I am using imdhemy/laravel-in-app-purchases plugin to manage mobile purchases from Google and Apple. I configured Google ok and I'm handling purchase events correctly.
But with apple subscriptions (renewable subscriptions) I can verify purchases, but I can't make the events listeners to work.
This is what I have working so far:
I can get a purchase from the mobile device and verify the receipt.
I can store the purchase identifier in my database.
I configured apple's push notification endpoint both for production and sandbox
My specific problem is:
the route /purchases/subscriptions/apple is expecting unified_receipt, unified_receipt.latest_receipt, unified_receipt.latest_receipt_info and notification_type.
but apple is sending Post: "{\x22signedPayload\x22:\x22eyJhbGciOiJFUzI1N...., if I'm not wrong, that is a JWT token, but in the library documentation, there is no information regarding JWT token.
That produces a 422 error from laravel's side, as it expects fields not sent by Apple.
Is there some extra configuration or step that I'm missing?
Thanks!
If you are switch to Notification version 1 you will find all data. Version 2 send only jwt token
If someone comes across this issue, the solution I found was to decrypt the JWT manually and skip all the custom events.
Related
I have a Slack bot that is working fine and interacting with users. I'm using Bot Framework composer and the Slack Adapter.
In the Slack API portal I'm trying to change the Events Request Url the app uses to send Slack Events to my bot.
When I do that, slack sends a challenge request to my bot. The bot first tries to verify that the request is really coming from Slack following: https://api.slack.com/authentication/verifying-requests-from-slack#a_recipe_for_security
The problem is that this is failing and I can't understand why.
I see that Slack is sending all the right content, and that the ClientSigningSecret is being read, otherwise the other calls to the bot wouldn't work.
I know it's a bit far fetched to ask this since it seems to be a problem on my side. But since the bot is validating the requests just fine when users talk to the bot, and the code is from the Slack Adapter which is open source and there's nothing else I can thing of..... maybe someone struggled with the same problem.
I created a support ticket to Slack and they came back pretty quickly.
Pre publish state
Before publishing a Slack app the only configs that exist are the ones you see in the App configuration page. Those are what you use to test your app, this includes the secrets to authenticate the incoming messages from Slack into your backend.
After you publish your Slack App for the first time
Once your app is published, the production version that your users use will see the original settings, including the secrets and these are the ones your backend will get.
The settings you see in the configuration page are like development mode and they won't be persisted into the published app until you request Slack to approve your changes. That's sounds great and is what one would expect, but what you don't see and have no way of imagining is happening is that there are some development time secrets that are different from the ones you see on the settings screen.
When you change the endpoint url to be sent to your backend so that it can return the challenge and Slack would accept the new url, the message payload goes with this development secret and not the one you configured your backend with. Thus your backend will reject the call since it thinks it's not coming from Slack.
Proposed solution from Slack
Don't validate the signature of the incoming request for this type of call in an already published app. I don't like it but there was no other workaround unless Slack changes this. So what I did was:
Remove that check only for this request from the backend and publish to production.
Make the url change in Slack.
Revert the change from the backend.
:(
I have a react native app and using react-native-iap library to communicate with Apple/Google server to buy the subscriptions. The subscription got successful and it returns a transaction as well but when I try to use that receipt to validate in in-app-purchase library, it returns with cancelReason: 1. I don't know what's happening but as per the Google Play cancelReason:1 means, "Subscription was canceled by the system, for example because of a billing problem"
Below is the real purchase I tried with my app. I have added the amount to buy it from the prod app which uploaded on internal testing. This library isn't able to verify it. Even it's showing me as an active subscription on the Play store app in Manage Subscription.
If I try to restore purchase in my app, it would return a purchase but when I went to verify it from the in-app-purchase library, it doesn't validate. Don't know why.
Here is the receipt data I got from the react-native-iap library.
