react-native-iap icon indicating copy to clipboard operation
react-native-iap copied to clipboard
verified publisher icon dooboolab-community

Need Clarification on Receipt Validation Without a Backend Using RNIap.validateReceiptAndroid()

Open ayazalphasquad opened this issue 1 year ago • 3 comments

Description

Hi team,

I have a concern regarding the receipt validation process for Android in the react-native-iap library. While the common recommendation is to validate receipts on a secure server, our application does not currently have any backend integration not even firebase.

We are looking to perform receipt validation directly on the client side within the React Native app. Specifically, we want to use the RNIap.validateReceiptAndroid() method for Android subscriptions. However, this method requires several parameters:

  • packageName
  • productId
  • productToken
  • accessToken
  • isSub

My concern lies with the accessToken parameter. It appears that obtaining an access token requires authorization through Google Cloud Console, which typically involves server-side operations to securely authenticate and manage tokens.

Questions: 1- How can we obtain and manage the accessToken directly within a React Native app without a backend server? 2- Is there a recommended approach for securely handling Google authorization and token management directly on the client-side in a mobile app? 3- Are there any best practices or alternative methods provided by react-native-iap for validating receipts on Android without a backend server?

I would appreciate any guidance or suggestions on how to effectively handle receipt validation on Android using RNIap.validateReceiptAndroid() in an environment that lacks backend server support or also suggest to handle the receipt validation if we have backend as well.

  • react-native-iap: 12.11.0
  • react-native: 0.72.3
  • Platforms (iOS, Android, emulator, simulator, device): Android

Thank you!

ayazalphasquad avatar Aug 26 '24 10:08 ayazalphasquad

Validate receipt for Android. NOTE: This method is here for debugging purposes only. Including your access token in the binary you ship to users is potentially dangerous. Use server side validation instead for your production builds

ahaseeb001 avatar Jan 09 '25 06:01 ahaseeb001

Hi @ahaseeb001 - Thanks for your reply, But my concern is for the standalone application where we don't have the backend integrated, In that case, how do we manage the receipt validation for android ?

ayazalphasquad avatar Jan 17 '25 10:01 ayazalphasquad

@ayazalphasquad you can not validate receipt on client side that is only for testing purpose according to documentation you need a backend for receipt validation

ahaseeb001 avatar Jan 17 '25 10:01 ahaseeb001

I’m closing all issues reported in versions below 14, as the library now supports the new architecture with NitroModules and has been completely revamped.

hyochan avatar Sep 30 '25 18:09 hyochan