问题描述
我的问题:
我很难找到一种方法,可以使用Firebase安全地管理iOS中的自动续订订阅.
I am having a hard time figuring out a way to safely manage auto-renewable subscriptions in iOS with Firebase.
购买过程:
- User1购买了一个订阅
- 使用订阅标识符在Firebase上更新User1的帐户(用于解锁内容)
- 存储带有User1的uid的original_transaciton_identifier(OTI),以匹配来自Apple的收据验证.
- 授予用户访问权限
导致我的大脑崩溃的边缘情况:
- User1注销了用于购买订阅的AppleId,但仍使用Firestore凭据登录到应用程序.
- 因此,当我去验证订阅是否已过期时,它不会返回有效的订阅.我希望用户能够保留其访问权限,直到它过期或取消为止.有什么秘诀可以做到这一点?
- 因此,两个用户都使用相同的AppleId.我可以检查当前用户是否有订阅,然后检查OTI以查看它是否对应于User2 ...(它不会).
- 我们将显示购买iAP"屏幕,但是如果该用户也想使用相同的AppleId购买订阅,该怎么办?对于我来说,处理"Apple Id已经与另一个帐户或其他帐户建立了联系"这句话对我来说是否正常?
我已经找到的相关文章:
如何将自动更新的订阅绑定到内部用户,而不是Appled ID
一段时间以来,我一直在为此苦苦挣扎,却找不到很多资源.感谢所有帮助.
推荐答案
对于案例1:
当您尝试访问收据时,Apple将触发登录提示,要求用户输入其iTunes凭据.如果收据仍然不可用,您将无法验证订阅状态.执行此操作的正确"方法是将整个收据存储在您的服务器上,并定期使用/verifyReceipt 刷新它.您将检查订阅是否已取消,并更新 expiration_date ,以便知道何时切断用户访问权限.
When you attempt to access the receipt Apple will trigger a login prompt for the user to enter their iTunes credentials. If a receipt is still unavailable, you won't be able to verify the subscription status. The "right" way to do this is to store the entire receipt on your server, and periodically refresh it with /verifyReceipt. You'll check if the subscription was cancelled, and update the expiration_date so you know when to cut off access for the user.
对于案例2:
是的!如果您能够查看其他大型订阅应用程序(Netflix,Spotify,HBO等)的处理方式,则与您所描述的类似.如果您维护服务器上的订阅状态(如#1中所述),则不必每次都在本地检查收据,这仅在用户尝试恢复购买"时才会发生.
Yes! If you're able to look at how some other large subscription apps handle this (Netflix, Spotify, HBO, etc.) - it's similar to what you describe. Instead of checking the receipt locally every time, if you maintain the subscription status on your server (as mentioned in #1) this would only happen if the user tries to "Restore Purchases".
这是一个极端的极端情况,因为很少有人尝试在其朋友手机上进行购买,并且在大多数情况下会要求使用TouchID/FaceID-因此,它更具有防止欺诈的功能.一旦获得数百万用户,您就可以幻想并向他们发送自动电子邮件链接,以在检测到此情况时使用Stripe进行注册.
This is a pretty extreme edge case, since not many people try to make a purchase on their friends phone and would require TouchID/FaceID in most cases - so it's more of a fraud prevention feature. Once you get millions of users you can get fancy and send them an automated email link to signup with Stripe if you detect this.
替代:
RevenueCat 可以立即处理所有订阅跟踪和这些极端情况,并且可以播放与 Firebase 配合使用.免责声明:我在那工作.
RevenueCat can handle all the subscription tracking and these edge cases out-of-the-box, and it plays nice with Firebase. Disclaimer: I work there.
这篇关于iOS和Firebase自动续订订阅的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!