How to Manually Generate Access Token | Google Play Developer API

Info: This section will provide you steps to request access tokens with the specific scope https://www.googleapis.com/auth/androidpublisher using OAuth 2.0 Assertion Profile

Objective

Generate an Access token with OAuth 2.0 assertion profile

Requirements

Coding expertise level: Medium
Hands-on Google OAuth
Hands-on JWT token JSON Web Tokens - jwt.io
Aware of Service Account

How to get Access Token?

You will be requiring the Endpoint to get a token, the scope you are requesting access_token for. There are certain libraries out there which will do this stuff but let’s understand the basics so you can do it on your own without depending upon any libraries.

Why do we need this access_taken?

We need this access_token to call further in-app purchase API verification calls like purchases.products or purchases.subscriptions APIs. So, for that, we need to complete the OAuth with the help of the Service Account JSON file.

What do we read from the JSON file?

client_email
private_key

Sample Request

$ curl -X POST https://accounts.google.com/o/oauth2/token -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion= eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJwbGF5LWRldmVsb3Blci1hcGlAcGMtYXBpLTU3MDg2MDAxMjU3MTE1Mjk1OTMtOTE4LmlhbS5nc2VydmljZWFjY291bnQuY29tIiwic2NvcGUiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9hdXRoL2FuZHJvaWRwdWJsaXNoZXIiLCJhdWQiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvdG9rZW4iLCJpYXQiOjE2NDkxNDczNzAsImV4cCI6MTY0OTE1MDk5M30'

Required Parameters

By default, these parameters must be x-www-form-urlencoded and specified in the request body (as shown in the sample above). Also, to use a JWT Bearer Token as an authorization grant, use the following parameter values and encodings.

grant_type - MUST be to the value of the assertion
assertion - MUST contain a single JWT

Get access token

Now, we have the basic things needed to get an access token. Let's understand the following steps.

Step 1: Generate jwtToken

Headers:

The following example of a JSON object, used as a header of the HWT, declares that the JWT is signed with the RS256 algorithm.

Payload:

See the attached example JSON object that could be encoded to produce the JWT Claims Object for the JWT.

Verify Signature

Encode your payload and headers with the PRIVATE_KEY extracted from the JSON file

We are going to use this encoded value as an assertion_token in the next step.

Step 2: Create FORM DATA

Now, we need to create a FORM DAYA to make the HTTP call.

Step 3: Make HTTP POST call

Make an HTTP call with the POST method, if all went well then you will get the Success response with the access_token!

Now, we have the access_token to call the subsequent API calls. e.g., verify in-app purchases.

Comments

Google Play Developer API: How to Create a Service Account

Why am I reading this? Mobile applications are surrounded by so many modules in addition to that, the IN-APP Purchase and Subscriptions play a good amount of role, where you as an owner of the app, can generate revenue by selling consumable and non-consumable goods such as Coins for Games, Subscription plans for your app many things. Now, as you are selling some goods on your app, there must be a way to validate that purchase or get the details. But obviously, you can do it from the app itself as Google does provide SDK for the same. (SDK – Software Development Kit). But, we are living in a world where Android and iOS exist and in a very competitive market! Google Play Developer API gives us the power to check the user’s transaction from the RESTful APIs which leads you to read this blog. With the RESTful API, we can do this call from the BACKEND and leave the app standalone and do other stuff Offering Google Play Developer API lets you manage the two main components in your project Th...

ADB - The Android Developer's Swiss Army Knife

Introduction: In the world of Android app development, having the right tools can make a significant difference. One such indispensable tool is ADB (Android Debug Bridge), a versatile command-line tool that empowers developers and Android enthusiasts to interact with Android devices from their computers. In this blog, we'll explore what ADB is, its key functionalities, how to install it on Windows and Mac, and how it simplifies the app development and testing process. What is ADB? ADB, short for Android Debug Bridge, is a critical component of the Android Software Development Kit (SDK) or the standalone Android Platform Tools package. It serves as a bridge between a computer and Android devices, enabling seamless communication and control over connected devices. How to Install ADB on Windows? Installing ADB on Windows is a straightforward process: Download Android SDK Platform Tools : Go to the official Android Developer website and download the SDK Platform Tools package from this...

A Developer's Guide to verify In-App purchase

Disclaimer: Helpful document for the coder This document is providing the API calls needed from the mobile device to verify the purchase from the respective stores. The RESTful API will connect with the respective store and verify the purchase, update the user data and will provide the necessary response to the user call. We are going to verify the receipt data from the Apple Store and the purchase token from the Google Play Store. Both stores provide steps to verify/get details of the transaction but this document comes in handy and provides action plans for the mobile app developer and the backend team. Objective Verify In-App purchase/subscription from Google Play Store and Apple Store Requirements Apple IAP Verification: Apple shared secret Google IAP Verification: Service Account Key file (JSON file) Key factors: Expertise & Patience RESTful APIs Purchase subscription/product This will be the first API call from the mobile app to send the purcha...

Rahul Upadhyay

Search This Blog