令牌识别用户 [英] Token that identify the user

问题描述

我开发一个Android应用程序，我想应用程序的某些功能是不是免费的。

我在开发者控制台认为使用应用内计费第3版的API，所以我定义了一个应用内商品。

阅读文档后，我知道，当我开始购买流程我要传递一个字符串标记，帮助应用程序唯一标识谁提出的购买用户。

但是，我怎么能得到一个字符串令牌识别用户？

感谢

解决方案

您可以使用开发有效载荷标识用户的安全性。

有两种方式根据应用内结算要求您的应用程序开发人员生成有效载荷。

1）如果你正在使用非托管项目（非消耗品），那么你可以使用简单的用户名这是唯一识别用户特别是你的应用程序。您可以发送有效载荷的开发作为用户名。

或

您可以将电子邮件地址为开发有效载荷的唯一ID，如果你有用户的电子邮件ID存储到服务器上。当你从谷歌响应用户支付产品，然后从该用户帐户的服务器数据库中读取后播放，满足您开发的有效载荷。

本地数据库（如SQLite的）：

 用户名
     （Automatecally
       按产品类型userEmailAddress产生
      SQL数据库）


        1产品1 abc@gmail.com
        2产品1 xyz@gmail.com
        3产品1 pqr@gmail.com
 

或者你可以在有效载荷将它作为用户ID

- >会造成问题一段时间。如果你不想去与服务器数据库，那么你可以简单地忽略了发展的有效载荷，使其作为一个空字符串它不会影响你code多more.check的尼古拉Elenkov回答这个链接：stackoverflow.com/问题/ 14553515 /

2）如果你正在使用的消耗品（管理项目），那么你可以使用随机生成的字符串

 第1步：前上创建方法声明如下：

            私有静态最后的char []符号=新的字符[36];

        静态{
            为（中间体IDX = 0; IDX小于10 ++ IDX）
                符号[IDX] =（char）的（'0'+ IDX）;
            对于（INT IDX = 10; IDX＆LT; 36; ++ IDX）
                符号[IDX] =（char）的（'A'+ IDX  -  10）;
        }
 

第2步：在您的活动设置RandomString和SessionIdentifierGenerator类

 公共类RandomString {

        / *
         * {静态的（INT IDX = 0; IDX小于10 ++ IDX）符号[IDX] =（焦炭）
         *（0+ IDX）;对于（INT IDX = 10; IDX＆LT; 36; ++ IDX）符号[IDX =
         *（字符）（A+ IDX  -  10）; }
         * /

        私人最终随机随机=新的随机（）;

        私人最终的char [] buf中;

        公共RandomString（INT长度）{
            如果（长度小于1）
                抛出新抛出：IllegalArgumentException（长度小于1：+长度）;
            BUF =新的char [长度];
        }

        公共字符串nextString（）{
            对于（INT IDX = 0; IDX＆LT; buf.length ++ IDX）
                BUF [IDX] =符号[random.nextInt（symbols.length）];
            返回新的String（BUF）;
        }

    }

    公共final类SessionIdentifierGenerator {

        私人SecureRandom的随机=新的SecureRandom（）;

        公共字符串nextSessionId（）{
            返回新的BigInteger（130，随机）的ToString（32）;
        }

    }
 

第三步：通过有效载荷送入你的puchase要求：

  RandomString randomString =新RandomString（36）;
            的System.out.println（RandomString＆GT;＆GT;＆GT;＆gt;中+ randomString.nextString（））;
            / *字符串有效载荷=; * /
            // bGoa + V7g / yqDXvKRqq + JTFn4uQZbPiQJo4pf9RzJ
            串有效负载= randomString.nextString（）;
            Log.e（随机生成有效载荷，＆GT;＆GT;＆GT;＆GT;＆gt;中的有效负载+）;

        Log.d（TAG，启动无限气认购采购流程。）;
            mHelper.launchPurchaseFlow（这一点，SKU_GAS，
                    IabHelper.ITEM_TYPE_INAPP，RC_REQUEST，
                    mPurchaseFinishedListener，有效载荷）;

    更多的inforamation检查此链接：
    http://stackoverflow.com/questions/41107/how-to-generate-a-random-alpha-numeric-string
 

请说明一下：

  

    

安全建议：：当您收到来自谷歌收购的响应玩，一定要检查返回的数据签名时，     的orderId和developerPayload串在采购对象     确保你所得到的预期值。您应该验证     该orderId的是，你有没有previously独特的价值     处理，并且developerPayload串令牌匹配你     发送previously的购买请求。作为进一步的安全     precaution，你应该对自己的安全进行验证     服务器。

  

 检查此链接：
   http://developer.android.com/google/play/billing/billing_integrate.html
 

 有关详细信息，检查此链接：

http://developer.android.com/google/play/billing/billing_best_practices.html
 

希望它会帮助你。

I'm developing an android application and I would like some functionality of the application is not free.