{"purchaseToken":"sdfdsfssfsd.AE-Jw-8fCifXt8xC1LzUDMhl2EyupYjgdGjmkpdHZH-j3-0YWE4UGa_jFlKTwodhLbKXCIWg","productId":"com.xyz.subscription","acknowledged":true,"orderId":"GPA.31-25-01-22058","purchaseTime":1620884406333,"packageName":"com.xyz","purchaseState":0,"autoRenewing":true,"subscription":true}
The response I got from the in-app-purchase library -
{"service":"google","status":0,"packageName":"com.xyz","productId":"com.xyz.subscription","purchaseToken":"sdfdsfssfsd.AE-Jw-8fCifXt8xC1LzUDMhl2EyupYjgdGjmkpdHZH-j3-0YWE4UGa_jFlKTwodhLbKXCIWg","startTimeMillis":"1620884406333","expiryTimeMillis":"1623562757349","autoRenewing":false,"priceCurrencyCode":"INR","priceAmountMicros":"79000000","countryCode":"IN","developerPayload":"","paymentState":1,"cancelReason":1,"orderId":"GPA.31-25-01-22058","acknowledgementState":1,"kind":"androidpublisher#subscriptionPurchase"}
if it got canceled as per the response, I didn't get any refund in my account.
Please help :(
I want to utilise Google Meet api, which is used in Hangouts integration for Slack, description follows
TL;DR:
Links such as https://meet.google.com/new?gid=123&gd=qwe987 can be generated, so a modal is shown which can ask user's confirmation and then some request is sent from user's browser (where the Google Meet page is opened) to some endpoint (probably it is determined from gid which seems to be google application id). Is there a way to configure my application to have a webhook, so I can generate these custom links?
There's Google+ Hangouts app for Slack. Here's how it works (after you add the app in your workspace):
you send /hangout command in any Slack channel
slackbot sends an "Only visible to you" message in this channel with a link to start a new hangout. it looks smth like this (I changed data in the link): https://meet.google.com/new?gid=691521906844&gd=THTJ30X6W%7CU01113BD13M%7CD01113BDB5Z%7Csuren%7C%7C1846381238693%7C1%7CB01QFGG5GJF%7CE1MDm4DWcuVa0RbN5ZT9o5KF
when you visit the link, a new meeting is started instantly, and the page shows modal with text "To bring others into this video call, post a link it to your Slack channel" with buttons 'Cancel' and 'Post'.
when you click 'Post', a new message is sent to the Slack channel, where the command was sent. Text is "#Suren Khorenyan has started a Google+ Hangout and would like you to join. Join Hangout." and contains a link to the meet, which was created previously
How can I utilise this integration for another app, like Mattermost (or anything else like Telegram chats via bots)?
As I see, data in the url slightly changes. Probably it's payload for Google Meet to trigger Slack to send a message with link to the channel.
gid seems to be something like google app id
gd seems to be something like google data. If I url-decode it, it becomes THTJ30X6W|U01113BD13M|D01113BDB5Z|suren||1846381238693|1|B01QFGG5GJF|E1MDm4DWcuVa0RbN5ZT9o5KF. This is some kind of payload, separated by pipes (obviously), but I don't know what any part of this means (suren is my username in the Slack workspace, probably this is used for creating an invitation message).
When I click Post, this happens:
a new POST request to https://hooks.slack.com/services/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 is sent with form-data
hangout_id: 1812381238693
hangout_url: https://meet.google.com//abc-iuqx-def
a new message is posted to the Slack channel
Google meet somehow knows where to post back! Is this configured at the Google application (application id is provided via gid)? How can I configure my application for such behaviour? Where can I setup webhook url?
If we breakdown the request, we can see that url contains some parts of the gd payload:
THTJ27X6W - this is the first part of the gd payload
B01ABCD5GJF - last but one
E1MDm4DWcuVa0RbK5ZT9o5KD - the last part of the gd payload
and form-data contains:
hangout_id - this is in the gd payload after my name
hangout_url - obviously, this is the url for the new created meeting
How can I change it for my needs?
I created a new application at Google APIs dashboard (here console.developers.google.com/apis), but can't find any docs for this integration. There's Google+ Hangouts API in API Library, but it says Apps will continue to function until April 25, 2017..
I tried to approach it from another side:
In the API Library there's Google Calendar. I found mattermost-hangout app on GitHub (had to update it a bit, so it works with updated api). Here's how it works:
oauth2 for authorising at google (single account)
it handles POST request, which is meant to be received from Mattermost (triggered by a slash command),
creates a new calendar event using Google Calendar API (with conference),
takes hangouts url from the response and sends a new message in the Mattermost channel with invitation to join the meeting.
