[Bug] Check parsed JSON receipt if it contains the purchaseToken field for Google Play

[emersonhsieh]

Currently, to determine if the platform type of the receipt is Google Play, there are two cases:

• If the receipt passed into iap.validate is an object, then the code checks if receipt.signature or receipt.purchaseToken exists.
• If the receipt passed into iap.validate is a string, then the code first parses the receipt into an object (called parsed), then it is supposed to check if parsed.signature or parsed.purchaseToken exists.

However, for the second condition the code never checks parsed.purchaseToken, instead checking whether receipt.purchaseToken exists twice.

As a result, when a Google Play receipt string that uses service account for validation is passed into iap.validate, the package interprets it as an Amazon receipt since the receipt will not contain parsed.signature. It only contains parsed.purchaseToken, which is never checked.

[nwparker]

Also ran into this, please consider merging

[dylangolow]

I also ran into this, please merge!

[timeisgolden]

Hello, I used google play service to validate receipt, but I got the following error.
https://appstore-sdk.amazon.com/version/2.0/verify/developer/%7BdeveloperSecret%7D/user/ undefined /purchaseToken/ undefined

{"error":{},"status":498,"message":"Invalid Purchase Token"}
the code I did is the below.
const receipt = {
"purchaseToken":"...",
"packageName":"...",
"subscription":false,
"productId":"..."
}
const item: any = await iap.validate(JSON.stringify(receipt));
I got the receipt from google,
it's weird, why I got invalid purchase token,
plz help me.
Thanks and best regards

[dylangolow]

Just so anyone following this sees, I was able to get around this by using the client email and private key option for google instead without any errors. Of course, it would still be nice to use a public key instead of this option, and the docs don't necessarily guide anyone to do this, but it works!

[timeisgolden]

Just so anyone following this sees, I was able to get around this by using the client email and private key option for google instead without any errors. Of course, it would still be nice to use a public key instead of this option, and the docs don't necessarily guide anyone to do this, but it works!

Thanks for your reply, I solved the problem by removing JSON.stringify().
this was my fault to add JSON.stringify() in iap.validate().
That worked for now.
Best Regards