Android subscription and Google API

Question

I'm trying to use the new Android subscription system from Google Play into my application (I already had in-app billing working fine). I have successfully done the subscription billing, but I now want to retrieve informations about this subscription by using the google apis as indicated in the android documentation (http://developer.android.com/guide/market/billing/billing_subscriptions.html).

I want my service to be able to do the API call to retrieve these informations, but I have problems with authentication (with oauth2). So far, this is what I do (in my php service) :

require_once 'google-api-php-client/src/apiClient.php'

const SERVICE_ACCOUNT_NAME = 'email from services account access';
$key = 'content of my private key retrieved from services account access';    

$client = new apiClient();
$cred = new apiAssertionCredentials(SERVICE_ACCOUNT_NAME, array('https://www.googleapis.com/auth/androidpublisher'), $key);
$assertion = $cred->generateAssertion(); // This generate my encrypted JWT

I then try to retrieve the access token with this JWT object. The problem is that when I use the access token given I got the error that the developer account does not own the application, which is not true.

(I know this is not the way to do it, but I just wanted to retrieve the access_token using the JWT to understand why it is not working, if I do it as indicated in the google apis documentation it is not working too).

I need to do this API call from a server, so no end-user has to be involved (no manual consent).

Answer 1

I had the same issue, and ultimately discovered that as of right now service accounts can not access the Play API.

I'm not sure when Google is planning on fixing this but you can get around this by creating a web app client ID and setting up a basic login page to first generate a code using the new web app Client data and going to $client->createAuthUrl():

$client = new apiClient();

$key = file_get_contents(KEY_FILE);
$client->setClientId(CLIENT_ID);
$client->setClientSecret(CLIENT_SECRET);
$client->setRedirectUri(MY_WEBAPP_URL);
$client->setDeveloperKey($key);
$client->setScopes(array('https://www.googleapis.com/auth/androidpublisher'));

$authUrl = $client->createAuthUrl();
print "<a class='login' href='$authUrl'>Connect Me!</a>";

This should take you to a Google login page where you should log in with the developer account. When you authorize the app, it will take you back to your web app URL as defined when you set up the client ID with a CODE as a get parameter. You can use to generate a token (and more importantly, a refresh token) like so:

$url = 'https://accounts.google.com/o/oauth2/token';

$fields = array(
    'grant_type'=>'authorization_code',
    'code'=>$code,
    'client_id'=>CLIENT_ID,
    'client_secret'=>CLIENT_SECRET,
    'redirect_uri'=>MY_WEBAPP_URL
);

// cURL call to OAuth URL with $fields sent as POST

This should return you JSON data with a refresh token. Save this token and use it to make another call whenever you need to generate an access token. You will essentially run the same code you did to get the refresh token, but with different fields:

$fields = array(
    'grant_type'=>'refresh_token',
    'refresh_token'=>$refresh_token,
    'client_id'=>CLIENT_ID,
    'client_secret'=>CLIENT_SECRET,
);

This will give you an access token you can use to get purchase data from the following URL: https://www.googleapis.com/androidpublisher/v1/applications/[PACKAGE]/subscriptions/[SKU]/purchases/[PURCHASE_TOKEN]?access_token=[ACCESS_TOKEN]

The trick is getting the refresh token, once you have that the rest should be pretty straightforward.

Answer 2

I`ve got the same problem. It occurs because you authorize user in Google API who does not own the application and try to get data which belows to your app.

In this topic it is well described. http://support.google.com/googleplay/android-developer/bin/answer.py?hl=en&answer=2528691&topic=16285&ctx=topic

You should authorize by OAuth2 the owner of application, and then use Google API with obtained token.