Application-specific data in a JWT?

[msporny]

Is it possible for a developer to include application-specific data in a payment JWT? For example, PaySwarm allows a developer to include application-specific data using a Linked Data approach. This means that a 3D printing store, for example, could include the color and dimensions of the final printed object in the product description. How would a developer include such a thing in the .payment() JWT?

[kumar303]

Yes, it is possible with request.productData in the JWT. This is a 255 char string which might be used by an application such as user_id=123&transaction_id=XYZ. We could perhaps enhance this into something bigger or just make it a freeform JSON object with infinite depth.

[davidlehn]

Google in-app payment spec has a similar sellerData field which is forced to a string no more than 200 characters. I'm guessing this is a database implementation detail leaking out to their API. It seems like a poor choice to force developers to encode and decode structured data into a string from within JSON. I'd suggest allowing any JSON value in there or maybe require a top level object. I'm unsure how that might effect issues like JWT size restrictions. Maybe that check can move to some other processing stage.

[kumar303]

the goal of productData for us (and probably Google) was simply to let merchants do reconciliation, not to declare data that others will consume. For example they might do something like productData='my_transaction_id=123' so that they can look up all details in their own db.