Enabling in-app purchase in linphone-android

The linphone-android application has a "hidden" feature of in-app purchases to typically buy a telephony service for a period of time.

By hidden, it is meant that these features are hidden by default, and can be enabled by a developer by configuring a few things in the source code and in developer console.

On the Android application

Add the following to your AndroidManifext.xml file.

<uses-permission android:name="com.android.vending.BILLING" />

On the Android developer console

Compile an apk for your application for release and upload it on the Android developer console (we recommend you upload it as beta until all the setup process is done).

Now that the console recognize that you want to do in app purchase in your application, you can create your products (see the documentation for information on how to do it).

Finally go the Services and API page and note somewhere the public key generated by Google for your application.

To set up developer accounts to test the in app purchases without paying them, go to Settings -> API Access page and add the gmail accounts that are used on your test devices. Note that you can't use the gmail account used to publish the application as a test account.

On the Google developer console

The next step consists to get the authorization to make requests to Google in order to validate the data received by the application when the user will make the purchase.

First you need to create a project in the API console.

Then on the left side, go to the API section and enable the Google Play Android Developer API.

Go to the Credentials section (under API and auth), and click on create new client id. You will be asked you to choose between three types of account. Choose "Installed application" and "Other" as app type. Note the client id and the client secret, we'll need them later.

Open in a new tab of your browser this url:

https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client_id=

Don't forget to replace the "..." by your newly created client id.

Click accept when prompted and note the token displayed. Then create a php script on your server with the following code:

<?php

function get_google_access_token($code, $client_id, $client_secret) {
        $url = 'https://accounts.google.com/o/oauth2/token';
        $ch = curl_init($url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_FAILONERROR, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
        curl_setopt($ch, CURLOPT_HTTPHEADER, array(
                        'Content-Type: application/x-www-form-urlencoded'
        ));
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
                        'grant_type' => 'authorization_code',
                        'code' => $code,
                        'client_id' => $client_id,
                        'client_secret' => $client_secret,
                        'redirect_uri' => 'urn:ietf:wg:oauth:2.0:oob',
        )));
    $result = curl_exec($ch);
        curl_close($ch);
        return $result;
}

$code = "";
$client_id = "";
$client_secret = "";
echo get_google_access_token($code, $client_id, $client_secret);

?>

Fill the code, client_id and client_secret with the correct values and execute the script. It should display on the console something like:

{
  "access_token" : "ya29.eAEDQeqII_RAKC4c3hxjP4X39NYa0Pi8qo06IkjG0TnX6X5pVr5puWH3b_9c49HHKUCcDN95Yy2-KA",
  "token_type" : "Bearer",
  "expires_in" : 3600,
  "refresh_token" : "1/qwT6HcQu9rUd7VfhJOhAjEInf3tr8CA0T7n2Wx_h-6YMEudVrK5jSpoR30zcRFq6"
}

Keep somewhere the refresh token, you will need it in the next step.

Or you may just use the dedicated function contained in the xmlrpc.php (xmlrpc-inapp.php) file. 

function get_google_access_refresh_token($code, $client_id, $client_secret) {}

The function get_google_access_refresh_token() will call the previous request and display the same result into the logs (inapp.log). 

It takes three parameters :

- the code resulting from the previous google console request.

- client_id 

- client_secret

These parameters are (normaly) already setted int the function, only the code requires to be updated.

 The call to this function is already inserted into the code as coments around lines 117-118. Just uncomments it and change mToken value:

//$mToken = '4/K0Ys7Ib8iQhkqzIcWs7Iu8GzLOnfroM9YGkjMePi0wA';
//mylog("[GOOGLE] Access token = ". get_google_access_refresh_token($mToken ,GOOGLE_PROJECT_ID ,GOOGLE_PROJECT_PASSWORD ) );

On the Android developer console (again)

Return on the Android developer console, and in the API access section, click on the Link button next to the project you created.

On the server

Create a new php script with the following code:

<?php

function format_pem_certificate($base64) {
        return wordwrap($base64, 64, "\r\n", true);
}

$base64 = "";
echo format_pem_certificate($base64);

?>

Fill the base64 variable with the public key given by google on the android developer console and execute the script. Copy the result (formatted with line breaks) and create a file named google.pem:

-----BEGIN PUBLIC KEY-----
insert here the formatted pem certificate given by the previous script
-----END PUBLIC KEY-----

Then create a file named google.auth with the following:

{
  "id" : "the client id you created in the API console",
  "secret" : "the client secret associated with the client id",
  "refresh" : "the refresh token you got in the previous step"
}

We strongly recommend this files are protected from being written and read by any other user than the owner (which as to be the same user that runs the web server), and that the file can't be accessed by internet (using a .htaccess file for example).

Finally edit the inapp.php script to change the ANDROID_PACKAGE define to match the package name of your application.

 

Tags:
Created by Brieuc VIEL on 2017/04/26 12:06