My app uses a system to allow the user to switch between different accounts.
Lets say the user purchases an product while logged in with account A, and PurchaseProcessingResult.Pending is returned to ProcessPurchase().
The user then switches to account B, and since the previous purchase is still pending, ProcessPurchase will be called again when the app is opening again, so it will go to my server for validation.
The problem here is that Unity IAP has no knowledge of which user made which transaction, and my server will say that the receipt is valid, but it is actually not valid for account B, since account A had made the transaction.
What is the established workflow to solve this issue?
You can’t switch accounts like that for security, for example logging into Google services in your app. It’s the profile user on the phone, typically the user logged into the Google Play app on the device. Typically you would not have multiple users using their credit card information on the same phone.
Got it. Unfortunately I don’t see a way to identify purchases as being associated with different game accounts for a single physical (and paying) user on the device. The DeveloperPayload was originally created to handle this sort of thing, but the stores are moving away from supporting it, for security https://developer.android.com/google/play/billing/developer-payload
I see. It’s sad that they are removing it. Is there anything that IAP team has on their roadmap to handle this when stores eventually remove DeveloperPayload?
I was thinking it would be great if I could attach a token to the purchase, or initialize Purchasing with the said token.
That way I’d be able to make sure of which transaction belongs to which game account.
Understood, good point. I’m not sure we can piggyback anything on top of the receipt itself, the stores would not accept it. You might be able to create a hash with the date+current account+transactionID or similar, and send it to a cloud provider like PlayFab or ChilliConnect. But Restore happens only for the device account, so I’m not sure how that would work.