Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

iOS & Firebase Auto-renewable Subscriptions

My problem:

I am having a hard time figuring out a way to safely manage auto-renewable subscriptions in iOS with Firebase.

Purchase process:

  1. User1 purchases a subscription
    • Update User1's account on Firebase w/ the subscription identifier (used to unlock content)
    • Store original_transaciton_identifier(OTI) w/ uid of User1 to match w/ receipt verification from Apple.
    • Grant user access

Edge cases causing my brain to implode:

  1. User1 logs out of AppleId used to purchase subscription, but remains logged in to app w/ Firestore credentials.
    • Therefore, when I go to verify if the subscription has expired it does not return a valid subscription. I want the user to be able to keep their access until it is expired or canceled. Any tips on achieving this?
  2. User2 logs into the same device User1 was previously using.
    • Therefore, the same AppleId is being used for both users. I can check if the current user has a subscription, and check the OTI to see if it corresponds to User2...which it won't.
    • We will show the 'purchase iAPs' screen, but what if this user wants to buy a subscription as well under the same AppleId? Is it normal for me to handle this saying, "Apple Id already connected with another account or something"?

Relevant articles I've been able to find:

How to tie auto-renewable subscriptions to in house user, not appled id

I've been struggling with this for sometime and haven't been able to find many resources. All help is appreciated.

like image 247
Casey West Avatar asked Mar 25 '19 17:03

Casey West


People also ask

What does iOS mean?

2 iOS, an acronym for iPhone Operating System, is a Unix-derived operating system powering all of Apple's mobile devices. 3 The name iOS was not officially applied to the software until 2008, when Apple released the iPhone software development kit (SDK), enabling any app makers to create applications for the platform.

Is iOS an iPhone or Android?

Device SelectioniOS is only available on Apple devices: the iPhone as a phone, the iPad as a tablet, and the iPod Touch as an MP3 player. These tend to be more expensive than equivalent hardware using Android.

Is Apple and iOS the same thing?

The iOS is the operating system created by Apple Inc. for mobile devices. The iOS is used in many of the mobile devices for Apple such as iPhone, iPod, iPad etc.

What is the current iOS system?

Get the latest software updates from Apple The latest version of iOS is 16.0.3 for iPhone 8 and later. The latest version of iPadOS is 15.7. Learn how to update the software on your iPhone, iPad, or iPod touch.


1 Answers

For case #1:

When you attempt to access the receipt Apple will trigger a login prompt for the user to enter their iTunes credentials. If a receipt is still unavailable, you won't be able to verify the subscription status. The "right" way to do this is to store the entire receipt on your server, and periodically refresh it with /verifyReceipt. You'll check if the subscription was cancelled, and update the expiration_date so you know when to cut off access for the user.

For case #2:

Is it normal for me to handle this saying, "Apple Id already connected with another account or something"?

Yes! If you're able to look at how some other large subscription apps handle this (Netflix, Spotify, HBO, etc.) - it's similar to what you describe. Instead of checking the receipt locally every time, if you maintain the subscription status on your server (as mentioned in #1) this would only happen if the user tries to "Restore Purchases".

This is a pretty extreme edge case, since not many people try to make a purchase on their friends phone and would require TouchID/FaceID in most cases - so it's more of a fraud prevention feature. Once you get millions of users you can get fancy and send them an automated email link to signup with Stripe if you detect this.

Alternative:

RevenueCat can handle all the subscription tracking and these edge cases out-of-the-box, and it plays nice with Firebase. Disclaimer: I work there.

like image 63
enc_life Avatar answered Oct 19 '22 23:10

enc_life