A Python module to make web payments with Mozilla's navigator.mozPay().
You can read all about how web payments work in the developer docs.
Mozilla's web payments allow you to operate an app (or website) that accepts payments for digital goods. As payments are completed, the Firefox Marketplace needs to communicate the transaction ID to your app. You can use this library to validate the signature of that communication. All communication is done via signed JWT (JSON Web Token).
This also includes some generic ways to validate JWT objects. Hmm, maybe that should be extracted for more general use.
With pip or easy_install, run:
pip install mozpay
Or install it from source:
pip install git+git://github.com/mozilla/mozpay-py.git
import logging from mozpay import InvalidJWT, process_postback try: data = process_postback(signed_request, app_key, app_secret) print data['response']['transactionID'] except InvalidJWT: loggging.exception('in postback')
import logging from mozpay import InvalidJWT, process_chargeback try: data = process_chargeback(signed_request, app_key, app_secret) print data['response']['transactionID'] print data['response']['reason'] except InvalidJWT: logging.exception('in chargeback')
If you use the Django framework, there's an app you can plug right into your urls.py.
Add the app in your settings.py file:
INSTALLED_APPS = [ # ... 'mozpay.djangoapp', ]
Add your key and secret that was granted by the Firefox Marketplace to your local settings.py file:
MOZ_APP_KEY = '<from marketplace.mozilla.org>' MOZ_APP_SECRET = '<from marketplace.mozilla.org>'
Add the postback / chargeback URLs to your urls.py file:
from django.conf.urls.defaults import patterns, include urlpatterns = patterns('', ('^moz/', include('mozpay.djangoapp.urls')), )
This will add
/moz/chargeback to your URLs.
You'll enter these callback URLs into the in-app payment config screen on the
If you want to do further processing on the postbacks, you can connect to a few signals. Here is an example of code to go in your app (probably in models.py):
import logging from django.dispatch import receiver from mozpay.djangoapp.signals import (moz_inapp_postback, moz_inapp_chargeback) @receiver(moz_inapp_postback) def mozmarket_postback(request, jwt_data, **kwargs): logging.info('transaction ID %s processed ok' % jwt_data['response']['transactionID']) @receiver(moz_inapp_chargeback) def mozmarket_chargeback(request, jwt_data, **kwargs): logging.info('transaction ID %s charged back; reason: %r' % (jwt_data['response']['transactionID'], jwt_data['response']['reason']))
Exceptions are logged to the channel
so be sure to add the appropriate handlers to that.
When an InvalidJWT exception occurs, a 400 Bad Request is returned.
.. automodule:: mozpay.verify :members: verify_jwt, verify_sig, verify_claims, verify_keys
.. automodule:: mozpay.exc :members:
The source code is hosted on https://github.com/mozilla/mozpay-py and you can submit pull requests and bugs over there.
Hello! To work on this module, check out the source from git and be sure you have the tox tool. To run the test suite, cd into the root and type:
This will run all tests in a virtualenv using the supported versions of Python.
To build the documentation, create a virtualenv then run:
pip install -r docs/requirements.txt
Build the docs from the root like this:
make -C docs/ html
algorithmslist to verification functions to adjust what JWT algorithms are accepted. By default only HS256 is accepted now.
- Upgraded PyJWT to the latest version.
- Removed M2Crypto as a dependency because that is no longer needed and it wasn't actually used for our signing purposes anyway.
- Changed postback/chargeback from reading a JWT in the post body to reading
it from the
noticeparameter. See https://bugzilla.mozilla.org/show_bug.cgi?id=838066 for details.
- Changed postback/chargeback from reading a JWT in the post body to reading it from the
- First working release.