Android应用内结算:字符串有效负载
[英]Android In-App Billing: String payload
问题描述
I'm trying to implement In-App Billing in my App and in the google payload sample's MainActivity it says like this: 
我正在尝试在我的应用程序中以及在Google有效负载示例的MainActivity中实现应用程序内计费,它表示如下:
/* TODO: for security, generate your payload here for verification.
I have looked for it on Android Developers - Security and Design and it states: 我在Android Developers-Security and Design上寻找了它,并指出:
You should pass in a string token that helps your application to identify the user who made the purchase, so that you can later verify that this is a legitimate purchase by that user.
Still it is not clear to me how do I have to generate the String and most importantly how to "use a string that uniquely identifies the user" 我仍然不清楚如何生成字符串,最重要的是如何“使用唯一标识用户的字符串”
Perhaps you can provide an example and a brief explanation of how it works. 也许您可以提供一个示例并对其进行简要说明。
EDIT: Google in the Android Developers - Security and Design even suggests not to use the user email. 编辑: Android开发人员-安全和设计中的Google甚至建议不要使用用户电子邮件。
Note: Do not use the user's email address in the payload string, since that address may change.
What can I use instead? 我该怎么用呢?
1 个解决方案
解决方案1
0 已采纳 2016-09-12 13:38:19
According to android documentation here it is stated that 根据android文档在这里指出
The fifth argument contains a 'developer payload' string that you can use to send supplemental information about an order (it can be an empty string). 第五个参数包含一个“开发人员有效负载”字符串,可用于发送有关订单的补充信息(它可以是一个空字符串)。 Typically, this is used to pass in a string token that uniquely identifies this purchase request. 通常,这用于传递唯一标识此购买请求的字符串令牌。 If you specify a string value, Google Play returns this string along with the purchase response. 如果您指定字符串值,则Google Play会返回此字符串以及购买响应。 Subsequently, when you make queries about this purchase, Google Play returns this string together with the purchase details. 随后,当您对此次购买进行查询时,Google Play会返回此字符串以及购买详细信息。
Security Recommendation: It's good practice to pass in a string that helps your application to identify the user who made the purchase, so that you can later verify that this is a legitimate purchase by that user. 安全建议:好的做法是传递一个字符串,该字符串可以帮助您的应用程序识别进行购买的用户,以便您以后可以验证这是该用户的合法购买。 For consumable items, you can use a randomly generated string, but for non-consumable items you should use a string that uniquely identifies the user. 对于消耗品,您可以使用随机生成的字符串,但对于非消耗品,则应使用唯一标识用户的字符串。
So , For the product ID SKU_2006 if you initiated the purchase flow with String payload = email+item1; 因此,对于产品ID为SKU_2006的产品,如果您使用String payload = email + item1;启动了购买流程; then Google Play will return the same payload in the response and hence you would get it here as 然后Google Play将在响应中返回相同的有效载荷,因此您将在此处获得它
boolean verifyDeveloperPayload(Purchase p) {
String payload = p.getDeveloperPayload();
..
}
Now , let me define the whole scenario in terms of code : 现在,让我根据代码定义整个场景:
First , you would initiate a purchase request like below 首先,您将发起如下购买请求
String payload = getUserEmailFromAndroidAccounts() + itemUniqueId;
mHelper.launchPurchaseFlow(new PurchaseFinishListener(itemUniqueId), SKU_GAS, 10001,
mPurchaseFinishedListener, payload);
If the purchase order is successful, the response data from Google Play is stored in an Purchase object that is passed back to the listener. 如果采购订单成功,则来自Google Play的响应数据将存储在Purchase对象中,然后将其传递回侦听器。
private class PurchaseFinishListener implements IabHelper.OnIabPurchaseFinishedListener {
private final String mItemUniqeId;
public PurchaseFinishListener(String itemUniqeId) {
mItemUniqeId = itemUniqeId;
}
public void onIabPurchaseFinished(IabResult result, Purchase purchase)
{
if (result.isFailure()) {
Log.d(TAG, "Error purchasing: " + result);
return;
}
if (!verifyDeveloperPayLoad(mItemUniqeId , purchase)) {
Log.d(TAG, "Authenticity verification failed");
return;
}
// set your product as purchased in your DB or server
}
}
Now your verifyDeveloperPayLoad(purchase) method should look as below : 现在,您的verifyDeveloperPayLoad(purchase)方法应如下所示:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.