search

apple / app-store-server-library-python

MIT License
169 stars 32 forks source link

Why Raise INVALID_APP_IDENTIFIER? #113

Open big-c-note opened 1 day ago

big-c-note commented 1 day ago

The line under concern for this issue is: https://github.com/apple/app-store-server-library-python/blob/1202058ddf4eac67c66f3947827e042e9ae6eee1/appstoreserverlibrary/signed_data_verifier.py#L72C1-L73C83

The signed data verifier raises VerificationStatus.INVALID_APP_IDENTIFIER if the decoded transaction bundle id is not equal to the signed verifier bundle id.

Why raise this error? There are legitimate edge cases where we have No bundle id in the api response for that transaction id.

Does it make sense to allow None bundle id response?

big-c-note commented 1 day ago

I would add a flag to say whether to be explicit on this or not. Because I would prefer the data even when the bundleId is None

big-c-note commented 1 day ago

114 As an example, if you like this or want to pass a flag, let me know and I can submit a PR

alexanderjordanbaker commented 1 day ago

There are legitimate edge cases where we have No bundle id in the api response for that transaction id.

Could you provide more info on these cases? There are no legitimate cases I am aware of

big-c-note commented 1 day ago

Hey @alexanderjordanbaker

I'm not speaking as if I know the reasons why the api can return a response without a bundleId

What I am saying is that we have about a one in a million edge case where I receive this error and the bundleId is None.

I look at the transactions and I personally would prefer having the data, even when the bundleId is None.

I don't see why this would raise any concern. The transaction looks legitimate otherwise, and I suppose a rare bug on Apple side?

big-c-note commented 1 day ago

Is there any particular reason to throw that error when that data exists?

alexanderjordanbaker commented 1 day ago

@big-c-note If you have a recent example of that, would love to see it, could you file a ticket in Feedback Assistant (feedbackassistant.apple.com) and post the FB number here please

big-c-note commented 1 day ago

These are old orders @alexanderjordanbaker

But happy to share. Can you help me to know what is a FB number?

big-c-note commented 1 day ago

Oh disregard a feedback assistant number. Got it, will do tomorrow. Appreciate the curiosity!

big-c-note commented 22 hours ago

@alexanderjordanbaker FB16031317 (Some responses from transaction history v2 do not have a bundleId (set to None) )

Thank you

Also wanted to mention, I really like how the library is coded up, I've been taking notes! Learned a couple nice things about typing api responses

big-c-note commented 22 hours ago

That is not public correct?