Hello Rune7,
I have not done any “google play subscriptions purchase validation” nor calling “google play api”. Below is in the context of using google service account (without OAuth) to calling “google drive api” as a shared network storage. But I suppose they can be quite similar in generating the JWT token and requesting for the “access token”.
The “luajwt” at, https://github.com/x25/luajwt, as mentioned in a related post, How can we use Json Web Token (JWT)? - #9 by akao, is a good starting point. What needs to be done is the following,
(1) adapt and localise the above to using Solar2D standard library and plugin.
(2) extend it to incorporate google specific requirement on JWT. In particular, google uses “alg” = “RS256”, which is RSA signature with SHA256.
For “RS256”, I use Solar2D plugin “openssl”. Please see https://docs.coronalabs.com/plugin/openssl/index.html and https://github.com/coronalabs/plugins-sample-openssl for details.
(3) test and verify the generated JWT token, before submitting to google server.
I use the “debugger” on https://jwt.io/ to verify the integrity of the generated JWT token. Its sister site https://auth0.com/learn/json-web-tokens/ has many detailed documentation on JWT.
All the best!