google支付接口被刷以及解決方案 google支付查單

時間 2019-12-07

原文原文鏈接

google支付接口被刷以及解決方案 html

google支付回調驗證 android

Google支付問題

20150218，掛機的日本服務器出現google支付被刷單現象，雖然目前進行的修補，可是這個問題並無徹底從根源上解決。而且公司之前的GooglePlay支付也有不完善的地方，在SDK端給支付回調發送支付信息後，支付回調程序沒有調用Google API進行訂單驗證。所以Google支付流程須要進行完善。 web

Google支付解決方案

上面的支付問題，Google有本身的解決方案，就是根據訂單號去向Google API發送驗證申請，Google API會返回訂單相關信息。能夠根據這個信息和SDK返回的信息進行對比驗證。數據庫

對於申請Google帳號之類的流程，相信運營已經很清楚了，可是使用Google API還須要使用Google Developer Console建立Web Application帳戶，然後獲取到client_id、client_secret、refresh_token。具體流程見下面： json

1. 登錄 Google Developer Console ，地址：https://code.google.com/apis/console/ vim

2. 在APIs & auth 項中找到 Credentials ，點擊建立一個auth2.0 的web 應用 api

其中4的地址必定是可用域名 + /oauth2callback 服務器

建立完後，能夠得到，client_id, client_secret, redirect_url app

3. 獲取Authorization code dom

google中心在登錄狀態，打開新頁面輸入以下地址：

https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri={REDIRECT_URIS}&client_id={CLIENT_ID}

將藍色部分根據相應的值進行替換;

這時會提示你是否要受權，點擊受權，url地址欄會自動跳轉，以後會得到code例如：https://www.example.com/oauth2callback?code=4/CpVOd8CljO_gxTRE1M5jtwEFwf8gRD44vrmKNDi4GSS.kr-GHuseD-oZEnp6UADFXm0E0MD3FlAI

4. 利用code獲取refresh_token，這裏須要post請求

請求地址：https://accounts.google.com/o/oauth2/token

請求參數：code, client_id, client_secret, redirect_uri, grant_type

其中 grant_type 值爲 authorization_code

第一次發起請求獲得的JSON字符串以下所示，之後再請求將再也不出現refresh_token(長令牌,通常不會失效),須要保存好refresh_token,能夠存放到配置文件(或者寫到數據庫),以備後用。

expires_in是指access_token的時效，爲3600秒

{

"access_token": "ya29.3gC2jw5vm77YPkylq0H5sPJeJJDHX93Kq8qZHRJaMlknwJ85595eMogL300XKDOEI7zIsdeFEPY6zg",

"token_type": "Bearer",

"expires_in": 3600,

"refresh_token": "1/FbQD448CdDPfDEDpCy4gj_m3WDr_M0U5WupquXL_o"

}

在獲取到client_id、client_secret、refresh_token後，咱們的支付回調程序就可使用訂單號去請求Google Api進行驗證。

Google支付回調驗證流程

經過上一步獲取到client_id、client_secret、refresh_token以後，支付回調程序就能夠調用google api進行支付驗證。具體流程以下：

1. 獲取access_token。

請求地址：https://accounts.google.com/o/oauth2/token

請求方式：post

請求參數：client_id, client_secret, refresh_toke, grant_type

grant_type 值固定爲 refresh_token

返回：json

Using the refresh token

Each access token is only valid for a short time. Once the current access token expires, the server will need to use the refresh token to get a new one. To do this, send a POST request to https://accounts.google.com/o/oauth2/token with the following fields set:

grant_type=refresh_token
client_id=<the client ID token created in the APIs Console>
client_secret=<the client secret corresponding to the client ID>
refresh_token=<the refresh token from the previous step>

A successful response will contain another access token:

{
  "access_token" : "ya29.AHES3ZQ_MbZCwac9TBWIbjW5ilJkXvLTeSl530Na2",
  "token_type" : "Bearer",
  "expires_in" : 3600,
}

The refresh token thus allows a web server continual access to the API without requiring an active login to a Google account.

2. 經過得到access_token 就能夠請求谷歌的 API 接口，得到訂單狀態

在這裏我所須要獲取的是我在應用內給GooglePlay支付的購買信息，此類信息包含如下幾個屬性：（可參考Google Play Developer API下的Purchases.products）

A ProductPurchase resource indicates the status of a user's inapp product purchase.

請求接口:https://www.googleapis.com/androidpublisher/v2/applications/packageName/purchases/products/productId/tokens/purchaseToken?access_token=access_token


packageName	The package name of the application the inapp product was sold in (for example, 'com.some.thing').
productId	The inapp product SKU (for example, 'com.some.thing.inapp1').
purchaseToken	The token provided to the user's device when the inapp product was purchased. 就是訂單中purchaseToken

返回數據

{
  "kind": "androidpublisher#productPurchase",
  "purchaseTimeMillis": long,
  "purchaseState": integer,
  "consumptionState": integer,
  "developerPayload": string
}

consumptionState	integer	The consumption state of the inapp product. Possible values are: 0:Yet to be consumed 1:Consumed
developerPayload	string	A developer-specified string that contains supplemental information about an order.
kind	string	This kind represents an inappPurchase object in the androidpublisher service.
purchaseState	integer	The purchase state of the order. Possible values are: 0:Purchased 1:Cancelled 咱們就是依靠這個判斷購買信息
purchaseTimeMillis	long	The time the product was purchased, in milliseconds since the epoch (Jan 1, 1970).

到此支付驗證完成!

參考文檔：

http://blog.csdn.net/hjun01/article/details/42032841

http://www.vimer.cn/2014/04/google%E6%94%AF%E4%BB%98%E6%8E%A5%E5%8F%A3%E8%A2%AB%E5%88%B7%E4%BB%A5%E5%8F%8A%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88.html

調用接口遇到的幾個問題:

1. Access Not Configured.

{

"error": {

"errors": [

{

"domain": "usageLimits",

"reason": "accessNotConfigured",

"message": "Access Not Configured. The API(Google Play Android Developer API)is not enabled for you project.Please use Google Developers Console to update your configuration."

}

"code": 403,

"message": "Access Not Configured. The API(Google Play Android Developer API)is not enabled for you project.Please use Google Developers Console to update your configuration."

}

在這個頁面: https://console.developers.google.com

Google Developer Console

1. "Google Developer Console" > "APIs & Auth" subcategory "APIs" > (api list) "Google Play Android Developer API". Set "STATUS" to "ON".

2. "APIs & auth" subcategory "Credentials" > "Create new Client ID". Choose "Service account" and create the id.

3. You should get a P12 key from the browser.

問題2: projectNotLinked

{
    "error": {
        "errors": [
            {
                "domain": "androidpublisher",
                "reason": "projectNotLinked",
                "message": "The project id used to call the Google Play Developer API has not been linked in the Google Play Developer Console."
            }
        ],
        "code": 403,
        "message": "The project id used to call the Google Play Developer API has not been linked in the Google Play Developer Console."
    }
}