I have thought to use in-app Billing Version 3 API, so I have defined an "In-App Product" in the developer console.

After reading the documentation, I know that when I start the purchase flow I should pass in a string token that helps the application to uniquely identify the user who made the purchase.

But how could I obtain a string token that identify the user?

Thanks

解决方案

you can use developer payload to identify user and for the security.

there are two way to generate developer payload according to your application in app billing requirement.

1) if you are using unmanaged item(not consumable item) then you can use simply UserID which is uniquely identify user in particular your app. you can send developer payload as UserID.

or

you can put email address into developer payload for the unique id if you have user's email id stored into server. when you get response from the google play after user paid for product then fetch it from server database of that user account, match your developer payload.

Local database(Like SQLite):

     UserID
     (Automatecally  
       generated by   product type     userEmailAddress
      Sql database)        


        1            product1            abc@gmail.com
        2            product1            xyz@gmail.com
        3            product1            pqr@gmail.com

Either you can pass it on payload as userID

--> it will create problem some time. if you don't want to go with server database then you can simply ignore the develop payload make it as a blank string it will not effect in you code much more.check this link of Nikolay Elenkov answer: stackoverflow.com/questions/14553515/

2) if you are using consumable item(managed item) then you can use random generated string

step 1: before on create method declare this:

            private static final char[] symbols = new char[36];

        static {
            for (int idx = 0; idx < 10; ++idx)
                symbols[idx] = (char) ('0' + idx);
            for (int idx = 10; idx < 36; ++idx)
                symbols[idx] = (char) ('a' + idx - 10);
        }

step 2: set RandomString and SessionIdentifierGenerator class in your activity

    public class RandomString {

        /*
         * static { for (int idx = 0; idx < 10; ++idx) symbols[idx] = (char)
         * ('0' + idx); for (int idx = 10; idx < 36; ++idx) symbols[idx] =
         * (char) ('a' + idx - 10); }
         */

        private final Random random = new Random();

        private final char[] buf;

        public RandomString(int length) {
            if (length < 1)
                throw new IllegalArgumentException("length < 1: " + length);
            buf = new char[length];
        }

        public String nextString() {
            for (int idx = 0; idx < buf.length; ++idx)
                buf[idx] = symbols[random.nextInt(symbols.length)];
            return new String(buf);
        }

    }

    public final class SessionIdentifierGenerator {

        private SecureRandom random = new SecureRandom();

        public String nextSessionId() {
            return new BigInteger(130, random).toString(32);
        }

    }

step 3: pass payload into your puchase request:

    RandomString randomString = new RandomString(36);
            System.out.println("RandomString>>>>" + randomString.nextString());
            /* String payload = ""; */
            // bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQJo4pf9RzJ
            String payload = randomString.nextString();
            Log.e("Random generated Payload", ">>>>>" + payload);

        Log.d(TAG, "Launching purchase flow for infinite gas subscription.");
            mHelper.launchPurchaseFlow(this, SKU_GAS,
                    IabHelper.ITEM_TYPE_INAPP, RC_REQUEST,
                    mPurchaseFinishedListener, payload);

    for more inforamation check this link:
    http://stackoverflow.com/questions/41107/how-to-generate-a-random-alpha-numeric-string

Make note this:

Security Recommendation: When you receive the purchase response from Google Play, make sure to check the returned data signature, the orderId, and the developerPayload string in the Purchase object to make sure that you are getting the expected values. You should verify that the orderId is a unique value that you have not previously processed, and the developerPayload string matches the token that you sent previously with the purchase request. As a further security precaution, you should perform the verification on your own secure server.

   check this link:
   http://developer.android.com/google/play/billing/billing_integrate.html

for more details check this link:

http://developer.android.com/google/play/billing/billing_best_practices.html

Hope it will help you.

这篇关于令牌识别用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！