We want to use Google Play subscriptions in our app. As part of that we want to perform purchase validation with Google servers. However, when we try to access their server using an authentication token we get authError from Google Server. We try to make a request using a service account credentials. Unfortunately, we could not find any solid reference on this subject. Could anyone share how they use jwt to produce a correctly formatted request to Google server?
We’ve been trying to follow the example Google provided at the end of their page here: https://developers.google.com/identity/protocols/oauth2/service-account#python_2
Hello Rune7,
I have not done any “google play subscriptions purchase validation” nor calling “google play api”. Below is in the context of using google service account (without OAuth) to calling “google drive api” as a shared network storage. But I suppose they can be quite similar in generating the JWT token and requesting for the “access token”.
The “luajwt” at, https://github.com/x25/luajwt, as mentioned in a related post, How can we use Json Web Token (JWT)?, is a good starting point. What needs to be done is the following,
(1) adapt and localise the above to using Solar2D standard library and plugin.
(2) extend it to incorporate google specific requirement on JWT. In particular, google uses “alg” = “RS256”, which is RSA signature with SHA256.
For “RS256”, I use Solar2D plugin “openssl”. Please see https://docs.coronalabs.com/plugin/openssl/index.html and https://github.com/coronalabs/plugins-sample-openssl for details.
(3) test and verify the generated JWT token, before submitting to google server.
I use the “debugger” on https://jwt.io/ to verify the integrity of the generated JWT token. Its sister site https://auth0.com/learn/json-web-tokens/ has many detailed documentation on JWT.
All the best!
Just to clarify on step (3) above.
-
You do not want to use your actual keys from your google service account for the testing and verification of JWT token generation on https://jwt.io/.
-
On https://jwt.io/, it provides a test key-pair when you select “RS256”. Or alternatively, you can see Solar2D “openssl” to generate your own test key-pair.
-
I use the “debugger” on https://jwt.io/ to verify the integrity of the generated JWT token to confirm my codes.
-
Once it is confirmed, you change it to using your actual service account keys before submission to google.
Lastly, google does provide detailed steps and specific detailed requirement on JWT token, on their “OAuth 2.0” as well as respective “google api” sites. Please check them out accordingly.
All the best!
Hi @luantiang,
Thanks for the tips. We went over Google documentation but we couldn’t get it to work. perhaps some small thing we missed. We will go over your input and try to identify the issue. I think it may be related to how we tried to adapt it to solar2D libraries. perhaps we’re using a wrong lib.
Though I have not used the plugin below before, it may be another possible alternative solution for you to explore if you have not already done so.
This plugin, wrapped around the google SDK, provides a “sign-in” function via OAuth2.
Scott’s Google Sign-In Plugin
Scott’s Google Sign-In Plugin - Documentation