谷歌支付服务端校验权限不足

2023-11-03 18:42:56 +08:00
 jarytom
from google.oauth2 import service_account
from googleapiclient.discovery import build

# 载入你的 JSON 密钥文件
credentials = service_account.Credentials.from_service_account_info(
    info={
  "type": "service_account",
  "project_id": "noted-stxxxxx03902",
  "private_key_id": "e131704d8.....7eaf5b5060181c",
  "private_key": "-----BEGIN PRIVATE KEY-----xxxxxx=-----END PRIVATE KEY-----",
  "client_email": "googlepa....eaccount.com",
  "client_id": "112233...6934233",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot....unt.com",
  "universe_domain": "googleapis.com"
},
    scopes=['https://www.googleapis.com/auth/androidpublisher']
)

# 创建 AndroidPublisher 客户端
android_publisher = build('androidpublisher', 'v3', credentials=credentials)


def verify_google_pay_transaction(product_id, package_name, purchase_token) -> dict | None:
    '''
    验证交易
    :param product_id: 商品 ID
    :param package_name: 包名
    :param purchase_token: 购买凭证
    :return: 交易信息(可能为空), 示例值 {'purchaseTimeMillis': '1698053056154', 'purchaseState': 0, 'consumptionState': 1, 'developerPayload': '', 'orderId': 'GPA.3312-7728-1791-92249', 'purchaseType': 0, 'acknowledgementState': 1, 'kind': 'androidpublisher#productPurchase', 'obfuscatedExternalAccountId': '7522', 'obfuscatedExternalProfileId': '2023102309241075224111', 'regionCode': 'US'}
    '''
    try:
        # 使用 AndroidPublisher 客户端进行购买验证
        result = android_publisher.purchases().products().get(
            packageName=package_name,
            productId=product_id,
            token=purchase_token
        ).execute()
        print(result)
        return result
    except Exception as e:
        print(f"验证失败: {e}")
        return None


if __name__ == '__main__':
    product_id = 'avatar_generate_1.99'
    package_name = 'com.xxx.camera'
    purchase_token = 'bijdhmoimifmbioicfligjlk.AO-J1Ox0wST7o5LhRyW1CJoFIq7eV7Bgn3TSPc-N_wh7aR0-zIqA-YgHHypU6sj8sS0sw6C10F7CTugpBH8Fss-VkbD5sLzc8A'
    g_res = verify_google_pay_transaction(product_id, package_name, purchase_token)
    print(g_res)

json 内容已脱敏 运行上面的代码,返回响应信息 验证失败: <HttpError 401 when requesting https://androidpublisher.googleapis.com/androidpublisher/v3/applications/com.aipersona.camera/purchases/products/avatar_generate_1.99/tokens/bijdhmoimifmbioicfligjlk.AO-J1Ox0wST7o5LhRyW1CJoFIq7eV7Bgn3TSPc-N_wh7aR0-zIqA-YgHHypU6sj8sS0sw6C10F7CTugpBH8Fss-VkbD5sLzc8A?alt=json returned "The current user has insufficient permissions to perform the requested operation.". Details: "[{'message': 'The current user has insufficient permissions to perform the requested operation.', 'domain': 'androidpublisher', 'reason': 'permissionDenied'}]">

想问一下各位大佬这个怎么排查

682 次点击
所在节点    Google Play
1 条回复
lingling47
2023-11-04 12:57:23 +08:00
这是用来做啥的

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/988395

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX