in_app_purchase how do I get the data needed for android verification from the serverVerificationData

Question

I am trying to implement server side verification for IAP's in my flutter app. I am using the package

https://pub.dev/packages/in_app_purchase

version: ^0.3.4+8

And I am confused how I get the data to verify my purchase for android and IOS. In the documentation they say

"or verify the data using your own server with serverVerificationData."

This string seems to return some kind of encoded string. How do I then extract the needed data from this string? I tried base64Decode() since the localVerificationData is base64Encoded but this did not work.

Android needs a package name, purchase id and purchaseToken. And Ios needs a object receipt-data. I am confused on how I am to get that data from the serverVerificationData string.

I am currently implementing android first.

The the localVerificationData documentation says

The data used for local verification.

If the source is IAPSource.AppStore, this data is a based64 encoded string. The structure of the payload is defined using ASN.1. If the source is IAPSource.GooglePlay, this data is a JSON String.

So the serverVerificationData must be different from the localVerificationData then since it doesn't look like JSON at all. I am also not sure if it is safe to post the serverVerificationData here since it may contain sensitive information.

This is a string similar to the one I got on android only I changed all the letters, numbers etc. So it's just about the format

zdfdzcdshxvbxmgbafdxvdzt.JK-GR58OHRPOGFEFHEGVEACBEIFDAPDH_EFHEWFEHFHPEGVERBWBASZWDAWODPAWD-HDSWCGOEWFP-EFPEQFHPEDHEWYIFEWFUWEFDASCNAQWFDefphFEQUIWEFpofgewpfFEWHFPWEF

In the repo they show that they call the _verifyPurchase(purchase); which has no implementation in the example.

https://github.com/flutter/plugins/tree/master/packages/in_app_purchase#listening-to-purchase-updates

https://github.com/flutter/plugins/blob/5a183ac54a515be096d01f3a35546c5d89a30dca/packages/in_app_purchase/example/lib/main.dart#L350

And they say you should always verify

https://github.com/flutter/plugins/blob/5a183ac54a515be096d01f3a35546c5d89a30dca/packages/in_app_purchase/example/lib/main.dart#L328

This is my current code

 Future<dynamic> verifyAndroid(PurchaseDetails details) async {
    DatabaseService databaseService = Get.find<DatabaseService>();
    String verificationData = details.verificationData.serverVerificationData;
    // zdfdzcdshxvbxmgbafdxvdzt.JK-GR58OHRPOGFEFHEGVEACBEIFDAPDH_EFHEWFEHFHPEGVERBWBASZWDAWODPAWD-HDSWCGOEWFP-EFPEQFHPEDHEWYIFEWFUWEFDASCNAQWFDefphFEQUIWEFpofgewpfFEWHFPWEF
    String packageName = ''; //get from verificationData 
    String productId = ''; //get from verificationData 
    String purchaseToken = ''; //get from verificationData 
    final response = await databaseService.verifyInAppPurchaseAndroid(packageName, productId, purchaseToken);
    return response;
  }

Answer 1

It turned out that the data was in the detail.verificationData.localVerificationData instead of the detail.verificationData.serverVerificationData and detail.verificationData.serverVerificationData is the purchase token on Android.