :document_capture,
       ),
-      id_type: id_type,
-      document_capture_session_uuid: document_capture_session_uuid,
+      id_type:,
+      document_capture_session_uuid:,
       endpoint: api_verify_images_url,
       status_endpoint: nil,
       glare_threshold: IdentityConfig.store.doc_auth_client_glare_threshold,
       sharpness_threshold: IdentityConfig.store.doc_auth_client_sharpness_threshold,
       status_poll_interval_ms: IdentityConfig.store.poll_rate_for_verify_in_seconds * 1000,
       max_capture_attempts_before_native_camera: doc_auth_selfie_capture ? ActiveSupport::Duration::SECONDS_PER_HOUR : IdentityConfig.store.doc_auth_max_capture_attempts_before_native_camera,
       max_submission_attempts_before_native_camera: doc_auth_selfie_capture ? ActiveSupport::Duration::SECONDS_PER_HOUR : IdentityConfig.store.doc_auth_max_submission_attempts_before_native_camera,
-      acuant_sdk_upgrade_a_b_testing_enabled: acuant_sdk_upgrade_a_b_testing_enabled,
-      use_alternate_sdk: use_alternate_sdk,
-      acuant_version: acuant_version,
-      sp_name: sp_name,
-      flow_path: flow_path,
+      acuant_sdk_upgrade_a_b_testing_enabled:,
+      use_alternate_sdk:,
+      acuant_version:,
+      sp_name:,
+      flow_path:,
       cancel_url: idv_cancel_path(step: :document_capture),
       account_url: account_path,
-      failure_to_proof_url: failure_to_proof_url,
-      opted_in_to_in_person_proofing: opted_in_to_in_person_proofing,
+      failure_to_proof_url:,
+      opted_in_to_in_person_proofing:,
       idv_in_person_url: (IdentityConfig.store.in_person_doc_auth_button_enabled && Idv::InPersonConfig.enabled_for_issuer?(decorated_sp_session.sp_issuer)) ? idv_in_person_url : nil,
       security_and_privacy_how_it_works_url: MarketingSite.security_and_privacy_how_it_works_url,
       in_person_outage_message_enabled: IdentityConfig.store.in_person_outage_message_enabled,
       in_person_outage_expected_update_date: IdentityConfig.store.in_person_outage_expected_update_date,
       us_states_territories: @presenter.usps_states_territories,
-      choose_id_type_path: choose_id_type_path,
+      choose_id_type_path:,
       doc_auth_passports_enabled: IdentityConfig.store.doc_auth_passports_enabled,
-      doc_auth_selfie_capture: doc_auth_selfie_capture,
+      doc_auth_selfie_capture:,
       doc_auth_selfie_desktop_test_mode: IdentityConfig.store.doc_auth_selfie_desktop_test_mode,
-      doc_auth_upload_enabled: doc_auth_upload_enabled,
-      skip_doc_auth_from_how_to_verify: skip_doc_auth_from_how_to_verify,
-      skip_doc_auth_from_handoff: skip_doc_auth_from_handoff,
-      skip_doc_auth_from_socure: skip_doc_auth_from_socure,
+      doc_auth_upload_enabled:,
+      skip_doc_auth_from_how_to_verify:,
+      skip_doc_auth_from_handoff:,
+      skip_doc_auth_from_socure:,
       how_to_verify_url: idv_how_to_verify_url,
-      socure_errors_timeout_url: socure_errors_timeout_url,
+      socure_errors_timeout_url:,
       previous_step_url: @previous_step_url,
       locations_url: idv_in_person_usps_locations_url,
       sessions_url: api_internal_sessions_path,

diff --git a/config/application.yml.default b/config/application.yml.default
@@ -110,6 +110,7 @@ doc_auth_max_attempts: 5
 doc_auth_max_capture_attempts_before_native_camera: 3
 doc_auth_max_submission_attempts_before_native_camera: 3
 doc_auth_mock_dos_api: false
+doc_auth_passport_selfie_enabled: false
 doc_auth_passport_vendor_default: 'mock'
 doc_auth_passport_vendor_lexis_nexis_percent: 100 # note, LN is currently the default vendor
 doc_auth_passport_vendor_socure_percent: 0

diff --git a/lib/identity_config.rb b/lib/identity_config.rb
@@ -136,6 +136,7 @@ def self.store
     config.add(:doc_auth_passport_vendor_socure_percent, type: :integer)
     config.add(:doc_auth_passport_vendor_switching_enabled, type: :boolean)
     config.add(:doc_auth_selfie_desktop_test_mode, type: :boolean)
+    config.add(:doc_auth_passport_selfie_enabled, type: :boolean)
     config.add(:doc_auth_selfie_vendor_default, type: :string)
     config.add(:doc_auth_selfie_vendor_lexis_nexis_percent, type: :integer)
     config.add(:doc_auth_selfie_vendor_socure_percent, type: :integer)

diff --git a/spec/features/idv/analytics_spec.rb b/spec/features/idv/analytics_spec.rb
@@ -1112,7 +1112,7 @@
           complete_doc_auth_steps_before_document_capture_step
           attach_images
           click_continue
-          click_button 'Take photo'
+          click_button t('doc_auth.buttons.take_picture')
           attach_selfie
           submit_images
 

