Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Token that identify the user

I'm developing an android application and I would like some functionality of the application is not free.

I have thought to use in-app Billing Version 3 API, so I have defined an "In-App Product" in the developer console.

After reading the documentation, I know that when I start the purchase flow I should pass in a string token that helps the application to uniquely identify the user who made the purchase.

But how could I obtain a string token that identify the user?

Thanks

like image 998
Eduardo Avatar asked Jun 19 '13 16:06

Eduardo


People also ask

What is an identification token?

An identity token is a portable piece of hardware that a user carries and uses to access a network. The token aids in proving the user's identity and authenticating that user for the use of a service. An identity token is more often referred to as a security token or an authentication token.

What is user access token?

Access tokens are the thing that applications use to make API requests on behalf of a user. The access token represents the authorization of a specific application to access specific parts of a user's data.

What token is used to authenticate?

An authentication token (security token) is a “trusted device” used to access an electronically restricted resource (usually an application or a corporate network). It can be seen as an electronic key that enables a user to authenticate and prove his identity by storing some sort of personal information.

How can I get my ID token?

Get an ID token from the Credentials object After you retrieve a user's credentials, check if the Credentials object includes an ID token. If it does, call getIdTokens to retrieve it, and send it to your backend by HTTPS POST.


1 Answers

you can use developer payload to identify user and for the security.

there are two way to generate developer payload according to your application in app billing requirement.

1) if you are using unmanaged item(not consumable item) then you can use simply UserID which is uniquely identify user in particular your app. you can send developer payload as UserID.

or

you can put email address into developer payload for the unique id if you have user's email id stored into server. when you get response from the google play after user paid for product then fetch it from server database of that user account, match your developer payload.

Local database(Like SQLite):

     UserID
     (Automatecally  
       generated by   product type     userEmailAddress
      Sql database)        


        1            product1            [email protected]
        2            product1            [email protected]
        3            product1            [email protected]

Either you can pass it on payload as userID

--> it will create problem some time. if you don't want to go with server database then you can simply ignore the develop payload make it as a blank string it will not effect in you code much more.check this link of Nikolay Elenkov answer: stackoverflow.com/questions/14553515/

2) if you are using consumable item(managed item) then you can use random generated string

step 1: before on create method declare this:

            private static final char[] symbols = new char[36];

        static {
            for (int idx = 0; idx < 10; ++idx)
                symbols[idx] = (char) ('0' + idx);
            for (int idx = 10; idx < 36; ++idx)
                symbols[idx] = (char) ('a' + idx - 10);
        }

step 2: set RandomString and SessionIdentifierGenerator class in your activity

    public class RandomString {

        /*
         * static { for (int idx = 0; idx < 10; ++idx) symbols[idx] = (char)
         * ('0' + idx); for (int idx = 10; idx < 36; ++idx) symbols[idx] =
         * (char) ('a' + idx - 10); }
         */

        private final Random random = new Random();

        private final char[] buf;

        public RandomString(int length) {
            if (length < 1)
                throw new IllegalArgumentException("length < 1: " + length);
            buf = new char[length];
        }

        public String nextString() {
            for (int idx = 0; idx < buf.length; ++idx)
                buf[idx] = symbols[random.nextInt(symbols.length)];
            return new String(buf);
        }

    }

    public final class SessionIdentifierGenerator {

        private SecureRandom random = new SecureRandom();

        public String nextSessionId() {
            return new BigInteger(130, random).toString(32);
        }

    }

step 3: pass payload into your puchase request:

    RandomString randomString = new RandomString(36);
            System.out.println("RandomString>>>>" + randomString.nextString());
            /* String payload = ""; */
            // bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQJo4pf9RzJ
            String payload = randomString.nextString();
            Log.e("Random generated Payload", ">>>>>" + payload);

        Log.d(TAG, "Launching purchase flow for infinite gas subscription.");
            mHelper.launchPurchaseFlow(this, SKU_GAS,
                    IabHelper.ITEM_TYPE_INAPP, RC_REQUEST,
                    mPurchaseFinishedListener, payload);

    for more inforamation check this link:
    http://stackoverflow.com/questions/41107/how-to-generate-a-random-alpha-numeric-string

Make note this:

Security Recommendation: When you receive the purchase response from Google Play, make sure to check the returned data signature, the orderId, and the developerPayload string in the Purchase object to make sure that you are getting the expected values. You should verify that the orderId is a unique value that you have not previously processed, and the developerPayload string matches the token that you sent previously with the purchase request. As a further security precaution, you should perform the verification on your own secure server.

   check this link:
   http://developer.android.com/google/play/billing/billing_integrate.html
for more details check this link:

http://developer.android.com/google/play/billing/billing_best_practices.html

Hope it will help you.

like image 116
Maulik Avatar answered Nov 23 '22 23:11

Maulik