Open runloop opened 5 years ago
Hello
That logic is there so that “faked” receipts can be detected and rejected. There are people who use receipts with an empty in_app array to try to pass by the validation. I suppose we could add an option to switch this check off.
Cheers
That would be really great. I forked the repo and added this myself for the time being and it works great.
I found a workaround for this as outlined here: https://github.com/voltrue2/in-app-purchase/issues/299#issuecomment-578773302
You can use this to catch the error and check for the following in the error hander:
error.validatedData && error.validatedData.status == 2 /* VALIDATION.POSSIBLE_HACK */
If this is the case the receipt was valid, but contained no in-app purchases.
I understand this is called in-app-purchase and is used for validating in-app purchases, but is there a good reason why it cannot also be used to validate receipts of paid apps without in-app purchases also?
Currently when I try this I just get the follow 'error':
{"error":{},"status":2,"message":"The receipt is valid, but purchased nothing."}
I went through the code and found that this is related to the following code: https://github.com/voltrue2/in-app-purchase/blob/feaf5639971e48c8e71ec580c168507f4ba4a445/lib/apple.js#L377-L390
Why does this library need to return this error message rather than just pass back the receipt with an empty
in_app
array? Surely if you are using this you are checking thein_app
array for your product to verify this anyway.If you did return the receipt data back with an empty
in_app
array it would still be possible for users of paid apps to verify their receipts as well.Or maybe we could opt-in to receiving these receipts in the config if you are that worried about this issue.