keeprocking / pyinapp Goto Github PK

The GooglePlayValidator does not contact the store, it just validates the receipt signature, but the purchase itself could be cancelled, refunded, subscription expired etc....

Right?

I am trying to verify the product purchased from google play with the Google Play (receipt + signature) method, but validate_signature function does not accept the "signature" transmitted by google play by warning "Bad signature".

Same library is working to verify purchases in AppStore but not working in Google Play!

Do you have any idea why? @keeprocking

Only Android TEST purchasing, this lib response error because no "orderId" exists in a receipt .

https://developer.android.com/google/play/billing/billing_testing.html

Note: Test purchases don't have an orderId field. To track test purchases, you use the purchaseToken field instead

I think that this is a cause.

Whenever I tried to print the purchase object it says: [<pyinapp.purchase.Purchase object at 0x7f907bd40410>]
How can I access the transaction_id, product_id after receipt verification?
Please help!!

Google has an api to validate receipt. In pyinapp, for Google play receipt validation, no API call is used. Is it valid method or we should use API for google play case?

@keeprocking,

for google in-app purchase validation using following receipt structure. it contains more keys than in your test file receipt.

please guide me what structure to follow and necessary keys to pass in json format.

{
  "data": {
    "orderId": "587741.91766670682",
    "packageName": "com.game.pkg",
    "productId": "life_3",
    "purchaseTime": 1464695120669,
    "purchaseState": 0,
    "developerPayload": "351",
    "purchaseToken": "oofmvnfsnosqrtelxvc"
  },
  "signature": "QiqvGGww82SLj4lAWpl7kodOXY5yIbj7aC9jc7g770PrEBD8cVmun1ayPyTEWPHvXTcIebHhlEXz24FSSGh62paIvFVP8hWquxyQgjqWZ09DbxFjIxML23PORyA7sjgSBYfi/g/p6XVBr/63eNqLqXXkRJX/TNtioKHY/DXU4ohW3f2AnEYrnkUjWGB5y6mS83w1/8Fu5rMad"
}

Hello.

I'm just trying your library to verify receipt that is sent from Android device.

I've set everything and I bought an item with my friends' smartphone.

The problem is that it always fails to validate.

I found that verify() in pkcs1.py always fails because expected != clearsig.

Could you give any advice for this?

Thank you very much.

bundle_id = '...'
api_key = 'PUBLIC_KEY_FROM_GOOGLE_PLAY_DEVELOPER_CONSOLE'
validator = GooglePlayValidator(bundle_id, api_key)

try:
    receipt = {
        'orderId': '...',
        'packageName': '...',
        'productId': '...',
        'purchaseTime': ...,
        'purchaseState': ...,
        'developerPayload': '...',
        'purchaseToken': '...'
    }
    receipt = json.dumps(receipt)    # if not, error during encode()
    signature = 'abcdefg...'
    purchase = validator.validate(receipt, signature)
    print(True)     # never met this
except InAppValidationError:
    print(False)    # always reached here

The library needs some kind of API key for Android validation, though I only have p12 permission file, so it fails on setup.

What should i do?

The way it is now, it is not possible to programmatically detect the difference from een subscription expired and server unavailable. While it does matter for auto-renewable subscriptions.