0

We'd like to use google's subscription in our app.
Currently I can buy and check subscription status on the client. Is there way how can we check subscription status on our php backend?

On backend we have:

  • public license key
  • product id(sku)
  • purchase token
undefined
  • 623
  • 7
  • 27

1 Answers1

4

Yes. You can check the subscription status by sending a request with the purchase token from your server (php in your case) to the play store api. You can check the expiryTimeMillis field in the server response and see if the purchase has expired or not. Also check this answer - https://stackoverflow.com/a/34005001/4250161

Here is an example how to get the purchase expire date in php:

$ch = curl_init();
$TOKEN_URL = "https://accounts.google.com/o/oauth2/token";
$VALIDATE_URL = "https://www.googleapis.com/androidpublisher/v3/applications/".
    $appid."/purchases/subscriptions/".
    $productID."/tokens/".$purchaseToken;

$input_fields = 'refresh_token='.$refreshToken.
    '&client_secret='.$clientSecret.
    '&client_id='.$clientID.
    '&redirect_uri='.$redirectUri.
    '&grant_type=refresh_token';

//Request to google oauth for authentication
curl_setopt($ch, CURLOPT_URL, $TOKEN_URL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $input_fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$result = curl_exec($ch);
$result = json_decode($result, true);

if (!$result || !$result["access_token"]) {
 //error   
 return;
}

//request to play store with the access token from the authentication request
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$VALIDATE_URL."?access_token=".$result["access_token"]);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$result = json_decode($result, true);

if (!$result || $result["error"] != null) {
    //error
    return;
}

$expireTime = date('Y-m-d H:i:s', $result["expiryTimeMillis"]/1000. - date("Z")); 
//You get the purchase expire time, for example 2017-02-22 09:16:42

Where:

little
  • 2,927
  • 2
  • 25
  • 36
  • Yeah I saw this.The key problem here is how to pass oauth2 authorization. In the php api-client-library spec it is stated: `2. Authorized API access (OAuth 2.0) These API calls access private user data. Before you can call them, the user that has access to the private data must grant your application access. Therefore, your application must be authenticated, the user must grant access for your application, and the user must be authenticated in order to grant that access.` I don't understand how user can give access to his user data to our server.Do I have to call something from client? – undefined Feb 02 '17 at 10:52
  • You are quoting from https://developers.google.com/api-client-library/php/start/get_started. – little Feb 03 '17 at 08:44
  • You are quoting from https://developers.google.com/api-client-library/php/start/get_started. You just need to refresh the access token on each request all the rest - refreshToken, clientId and clientSecret are the constant and not specific for a user. You need to get them once. The terminology is a bit confusing, in that doc the client is actually your server, that is the client that queries the OAuth. They are not talking about your application. – little Feb 03 '17 at 08:55
  • 1
    Yeah we managed to receive subscription status from backend side.Thanks! BTW:Is there explanation why google doesn't notify client side with subscription expiration date(there is only purchase date)? – undefined Feb 04 '17 at 15:40
  • Not that I know of. The application should just query the play api for all active subscriptions when the app starts/on login. See http://stackoverflow.com/a/34506751. – little Feb 04 '17 at 18:29
  • Check this answer https://stackoverflow.com/questions/35127086/android-inapp-purchase-receipt-validation-google-play/46582347#46582347 – MingalevME Oct 05 '17 at 09:41
  • Can you pls define how you get this ```$input_fields = 'refresh_token='.$refreshToken``` – Bhatt Akshay Sep 16 '20 at 09:31
  • Thanks! I updated the answer, see https://developers.google.com/identity/protocols/oauth2#installed – little Sep 20 '20 at 17:54