Saturday, September 28, 2013

[android-developers] Re: InApp Billing v3 and multiple accounts

As others mentioned, IAB is limited to the primary Google account. Users that need truly separated user accounts will use the multi-user accounts options on Jelly Bean tablets, so their primary Google accounts will be different. This isn't confusing: when you make a purchase with a Google account, it is tied to that account. If your web app/service has its own user account system, tie that transaction to that user account at purchase time or later on when that Google user makes an account. Your app and webapp should provide a way to view the IAPs for accounts so the user knows what they have purchased.

On Thursday, September 26, 2013 6:20:30 AM UTC-4, Alexander Osmanov wrote:
Hello,

  I'm having a hard time with figuring out the right way to approach handling in app purchases for users with multiple accounts. I am using Appengine Endpoints to implement my server side API. This API returns some data to my users. As soon as user purchases a certain product API will return additional data. I want to make it more secure by enabling OAuth authentication to my endpoints. So as soon as user purchases something it is verified and remembered on a server. Thus my API endpoint will always know what data to return to a particular user.

But what should I do if a user has more than one account? I couldn't find the way how to obtain account the app uses for IAP (according to documentation it's the account used to download the app). So I either have to blindly pick first account or let user pick an account. But what if they pick another account and all their purchases would go to a different account? This creates a lot of problems. For instance if user has only one account on another device it will either not have server side info available or will not have Google Play recognizing as a buyer. Basically we will end up with two sources of info - Google Play and my server possibly conflicting with each other because of accounts. 

What makes problem even harder is that I don't want to force users logging in using their account as this really doesn't add much value to app at the moment. But at the same I want to avoid just sending purchased flag to my API based on some my local data (which can be compromised).

What is the appropriate strategy for handling this I would say quite common situation? If only there was a way to know for sure which account the app used for purchases, all my problems would be gone.

Thanks,
Alex.

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups "Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

No comments:

Post a Comment