Validating iOS receipts for paid apps with no in-app purchases.

[runloop]

I understand this is called in-app-purchase and is used for validating in-app purchases, but is there a good reason why it cannot also be used to validate receipts of paid apps without in-app purchases also?

Currently when I try this I just get the follow 'error': {"error":{},"status":2,"message":"The receipt is valid, but purchased nothing."}

I went through the code and found that this is related to the following code: https://github.com/voltrue2/in-app-purchase/blob/feaf5639971e48c8e71ec580c168507f4ba4a445/lib/apple.js#L377-L390

Why does this library need to return this error message rather than just pass back the receipt with an empty in_app array? Surely if you are using this you are checking the in_app array for your product to verify this anyway.

If you did return the receipt data back with an empty in_app array it would still be possible for users of paid apps to verify their receipts as well.

Or maybe we could opt-in to receiving these receipts in the config if you are that worried about this issue.

[voltrue2]

Hello

That logic is there so that “faked” receipts can be detected and rejected. There are people who use receipts with an empty in_app array to try to pass by the validation. I suppose we could add an option to switch this check off.

Cheers

[runloop]

That would be really great. I forked the repo and added this myself for the time being and it works great.

[triplef]

I found a workaround for this as outlined here: https://github.com/voltrue2/in-app-purchase/issues/299#issuecomment-578773302

You can use this to catch the error and check for the following in the error hander: error.validatedData && error.validatedData.status == 2 /* VALIDATION.POSSIBLE_HACK */

If this is the case the receipt was valid, but contained no in-app purchases.