Token That Identify The User
Solution 1:
you can use developer payload to identify user and for the security.
there are two way to generate developer payload according to your application in app billing requirement.
1) if you are using unmanaged item(not consumable item) then you can use simply UserID which is uniquely identify user in particular your app. you can send developer payload as UserID.
or
you can put email address into developer payload for the unique id if you have user's email id stored into server. when you get response from the google play after user paid for product then fetch it from server database of that user account, match your developer payload.
Local database(Like SQLite):
UserID
(Automatecally
generated by product type userEmailAddress
Sql database)
1 product1 abc@gmail.com
2 product1 xyz@gmail.com
3 product1 pqr@gmail.com
Either you can pass it on payload as userID
--> it will create problem some time. if you don't want to go with server database then you can simply ignore the develop payload make it as a blank string it will not effect in you code much more.check this link of Nikolay Elenkov answer: stackoverflow.com/questions/14553515/
2) if you are using consumable item(managed item) then you can use random generated string
step 1: before on create method declare this:
privatestaticfinalchar[] symbols = newchar[36];
static {
for (int idx = 0; idx < 10; ++idx)
symbols[idx] = (char) ('0' + idx);
for (int idx = 10; idx < 36; ++idx)
symbols[idx] = (char) ('a' + idx - 10);
}
step 2: set RandomString and SessionIdentifierGenerator class in your activity
publicclassRandomString {
/*
* static { for (int idx = 0; idx < 10; ++idx) symbols[idx] = (char)
* ('0' + idx); for (int idx = 10; idx < 36; ++idx) symbols[idx] =
* (char) ('a' + idx - 10); }
*/privatefinalRandomrandom=newRandom();
privatefinalchar[] buf;
publicRandomString(int length) {
if (length < 1)
thrownewIllegalArgumentException("length < 1: " + length);
buf = newchar[length];
}
public String nextString() {
for (intidx=0; idx < buf.length; ++idx)
buf[idx] = symbols[random.nextInt(symbols.length)];
returnnewString(buf);
}
}
publicfinalclassSessionIdentifierGenerator {
privateSecureRandomrandom=newSecureRandom();
public String nextSessionId() {
returnnewBigInteger(130, random).toString(32);
}
}
step 3: pass payload into your puchase request:
RandomStringrandomString=newRandomString(36);
System.out.println("RandomString>>>>" + randomString.nextString());
/* String payload = ""; */// bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQJo4pf9RzJStringpayload= randomString.nextString();
Log.e("Random generated Payload", ">>>>>" + payload);
Log.d(TAG, "Launching purchase flow for infinite gas subscription.");
mHelper.launchPurchaseFlow(this, SKU_GAS,
IabHelper.ITEM_TYPE_INAPP, RC_REQUEST,
mPurchaseFinishedListener, payload);
for more inforamation check this link:
http://stackoverflow.com/questions/41107/how-to-generate-a-random-alpha-numeric-stringMake note this:
Security Recommendation: When you receive the purchase response from Google Play, make sure to check the returned data signature, the orderId, and the developerPayload string in the Purchase object to make sure that you are getting the expected values. You should verify that the orderId is a unique value that you have not previously processed, and the developerPayload string matches the token that you sent previously with the purchase request. As a further security precaution, you should perform the verification on your own secure server.
check this link: http://developer.android.com/google/play/billing/billing_integrate.html
for more details check this link:
http://developer.android.com/google/play/billing/billing_best_practices.htmlHope it will help you.
Solution 2:
Why do you not create an UUID for each user?
StringuniqueID= UUID.randomUUID().toString();
Post a Comment for "Token That Identify The User"