Validate Purchase in Microsoft Store for Subscriptions?
Question
We are reviewing Microsoft Store integration for some of the apps of our organisation. As per our current understanding of the Store, we are planning to use Get subscriptions for a user server to server API for fetching a user's purchases and verifying if the purchase to the claimed product is currently Active or not.
The API requires a StoreID to be passed which is the user identifier for the user Microsoft Store user logged in to the store. The app needs to generate this StoreID by calling some API from the Windows SDK and store it locally.
Once the purchase is successful from the store, the StoreID is sent to our servers in a API called ClaimPurchase , which utilises the above server-server Get Subscriptions for a user API to fetch the subscriptions for verification.
Problem:
User A (user in our system) logs in and purchases the subscription and captures the ClaimPurchase call (through some proxy set on the device) to retrieve the StoreID.
User A sells user B the StoreID. User B logs in to the app (again proxied on the device), fetch their authentication parameters (some access token) and use a HTTP client to make the ClaimPurchase call with the access token and StoreID .
When the call is validated from the server to server call, it will show that the subscriptions for the current user are active.
One way to solve this is, that we maintain a StoreID -> UserId mapping whenever a successful ClaimPurchase is made. And StoreID be verified that it belongs to the same user.
But just in case user A also generates a new StoreID, say S2 at the same time (when S1 was generated) and sells to user B instead of S1 . User B uses StoreID S2 while making the claim.
How do we handle this scenario. The API response for Get Subscriptions for User provides a id field (subscription id) and a beneficiary_id which can be mapped to the application user id. But this works only if the two never change for a subscription in their active states.
My question falls back to: Does id and beneficiary_id change?
Also, is there a better method of handling this?
1 answers
solution1
0 2019-08-08 06:51:52
Whether a user purchases a subscription add-on or an app depends on whether the license they acquire is active or not, not depends on the Store ID .Purchase a subscription add-on require the Store ID(enabled in your code behind), rather than a user purchase and get the Store ID.The Store ID belongs to the developer not the customers.So there should be no possible for users to buy or sell Store ID to log in your app/add-on.
When you enable the subscription add-on for your app,you should follow the steps:
1.Determines whether the customer already has an active license for the subscription.(AppLicense,AddOnLicenses)
2.Use StoreProduct object that represents the subscription you want to purchase on behalf of the customer.
3.The code then determines whether a trial is available for the subscription.
4.Call RequestPurchaseAsync method to request the purchase of the subscription
For more details please refer to document: Enable subscription add-ons for your app
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.