Improve documentation for content of GOOGLE_SERVICE_ACCOUNT_KEY_FILE

Question

Improve documentation for content of GOOGLE_SERVICE_ACCOUNT_KEY_FILE

schumannd opened this issue 6 years ago · 3 comments

I think for any inexperienced user this would be a first question. What goes in this variable, and where do I get it?

Docs should at least link to here and here, but better explain the exact steps

Answer 1 · 2018-12-24T23:29:51.000Z

@schumannd did you look further into it?

for me it has been a while doing IAP and previously did PHP :P :P. For this new project I've until now succesfully implemented the IOS part and had to fresh up my mind about Android so this is what I found through re-researching which can be helpful (but needs verification) as I will only start implementation in left over hours these Xmas days :)

GOOGLE_BUNDLE_ID = the app package name (normally reversed domain eg: org.example.app).

GOOGLE_SERVICE_ACCOUNT_KEY_FILE = the Json Web Token file containing a private key which authorises access to a so called "service account" to your Google Play Developer Console / specifically the scope: https://www.googleapis.com/auth/androidpublisher which will be used to verify the purchase / get the purchase state of a product by submitting the so-called "purchaseToken" and "product_sku/bundlename"

First step is to "link" a so-called "Google API project" to your Google Play Developer Console. A Google API Project is just an "entity" for accessing API's in Google. You can do this by going to the Google Play Developer Console when navigating to: Settings > Developer Account > API Access > Link Project

Final step is to obtain a Google Service Account Key File which the python library needs. The GSAK is a Service User which is attached to the "Google Api project"-entity and thus gets rights to access your developer console and verify IAPs.

Obtaining this Google Service Account is explained on the same page but under: "Service Accounts":

Service accounts allow access to the Google Play Developer Publishing API on behalf of an application rather than an end user.

Create Service Account

Navigate to the Google API Console.

Click 'Create Service Account'.

Fill in the details for the service account and click 'Create'.

At this point, you will have the option to create a private key. The private key is downloaded to your machine and is the only copy of this key. You must keep the private key secure, it will be needed by your application to make API calls using your service account.

Click "Done" below and ensure the new service account appears in the list.

Then also I read elsewhere that you need to add this new "service worker"-email-address formatted user to the Google Play Developer users & roles, specifically with the role of reading "financial data".

Many more on: https://stackoverflow.com/a/35138885

Answer 2 · 2019-02-20T08:31:11.000Z

@roelandp I've followed all the steps on your answer and on the StackOverflow link. I'm sure my account is linked in the Google Play Console, but I'm always getting the following error:

'The project id used to call the Google Play Developer API has not been linked in the Google Play Developer Console.'

Already found this https://stackoverflow.com/questions/25481207/error-the-project-id-used-to-call-the-google-play-developer-api-has-not-been-l
But I'm not understanding what I'm missing, already tried to also create a new product in the console. Any idea?

Thanks for your help!

EDIT: After some time the product was created in the Google Play Console, the SDK started working correctly. So I think it's really important to create a new product after you linked the project!
Probably we'd write it in the README

Answer 3 · 2022-08-03T11:59:59.000Z

@roelandp , can you show example how to use "GOOGLE_SERVICE_ACCOUNT_KEY_FILE",

for example on this:
5. Google Play verification (with result)
Alternative to .verify method, instead of raising an error result class will be returned.

from inapppy import GooglePlayVerifier, errors

https://github.com/dotpot/InAppPy


def google_validator(receipt):
    """
    Accepts receipt, validates in Google.
    """
    purchase_token = receipt['purchaseToken']
    product_sku = receipt['productId']
    verifier = GooglePlayVerifier(
        GOOGLE_BUNDLE_ID,
        GOOGLE_SERVICE_ACCOUNT_KEY_FILE,
    )
    response = {'valid': False, 'transactions': []}

    result = verifier.verify_with_result(
        purchase_token,
        product_sku,
        is_subscription=True
    )

    # result contains data
    raw_response = result.raw_response
    is_canceled = result.is_canceled
    is_expired = result.is_expired

    return result

i can't understand how to put my .json file here, or to put it as a dict?

this is my credentials.json for example, i've changed few symbols on it

{
    "installed": {
        "client_id": "614350752554-7dhtoo2djqsh8vd3d5qua2l5p877uv4e.apps.googleusercontent.com",
        "project_id": "second-pr-hef2d",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_secret": "GOCJPX-XrMf19JgouVyiTW5sE5fGLU0HLdZ",
        "redirect_uris": ["http://localhost"]
    }
}