从服务器端检查谷歌安卓订阅 [英] Checking google android subscriptions from server side
问题描述
简而言之:我可以在不提供 Play 商店中的任何应用的情况下从服务器端使用 Google Play Android Developer API 吗?
in a nutshell: Can I work with the Google Play Android Developer API from server-side without providing any app in the play store?
背景:我正在开发一个提供按月订阅的应用程序的项目.每个订阅的相应数据(购买令牌、日期等)存储在后端数据库中.现在我想创建一个循环遍历每个数据集的 cronjob.对于每个订阅,我想联系 Google API 以检索订阅是否仍然有效的信息,并根据响应状态更新我们的数据库.
Background: I'm working on a project which provides apps with monthly subscriptions. The coresponding data of each subscription (purchase token, date etc) gets stored in the backend database. Now I want to create a cronjob that iterates through each of these datasets.And for each subscription I'd like to contact the Google API to retrieve the information if the subscription is still valid or not, and update our database corresponding to the responsed status.
对于后端逻辑,我使用 google-api-java-client 库.
For the backend logic I use the google-api-java-client library.
要取消或验证订阅,我需要先使用 OAuth2 进行身份验证.去过那里,做到了.
To either cancel or verify subscriptions I need to authenticate myself with OAuth2 before. Been there, done that.
new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes("https://www.googleapis.com/auth/androidpublisher") // $1
.setServiceAccountPrivateKeyFromP12File(new File(filePath))
.setClientSecrets(CLIENT_ID, CLIENT_SECRET) // $2
.build();
$1:我不知道给定的帐户范围是否有效.因为我只能在很少的例子中找到这个值,但在 this概述也不在谷歌游乐场
$1: I don't know if the given account scope is valid. Because I just could find this value in a very few examples, but neither in this overview nor in the google playground
$2 我想这是必要的,尽管我发现了很多没有提供这些信息的例子.
$2 I guess this is necessary, even though I found a lot of example which did not provide this information.
但是,不幸的是,当我提供无效数据(例如错误的电子邮件或私钥)时,我看不出任何差异.
But, unfortunately, I can't see any differences when I provide invalid data (like wrong email or private key).
问题
- 如何验证 GoogleCredential 是否正确?
- 我可以在接下来的步骤中看到它吗,比如联系 ie androidpublisher API?
在下一步中,我尝试获取订阅的购买状态:
In the next step I try to get purchase status of a subscription:
Androidpublisher publisher = new Androidpublisher.Builder(HTTP_TRANSPORT, JSON_FACTORY, credential)
.setApplicationName(GOOGLE_PRODUCT_NAME) // $1
.build();
Androidpublisher.Purchases purchases = publisher.purchases();
Androidpublisher.Purchases.Get get = purchases.get("android.test.purchased", "monthly001", "mytoken"); // $2
SubscriptionPurchase subscripcion = get.execute();
$1:来自 API 控制台 -> API 访问
$2:除此之外,androidpush API 不允许通过服务联系它帐户,但只能通过 Web 服务器应用程序身份验证流程,我不知道要在 get- 方法的参数中插入什么.
$2: Beside the fact, that the androidpush API does not allow contacting it via service accounts, but only via web server applications auth flow, I don't have any clue what to insert in the parameter of the get- method.
API 如下:https://developers.google.com/android-publisher/v1/purchases/get
问题
- 在此上下文中,包名称和订阅 ID 是什么?
- 在哪里获取/设置这些值?
阅读本文档后,我知道有一个处理假/静态响应的方法.但是,如果订阅也可以这样做,或者仅适用于移动设备上的应用内结算,我就无法在任何地方阅读.
After reading this document I know there is a way to to deal with fake/static responses. But I can't read anywhere if this is also possible for subscriptions, or just for in-app-billings on mobile devices only.
无论如何,我想知道为什么/是否有任何简单的方法可以使用沙箱或 s.th. 进行开发.类似.
I'm wondering anyway why/if there is any easy way of developing with a sandbox or s.th. simliar.
我仍然觉得我只是错过了很重要的一部分来了解事情应该如何运作.也许你们中的某个人可以给我一个提示如何在这个地方继续,或者可以告诉我我哪里错了.
I still have the feeling that I'm just missing a big part to understand how the things should work. Maybe someone of you can give me a hint how to proceed at this place or may say me where i'm wrong.
亲切的问候,
克里斯托弗
推荐答案
我现在可以弄清楚我以前的大部分理解问题.
I could now figure out most of my previous understanding problems.
=1= 生成授权网址
String authorizeUrl = new GoogleAuthorizationCodeRequestUrl(googleClientId,callbackUrl,"https://www.googleapis.com/auth/androidpublisher").build()
// See why: http://stackoverflow.com/questions/8433990/when-authenticating-with-oauth-and-youtube-always-get-error-invalid-grant-on
authorizeUrl += "&approval_prompt=force&access_type=offline"
=2= 认证
由于 server-webflow 不适用于 androidpublisher API,因此客户现在必须手动调用 (1) 中生成的 URL.
Since the server-webflow is not working for the androidpublisher API the customer must now call the URL generated in (1) manually.
=3= 回调
谷歌回调应该处理接下来的步骤.回调包含我们必须使用的参数code".
The google callback should process the next steps. The callback contains the parameter "code" which we have to use.
=4= 请求授权令牌
// Build the HTTP parameter
Map<String,String> params = [:]
params.put("grant_type", "authorization_code")
params.put("code", code.encodeAsURL())
params.put("client_id", customer.googleClientId.encodeAsURL())
params.put("client_secret", customer.googleClientSecret.encodeAsURL())
params.put("redirect_uri", getCallbackUrl().encodeAsURL())
// Send the POST request
// This action might throw an exception in case any parameter were wrong, invalid or not specified.
String result = HttpRequestHandler.sendRequest("https://accounts.google.com/o/oauth2/token", params);
JSONElement jsonResult = JSON.parse(result)
// Map result
OAuth2Result oAuth2Result = new OAuth2Result()
oAuth2Result.accessToken = jsonResult.getAt("access_token")
oAuth2Result.refreshToken = jsonResult.getAt("refresh_token")
oAuth2Result.ttlSeconds = Integer.parseInt(jsonResult.getAt("expires_in").toString())
oAuth2Result.tokenType = jsonResult.getAt("token_type")
=5= 请求刷新令牌
// Build the HTTP parameter
Map<String,String> params = [:]
params.put("grant_type", "refresh_token")
params.put("refresh_token", this.customer.googleRefreshToken.encodeAsURL())
params.put("client_id", customer.googleClientId.encodeAsURL())
params.put("client_secret", customer.googleClientSecret.encodeAsURL())
// Send the POST request
// This action might throw an exception in case any parameter were wrong, invalid or not specified.
String result = HttpRequestHandler.sendRequest("https://accounts.google.com/o/oauth2/token", params);
JSONElement jsonResult = JSON.parse(result)
// Map result
OAuth2Result oAuth2Result = new OAuth2Result()
oAuth2Result.accessToken = jsonResult.getAt("access_token")
oAuth2Result.refreshToken = jsonResult.getAt("refresh_token")
oAuth2Result.ttlSeconds = Integer.parseInt(jsonResult.getAt("expires_in").toString())
oAuth2Result.tokenType = jsonResult.getAt("token_type")
这篇关于从服务器端检查谷歌安卓订阅的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
