AndroidInAppBilling icon indicating copy to clipboard operation
AndroidInAppBilling copied to clipboard

Published 20 hours ago verified publisher icon poiuytrez

clarification on validation

Open toom1984 opened this issue 10 years ago • 1 comments

Hi, thanks for the plugin. This may be a stupid question, but i would like come clarification on validating purchase. Does the plugin do any validation on its own? The buy() not returning signature confuses me.

  1. calling inappbilling.buy() returns the json object, but not the signature. I would need the signature to validate server side. Am i looking in the wrong place?

  2. looking at the InApBillingPlugin.java in the mPurchaseFinishedListener it makes a call to verifyDeveloperPayload(purchase) function which returns true without really doing anything. The readme does not indicate that i would have to change the .java code.

So main question is how to get the signature and how is verification meant to work with this plugin? In the answer in issue #44 the best solution?

toom1984 avatar Sep 04 '14 13:09 toom1984

to answer part of my question, the plugin does do validation in the IabHelper and Security.java files, but if you want to do secondary verification server side as google recommends then it seems you need to modify the .java to send the signature to js along with originalObject

toom1984 avatar Sep 05 '14 09:09 toom1984