我是否掌握了验证用户 Android 应用内订阅的正确步骤? [英] Am I getting the steps right for verifying a user's Android in-app subscription?

查看:17
本文介绍了我是否掌握了验证用户 Android 应用内订阅的正确步骤?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在制作一个不需要用户帐户/登录的应用程序,并允许用户购买订阅.我想使用 Google Play Developer API 来验证用户是否已购买/有效订阅.从所有文档中,我收集了以下步骤.

I am making an app that does not require a user account/login, and allows the user to purchase a subscription. I want to use the Google Play Developer API to verify whether or not a user has a purchased/active subscription. From all of the documentation, I've gathered the following steps.

它们是否正确,您能回答其中的两个问题吗?

Are they correct, and could you answer the two questions in them?

  1. 在 Google API 控制台中创建一个服务帐户.
  2. 保存给我的私钥(在哪里?肯定不在我的代码中/在设备上作为 此示例代码 建议)
  3. 使用 Java 版 Google API 客户端库创建 JWT 并使用私有密钥(如何?文档给了我这个,但这不是 Java 代码……我用它做什么?)
  4. 构建访问令牌请求,并获得对 API 的访问权
  5. 应用程序现在可以向 API 发送 GET 请求以查找无论是否用户有订阅
  6. 访问令牌过期后,返回第 3 步.
  1. Create a Service Account in the Google APIs Console.
  2. Save the private key that is given to me (where? surely not in my code/on the device as this sample code suggests)
  3. Use Google APIs Client Library for Java to create and sign a JWT with the private key (how? the docs give me this, but that is not Java code... What do I do with it?)
  4. Construct an access token request, and get access to the API
  5. Application can now send a GET request to the API to find out whether or not the user has a subscription
  6. When the access token expires, go back to step 3.

另外,我有一个 Web 服务,虽然我对 Web 服务或 Web 服务编程一无所知……我只知道足够知道它可能需要在这里使用.

Also, I have a web service, though I know nothing about web services or web service programming... I only know enough to be aware that it is probably necessary to use here.

这些步骤不正确.有关正确步骤,请参阅下面的答案.但是,请注意,这仅适用于使用服务帐户(因为我不想要求用户必须明确允许 API 访问)

推荐答案

事实证明,我的步骤不正确.我花了几周的时间才弄明白这一点,而且似乎没有其他任何地方记录过.不客气:

As it turns out, my steps were not correct. It took me weeks to figure this out and it doesn't seem to be documented anywhere else. You're welcome:

  1. Google API 控制台中创建一个 Web 应用程序帐户.将任何网站作为重定向 URI";没关系,因为您不会真正使用它.创建帐户时,您将获得客户 ID 和客户机密.

  1. Create a Web Application account in the Google APIs Console. Put any website as a "redirect URI"; it doesn't matter since you will not really be using it. You will get a client id and client secret when you create the account.

在计算机上的浏览器中转到 https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=[YOUR REDIRECT URI]&client_id=[YOUR CLIENT ID] 并在出现提示时允许访问.

In a browser on your computer go to https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=[YOUR REDIRECT URI]&client_id=[YOUR CLIENT ID] and allow access when prompted.

在地址栏中查看.在您最初输入的 URI 的末尾将是您的刷新令牌.它看起来像 1/.... 您将在下一步中需要这个代码".刷新令牌永不过期.

Look in the address bar. At the end of the URI you entered originally will be your refresh token. It looks like 1/.... You will need this "code" in the next step. The refresh token never expires.

转至 https://accounts.google.com/o/oauth2/token?client_id=[YOUR CLIENT ID]&client_secret=,将此代码"转换为刷新令牌"[您的客户机密]&code=[上一步的代码]&grant_type=authorization_code&redirect_uri=[您的重定向 URI].您可以将结果值直接保存在您的程序中;除非明确撤销,否则它永远不会过期.(此步骤由@BrianWhite 插入——见评论)确保您使用的是 POST.(由 Gintas 插入)

Convert this "code" to a "refresh token" by going to https://accounts.google.com/o/oauth2/token?client_id=[YOUR CLIENT ID]&client_secret=[YOUR CLIENT SECRET]&code=[CODE FROM PREVIOUS STEP]&grant_type=authorization_code&redirect_uri=[YOUR REDIRECT URI]. You can save the resulting value right in your program; it never expires unless explicitly revoked. (this step inserted by @BrianWhite -- see comments) Make sure you are using POST.(inserted by Gintas)

在您的代码中,使用 BasicNameValuePairs "grant_type","re​​fresh_token" 向 https://accounts.google.com/o/oauth2/token 发送 HttpPost 请求, "client_id",[YOUR CLIENT ID], "client_secret",[YOUR CLIENT SECRET], "refresh_token",[YOUR REFRESH TOKEN].例如,请查看此处.您需要在单独的线程中执行此操作,可能使用 AsyncTask.这将返回一个 JSONObject.

In your code, send an HttpPost request to https://accounts.google.com/o/oauth2/token with the BasicNameValuePairs "grant_type","refresh_token", "client_id",[YOUR CLIENT ID], "client_secret",[YOUR CLIENT SECRET], "refresh_token",[YOUR REFRESH TOKEN]. For an example look here. You will need to do this in a separate thread, probably using AsyncTask. This will return a JSONObject.

从返回的 JSONObject 中获取访问令牌.例如,请查看此处.您需要获取字符串access_token".访问令牌将在 1 小时后过期.

Get the access token from the returned JSONObject. For an example look here. You will need to get the string "access_token". The access token expires in 1 hour.

在您的代码中,将 HttpGet 请求发送到 https://www.googleapis.com/androidpublisher/v1/applications/[您的应用程序包名称]/subscriptions/[您发布订阅的 ID从您的 ANDROID 开发者控制台]/purchases/[用户在购买订阅时收到的购买令牌]?accesstoken="[第 4 步中的访问令牌]".有关示例,请查看此处.

In your code, send an HttpGet request to https://www.googleapis.com/androidpublisher/v1/applications/[YOUR APP'S PACKAGE NAME]/subscriptions/[THE ID OF YOUR PUBLISHED SUBSCRIPTION FROM YOUR ANDROID DEVELOPER CONSOLE]/purchases/[THE PURCHASE TOKEN THE USER RECEIVES UPON PURCHASING THE SUBSCRIPTION]?accesstoken="[THE ACCESS TOKEN FROM STEP 4]". For an example look here.

这篇关于我是否掌握了验证用户 Android 应用内订阅的正确步骤?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
移动开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