在android计费v3 api中,开发者的有效负载应该是什么?
我正在我的应用程序中实现应用内计费,以解锁高级功能。应用程序内计费设置正确。除了“开发人员有效负载”之外,一切看起来都很好。
示例应用程序显示
/*
* TODO: verify that the developer payload of the purchase is correct. It will be
* the same one that you sent when initiating the purchase.
*
* WARNING: Locally generating a random string when starting a purchase and
* verifying it here might seem like a good approach, but this will fail in the
* case where the user purchases an item on one device and then uses your app on
* a different device, because on the other device you will not have access to the
* random string you originally generated.
*
* So a good developer payload has these characteristics:
*
* 1. If two different users purchase an item, the payload is different between them,
* so that one user's purchase can't be replayed to another user.
*
* 2. The payload must be such that you can verify it even when the app wasn't the
* one who initiated the purchase flow (so that items purchased by the user on
* one device work on other devices owned by the user).
*
* Using your own server to store and verify developer payloads across app
* installations is recommended.
*/示例应用程序使用一个空字符串作为开发人员的有效负载。我的问题是,使用什么字符串作为开发人员的有效负载?我可以使用用户的主电子邮件ID吗?
回答 2
Stack Overflow用户
发布于 2013-09-06 04:53:24
请检查下面的答案,它可能解决您的问题:
如果使用的是可消费项(托管项),则可以使用随机生成的字符串。
步骤1:在开始创建方法之前,声明如下:
private static final char[] symbols = new char[36];
static {
for (int idx = 0; idx < 10; ++idx)
symbols[idx] = (char) ('0' + idx);
for (int idx = 10; idx < 36; ++idx)
symbols[idx] = (char) ('a' + idx - 10);
}步骤2:在活动中设置RandomString和SessionIdentifierGenerator类
public class RandomString {
/*
* static { for (int idx = 0; idx < 10; ++idx) symbols[idx] = (char)
* ('0' + idx); for (int idx = 10; idx < 36; ++idx) symbols[idx] =
* (char) ('a' + idx - 10); }
*/
private final Random random = new Random();
private final char[] buf;
public RandomString(int length) {
if (length < 1)
throw new IllegalArgumentException("length < 1: " + length);
buf = new char[length];
}
public String nextString() {
for (int idx = 0; idx < buf.length; ++idx)
buf[idx] = symbols[random.nextInt(symbols.length)];
return new String(buf);
}
}
public final class SessionIdentifierGenerator {
private SecureRandom random = new SecureRandom();
public String nextSessionId() {
return new BigInteger(130, random).toString(32);
}
}步骤3:将有效负载传递到您的puchase请求中:
RandomString randomString = new RandomString(36);
System.out.println("RandomString>>>>" + randomString.nextString());
/* String payload = ""; */
// bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQJo4pf9RzJ
String payload = randomString.nextString();
Log.e("Random generated Payload", ">>>>>" + payload);
Log.d(TAG, "Launching purchase flow for infinite gas subscription.");
mHelper.launchPurchaseFlow(this, SKU_GAS,
IabHelper.ITEM_TYPE_INAPP, RC_REQUEST,
mPurchaseFinishedListener, payload);有关更多信息,请查看以下链接:Token that identify the user
希望它能解决你的问题。
Stack Overflow用户
发布于 2015-01-11 04:51:00
对我来说,随机字符串是没有用的,因为首先,它需要依赖于购买它的用户,而不是它购买的设备。其次,这是一个非消耗的项目,所以一个空字符串可能适合,但不是理想的。
因此,我的方法是创建一个基于密钥的加密哈希。每次购买时,它都是唯一可识别的,因为散列不应该是相同的(这取决于散列方法,例如bcrypt)。
由于密钥在所有设备上都是相同的,所以很容易解密并验证秘密消息是否正确。
为了使密钥保持秘密,我使用了各种字符串操作函数来掩盖它,因此它不会以可见的方式存储。
文本修饰的一个例子可以在这里找到:Android In App Billing: securing application public key
String Base64EncodedPublicKey key = DecrementEachletter("Bl4kgle") + GetMiddleBit() + ReverseString("D349824");
这种基于键创建散列的方法允许有效负载是唯一的和可识别的,同时也是合理安全的。它不是防弹的,但它确实使它很难破解。
https://stackoverflow.com/questions/18613520
复制相似问题
腾讯云开发者
