How To Get User Information In Google Wallet

We want to be able to associate app users with real transactions done.The problem is that we have the user’s email address on application back end side, and we track user purchas

Solution 1:

I thought the answer would lie in the postback facility. That gives google's user ID and order number. However, I didn't see how to convert either of those to an email address for sending the digital good just purchased.

BTW. I rejected doing the fulfilment client side as that seemed insecure. If I'm wrong about that then why would they offer the postback facility?

... then I realised, we could do part of it client and part server side.

I guessed that something comes back from the client-side success callback.

   success: function(result) {
      console.log('success',result.response.orderId);
      complete(result.response.orderId);
    },

So, I now have the google's orderId on the client side and there I know the user's ID. So my complete() function can send the orderId and our userId to the server which can then match this with successful payment orderId from the postback (which happens first) and fulfil the order.

Yes, this is inelegant, but I believe it to be a secure solution.

Maybe slightly more elegant is to use the [sellerData] property in the submission payload to contain our user ID and order ref. We then have more items to match after the success callback has happened. I think I'll hold off delivering the digital good until all those checks have been completed.

What I do not understand is why cannot this kind of suggestion (or a better one) be found in the wallet tutorial?

Paul

Solution 2:

My answer here refers to the previous answer provided:

1. Totally agree on "why cannot this kind of suggestion (or a better one) be found in the wallet tutorial?".

2. Your suggested solution does not seem to be very secured (to say the least). You want the client to send you their username/email/client-id in the Success callback... This means that anyone will be able to send you their ID, even if they did not make a purchase. They can add a random order-ID and hope to get a match (and then repeat the process many times in order to increase the chances).

3. My guess is that the username/email/client-id lies somewhere in the request object sent from Google to the postback URL (your server's doPost routine). But I have the feeling that you need to add something in the JWT generated in your Purchase function before it is passed to the google.payments.inapp.buy routine.

4. Looking for an answer myself...

5. Here is a possible solution, although I have not yet tested it myself:

Download the 'zip' file from: https://code.google.com/p/wallet-online-quickstart-java/downloads/list

Take the entire 'com' folder and add it to your project source folder (sorry, I have not been able to find a JAR for this package). Then, add the following code to your servlet:

...

import com.google.wallet.online.jwt.JwtResponseContainer;

import com.google.wallet.online.jwt.util.JwtGenerator;

import com.google.wallet.online.jwt.JwtResponse;

...

public void doPost(HttpServletRequest request, HttpServletResponse response) ...

{

    try

    {

        String maskedWalletJwt = request.getParameter("maskedWalletJwt");

        JwtResponseContainer jwtResponseContainer = JwtGenerator.jwtToJava(JwtResponseContainer.class, maskedWalletJwt, SellerSecret);

        JwtResponse jwtResponse = jwtResponseContainer.getResponse();

        String email = jwtResponse.getEmail();

        ...

    }

}

One thing I'm not so sure about, is request.getParameter("maskedWalletJwt").

You might have to add this parameter when calling the google.payments.inapp.buy routine.