I have implemented In-App billing for subscribing to a service. Everything works great but I am at the point where I need to make it secure. Various suggestions that I have ran across suggest to use the account id of the logged in user via the Plus API. Yet how would I get this if the user doesn't log in using their gmail account? My idea was to generate a token created from the user account id and sku combined. Then check with my server to verify the purchase. Is there any way to get the account id of the user? I want to make it possible to use the app across multiple devices with a single purchase. If the user isn't logging in using any social api, is there a way to verify the user across multiple devices?
After many trials and errors and researching, I found a solution. So for anyone else who may have the same need/issue:
First, add this to your build.gradle file:
compile 'com.google.android.gms:play-services-auth:10.2.0'
Then, in the activity that needs to get the users account id add this:
public class MainActivity extends AppCompatActivity{
private static final int REQUEST_CODE_EMAIL = 1;
TextView email, mAcctId;
Button getID;
String accountName;
String TAG = "test";
private static final int REQ_SIGN_IN_REQUIRED = 55664;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
email = (TextView) findViewById(R.id.email);
mAcctId = (TextView)findViewById(R.id.accountID);
//Shows a popup allowing user to select email if more than one exists
try {
Intent intent = AccountPicker.newChooseAccountIntent(null, null,
new String[] { GoogleAuthUtil.GOOGLE_ACCOUNT_TYPE }, false, null, null, null, null);
startActivityForResult(intent, REQUEST_CODE_EMAIL);
} catch (ActivityNotFoundException e) {
// TODO
}
}
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
if (requestCode == REQUEST_CODE_EMAIL && resultCode == RESULT_OK) {
accountName = data.getStringExtra(AccountManager.KEY_ACCOUNT_NAME);
email.setText(accountName);
//Call async task to get accountID for selected email
new RetrieveAccountID().execute(accountName);
}
}
private class RetrieveAccountID extends AsyncTask<String, Void, String> {
@Override
protected String doInBackground(String... params) {
String accountName = params[0];
String token = null;
try {
token = GoogleAuthUtil.getAccountId(getApplicationContext(), accountName);
} catch (IOException e) {
Log.e(TAG, e.getMessage());
} catch (UserRecoverableAuthException e) {
startActivityForResult(e.getIntent(), REQ_SIGN_IN_REQUIRED);
} catch (GoogleAuthException e) {
Log.e(TAG, e.getMessage());
}
return token;
}
@Override
protected void onPostExecute(String s) {
super.onPostExecute(s);
((TextView) findViewById(R.id.accountID)).setText("AccountID: " + s);
}
}
}
Running that will give you the users selected email in one TextView and the accountID for that email in another TextView. Which can now be used to create a token/key for the app unique to the users email. This can also be used to verify token/key when user uses app on a different device.