[Bug] Check parsed JSON receipt if it contains the purchaseToken field for Google Play #319
Conversation
emersonhsieh
changed the title
emersonhsieh
changed the title
|
Also ran into this, please consider merging |
|
I also ran into this, please merge! |
|
Hello, I used google play service to validate receipt, but I got the following error. {"error":{},"status":498,"message":"Invalid Purchase Token"} |
|
Just so anyone following this sees, I was able to get around this by using the client email and private key option for google instead without any errors. Of course, it would still be nice to use a public key instead of this option, and the docs don't necessarily guide anyone to do this, but it works! |
Thanks for your reply, I solved the problem by removing JSON.stringify(). |
Currently, to determine if the platform type of the receipt is Google Play, there are two cases:
iap.validateis an object, then the code checks ifreceipt.signatureorreceipt.purchaseTokenexists.iap.validateis a string, then the code first parses the receipt into an object (calledparsed), then it is supposed to check ifparsed.signatureorparsed.purchaseTokenexists.However, for the second condition the code never checks
parsed.purchaseToken, instead checking whetherreceipt.purchaseTokenexists twice.As a result, when a Google Play receipt string that uses service account for validation is passed into
iap.validate, the package interprets it as an Amazon receipt since the receipt will not containparsed.signature. It only containsparsed.purchaseToken, which is never checked.