But it has some downsides:
you have to use one account to authorise all event creation events (yeah, it can be upgraded to authorise any number of users, but it'll be inconvenient. why to force anyone to provide access to their Google Account, when Google Meet authorisation just happens in browser, we don't need to create events)
account, used for auth, now has events in his calendar. of course, events can be deleted, but it's not the way.
Is there any documentation on utilising gid and gd params?
Generally, I want to find a way to configure a webhook in my app, so when Google Meet finds my application's ID in the gid query param, it looks at the app's config and sends a request to my app (previously configured endpoint (I assume it works this way)).
Of course there's a chance that it's some kind of internal API and it cannot be used by everyone, but I could not find any information on this.
I am working on Paypal webhook (subscription) section to insert recurring payment information into the database. I have done coding based on the link "https://jslim.net/blog/2018/01/22/PayPal-Rest-API-with-Laravel-5-and-Angular/" but Paypal webhook always return “payment_status: Pending” on sandbox image and its not inserting recurring payment information into the database (insert option added in PayPalController - function webhooksPaymentSaleCompleted ).
I think the problems related with routes/api.php file but I can't figure out what exactly is going wrong.
Another URL that I have referred and tried was "https://github.com/supermavster/PayPal-PHP-SDK"
Laravel version 5.8
paypal/rest-api-sdk-php: "^1.14"
Please suggest a feasible solution to this problem.
Thanks in advance.
Verify that the sandbox account's email is confirmed, by logging into the sandbox business account receiving the payment and navigating to: https://www.sandbox.paypal.com/businessprofile/settings/email
Resend the confirmation message. Open the message via https://developer.paypal.com/developer/notifications/ , and confirm the sandbox email.
The v1 PayPal-PHP-SDK is deprecated and there is no reason to be using it for a new integration. Use the v2 Checkout-PHP-SDK for payments.
You'll need two routes on your server, one for 'Set Up Transaction' and one for 'Capture Transaction', documented here; https://developer.paypal.com/docs/checkout/reference/server-integration/
The best approval flow to pair it with is https://developer.paypal.com/demo/checkout/#/pattern/server
1. Goal
I want to use parse.com to receive Trello webhook.
1a. Why?: Because I want to monitor my trello model and receive say a push notification on my android device and do neat things from the push notficiation (I'm an Android Dev)
2. What I've tried
2a. Setup on parse.com
I've created an app on parse.com
Obtained the keys (REST keys for the REST api)
Checked the above endpoint with Postman, works perfectly.
2b. Setup on trello.com
I've obtained an api appkey and secret; with full write on all boards, never expires
Tested the above with Postman, works perfectly fine.
PROBLEM: Posted to the following using Postman (of course with proper details for key, token, model, etc.
Request=
$.post("https://trello.com/1/tokens/[USER_TOKEN]/webhooks/?key=[APPLICATION_KEY]", {
description: "My first webhook",
callbackURL: "https://api.parse.com/1/functions/webhookReceiverTrello",
idModel: "4d5ea62fd76aa1136000000c",
});
Response Try=
URL (https://api.parse.com/1/functions/webhookReceiverTrello) did not return 200 status code, got 401
3. What is the problem?
Parse.com expects auth keys, etc as header. AFAIK Trello can NOT DO that.
How do I get a trello webhook to call a parse.com cloud function ?
Use a proxy (a simple web app will do)
This is how I did it:
Receive the webhook on a simple web app and make the necessary post call to parse.com
I used heroku for hosting
I used MeteorJS for the web app
Note: An issue you could encounter:
Trello.com sends calls to webhooks in proper order i.e. a card was created, the same card was updated, etc.
When you receive the webhook and make (proper) post calls, they will be received out of order at parse.com i.e. a card was updated and then it was created. This is just due to the way internet works, if you need an explanation, it's another SO question. ;)
This took me a while to figure out; mentioning so that you don't also spend your time with this.
A Fix: I don't know a simple/efficient way to fix this. Please let me know if you do. One possible solution is to queue all POST calls i.e. make POST call 1 and when a successful callback is gotten do the next one. Trello.com seems to do this in a more quicker fashion, it doesn't seem like they wait for a callback given how quick successive calls are received.