diff --git a/spec/features/idv/doc_auth/document_capture_spec.rb b/spec/features/idv/doc_auth/document_capture_spec.rb
@@ -171,7 +171,7 @@
       click_continue
       expect(page).to have_title(t('doc_auth.headings.selfie_capture'))
       expect(page).to have_content(t('doc_auth.tips.document_capture_selfie_text1'))
-      click_button 'Take photo'
+      click_button t('doc_auth.buttons.take_picture')
       attach_selfie
       submit_images
       expect(page).to have_content(t('doc_auth.headings.capture_complete'))
@@ -185,7 +185,7 @@
         ),
       )
       click_continue
-      click_button 'Take photo'
+      click_button t('doc_auth.buttons.take_picture')
       attach_selfie(
         Rails.root.join(
           'spec', 'fixtures',
@@ -253,6 +253,7 @@
       it 'happy path' do
         # Navigate to choose ID type page and select passport
         visit idv_choose_id_type_url
+
         choose(t('doc_auth.forms.id_type_preference.passport'))
         click_on t('forms.buttons.continue')
 
@@ -577,7 +578,7 @@
               attach_images
               click_continue
               expect_doc_capture_selfie_subheader
-              click_button 'Take photo'
+              click_button t('doc_auth.buttons.take_picture')
               attach_selfie
               submit_images
 
@@ -592,6 +593,78 @@
               expect(page).to have_current_path(idv_phone_url)
             end
           end
+
+          context 'with a valid passport', driver: :headless_chrome_mobile do
+            let(:passports_enabled) { true }
+            let(:doc_auth_passport_selfie_enabled) { true }
+            let(:passport_image) do
+              Rails.root.join(
+                'spec', 'fixtures',
+                'passport_credential.yml'
+              )
+            end
+            let(:fake_dos_api_endpoint) { 'http://fake_dos_api_endpoint/' }
+
+            before do
+              allow(IdentityConfig.store).to receive(:in_person_proofing_enabled).and_return(true)
+              allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled)
+                .and_return(true)
+              allow_any_instance_of(ServiceProvider).to receive(
+                :in_person_proofing_enabled,
+              ).and_return(true)
+              allow(IdentityConfig.store).to receive(:doc_auth_passports_percent).and_return(100)
+              allow(IdentityConfig.store).to receive(:dos_passport_mrz_endpoint)
+                .and_return(fake_dos_api_endpoint)
+              allow(IdentityConfig.store).to receive(:doc_auth_passport_selfie_enabled)
+                .and_return(doc_auth_passport_selfie_enabled)
+              stub_request(:post, fake_dos_api_endpoint)
+                .to_return_json({ status: 200, body: { response: 'YES' } })
+              stub_health_check_settings
+              stub_health_check_endpoints_success
+              reload_ab_tests
+            end
+
+            it 'proceeds to the next page with valid info, including a selfie image' do
+              perform_in_browser(:mobile) do
+                visit_idp_from_oidc_sp_with_ial2(facial_match_required: true)
+                sign_in_and_2fa_user(@user)
+                complete_doc_auth_steps_before_hybrid_handoff_step
+
+                choose(t('doc_auth.forms.id_type_preference.passport'))
+                click_on t('forms.buttons.continue')
+
+                expect(page).to have_current_path(idv_document_capture_url, wait: 10)
+
+                click_button t('doc_auth.buttons.take_picture')
+                expect(page).to have_content(t('doc_auth.headings.document_capture_passport'))
+
+                expect(page).not_to have_content(t('doc_auth.tips.document_capture_selfie_text1'))
+                attach_passport_image(passport_image)
+                click_continue
+                expect_doc_capture_selfie_subheader
+                click_button t('doc_auth.buttons.take_picture')
+                attach_selfie
+                submit_images
+
+                expect(page).to have_content(t('doc_auth.headings.capture_complete'))
+                fill_out_ssn_form_ok
+                click_idv_continue
+                expect_step_indicator_current_step(t('step_indicator.flows.idv.verify_info'))
+                expect(page).to have_content(t('doc_auth.headings.address'))
+                fill_in 'idv_form_address1', with: '123 Main St'
+                fill_in 'idv_form_city', with: 'Nowhere'
+                select 'Virginia', from: 'idv_form_state'
+                fill_in 'idv_form_zipcode', with: '66044'
+                click_idv_continue
+                expect(page).to have_current_path(idv_verify_info_path)
+                expect(page).to have_content('VA')
+                expect(page).to have_content('123 Main St')
+                expect(page).to have_content('Nowhere')
+                complete_verify_step
+                expect(page).to have_current_path(idv_phone_url)
+              end
+            end
+          end
         end
 
         context 'with ipp enabled' do
@@ -640,7 +713,7 @@
               perform_in_browser(:mobile) do
                 use_id_image('ial2_test_credential_multiple_doc_auth_failures_both_sides.yml')
                 click_continue
-                click_button 'Take photo'
+                click_button t('doc_auth.buttons.take_picture')
                 click_idv_submit_default
                 expect(page).not_to have_content(t('doc_auth.headings.capture_complete'))
                 expect(page).not_to have_content(t('doc_auth.errors.rate_limited_heading'))
@@ -874,7 +947,7 @@
               attach_images
               click_continue
               expect_doc_capture_selfie_subheader
-              click_button 'Take photo'
+              click_button t('doc_auth.buttons.take_picture')
               attach_selfie
               submit_images