[Feature request + Bug] Payload mismatch error when using promo code

[murat-mehmet]

When using promo code, iap does not return a developer payload, so please can we have an option to skip the validation? Because at the moment I'm having serious problem with react-native-billing which uses this lib, and because of the validation of developer payload it passes when using promo code.

[autonomousapps]

I don't use react native, so my apologies if this is a dumb question, but couldn't you just not pass a payload when using promo codes?

I ran into an issue with payloads on my project because I didn't realize this app takes my developer payload and prepends some text to help it distinguish between purchases and subscriptions.

[murat-mehmet]

No, this problem has nothing to do with react native, i tried passing empty developer payload but the lib is generating a developer payload:

			String purchasePayload = purchaseType + ":" + productId;
			if (!purchaseType.equals(Constants.PRODUCT_TYPE_SUBSCRIPTION))
			{
				purchasePayload += ":" + UUID.randomUUID().toString();
			}
			if (developerPayload != null)
			{
				purchasePayload += ":" + developerPayload;
			}

So even I pass it null, you are generating a random string and compare it with what google returns, and since they return null, I never get past the error.

[murat-mehmet]

And to correct the misunderstanding, the react native lib is using this lib, I just mentioned the react native lib so if anyone else using it and having the same problem, now he knows hes not alone.

[autonomousapps]

@serggl is going to have to comment. I know he uses those strings to help identify the type of product being purchased later in the flow. Is there some way to uniquely identify products purchased with a promo code? Or do you think simply the absence of any payload would be sufficient?

Edit: I only mentioned react native because I wasn't sure if maybe it was adding some payload under the hood when it uses this lib.

[murat-mehmet]

Well I read here that validation should not be mandatory

Caution: Don't use the developerPayload field for security validation purposes. This field isn't always available when completing tasks related to In-app Billing. For more information about security best practices, see the In-app Billing Security and Design guide.

And I don't know any way to identify if purchase was made with a promo code. So I think payload validation should be optional for those who want to support promo codes.

[serggl]

well, we dont actually use it for security purposes, but I agree that the current (original) implementation it is now causing issues with promo codes.
So right now developer payload is used basically to do a proper caching when purchase is made. If we can distinguish between managed products / subscriptions in some other manner (maybe some unique keys in the resulting bundle) Im ok with removing this payload check.
Any volunteers for a research & PR here? 😉

[murat-mehmet]

Well you can keep generating that string, all I need is an option to skip validation

[serggl]

stay tuned, on the way

[serggl]

please try upgrading to 1.0.44

[murat-mehmet]

Could you verify that skipping only validation works for you with promo codes? Because I was also getting signature mismatch error, which I also had to skip...