I've implemented the sample code found at https://code.google.com/p/iap-php/ on my test site http://whatisthesite.com. As you might be able to see there is a vague error message once the "Purchase" button is clicked:
There is an error in the setup for your purchase. Please contact the merchant with this error message: Expected 3 components in jwt: $jwtToken
The console gives:
Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "http://whatisthesite.com" from accessing a frame with origin "https://sandbox.google.com". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match.
markdown-here.js:33
findFocusedElem markdown-here.js:33
intervalCheck
The demo site http://iap-php.appspot.com/ is not https: nor is there anywhere in the code to define the protocol. Any advice would be appreciated, thanks!
UPDATE:
It has something to do with the sample's use of "Here Doc" syntax to use inline PHP variables in JS functions. Changed this syntax:
echo <<< INDEX <button id='runDemoButton' value='buy' class='buy-button' onclick='DemoButton("$jwtToken");'><b>Purchase</b></button> INDEX;
to this:
<button id='runDemoButton' value='buy' class='buy-button' onclick='DemoButton("<?php echo $jwtToken;?>");'><b>Purchase</b></button>
But now gives an even more vague error.
Dialog errors such as "There is an error in the setup for your purchase" have a corresponding error code returned to the client-side failure handler:
https://developers.google.com/wallet/digital/docs/jsreference#failurehandler
In your case the error code is MERCHANT_ERROR which indicates a badly formatted JWT. This may be due to using the incorrect SELLER KEY or SECRET to sign the JWT.