PFPurchase / In-App-Purchase Validation

[Morbix]

The class PFPurchase from the client SDKs will keep working without the hosted Parse?

[gfosco]

In-app purchase validation is not implemented in parse-server and may reject activity to _Purchase entirely. Open to reviewing any changes to this current behavior.

[Morbix]

@gfosco I am concern about the features, apparently, without remote connections like:

• addObserverForProduct:block:
• buyProduct:block:
• restore

I imagine that them will keep working even without a Parse Server running, right?

[gfosco]

I think this needs to be tested, as I'm not familiar with the inner workings of this area. If those are just for contacting iTunes for IAP, and they don't involve API endpoints on Parse, then it should work... but the _Product table and PFPurchase functionality was explicitly not part of initial development for parse-server.

[nlutsenko]

As @gfosco said, the server side functionality to support _Product and PFPurchase as a result was not included in the initial development for parse-server.
This means that we can add this, it's more a question of priority at this point.

Apple API for validation of in-app-purchases is pretty lightweight and I bet there is a node module that already does it, so the implementation shouldn't take too long.

[flovilmart]

@nlutsenko, I could take care of that, I looked through the iOS code, but didn't see any validation process going on client side from the SDK, I guess it was all internal. Could you draft a quick spec on the inner workings of _Purchase or I could R/E from the SDK and current behaviors

[nlutsenko]

Will do the spec next week, sounds good...
In the meantime, so you are not blocked, take a look at PFPurchase/PFProduct and PFPurchaseController, that should give you an idea of what is going on.

[flovilmart]

Thanks!

[flovilmart]

so basically to be implemented it the server counterpart of:

NSDictionary *params = [[PFEncoder objectEncoder] encodeObject:@{ @"receipt" : appStoreReceipt,
                                                                      @"productIdentifier" : productIdentifier }];
    PFRESTCommand *command = [PFRESTCommand commandWithHTTPPath:@"validate_purchase"
                                                     httpMethod:PFHTTPRequestMethodPOST
                                                     parameters:params
                                                   sessionToken:sessionToken];

[flovilmart]

@nlutsenko I believe parse didn't do validation on iOS 6 auto renewable receipts as I don,t recall any setting for the shared secret  https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html#//apple_ref/doc/uid/TP40010573-CH104-SW1

The default validation is on the production servers, then if it returns a code

21007 This receipt is from the test environment, but it was sent to the production environment for verification.

I send it to the sandbox. It creates a little overhead when testing but will prevent misconfiguration.

[gfosco]

Follow on in #515.. Brilliant work by @flovilmart