Post

Replies

Boosts

Views

Activity

How to validate IAP receipt without a server after /verifyreceipt goes away?
Good day, all. Back in January I decided to write a little app out of necessity that nobody else had written as I needed it. I was looking at supporting IAP and at the time to do a Lite and Pro version, and /verifyreceipt wasn't yet deprecated. I put the app aside for a while to focus on another project, and finally came back to it in early August to start from scratch to learn SwiftUI, only to find that /verifyreceipt is now deprecated, and no date as to when it'll go away. The problem is that Apple's documentation for IAP now assumes you're going to have a server for secure communication between your server and Apple's. I get that, but this teeny little app isn't worth the trouble of setting up and maintaining a server to go with it. All I want to do is make sure that if a user cancels their non-consumable Pro purchase, that I can determine that there was a change, and unmark the app as a Pro version. So, down the rabbit hole I went trying to find a way to solve this problem without building OpenSSL. I think I found a solution, and I tested it and it works with one caveat. https://github.com/filom/ASN1Decoder/tree/master This code decodes the receipt file and gives me the fields I need, except for "in_app_ownership_type". I don't know if I need it, but if I do, I'll have to determine how to add support for that. I wanted to get people's opinions on whether this GitHub project is a viable solution in lieu of building and paying for a server, and if there are any caveats which come with it. For example: when the App Store asks if there's cryptographic code in the app, am I going to have to now say yes with this code? If a server is the ONLY solution after /verifyreceipt shuts down, I'm just going to make a pro version and be done with it, I don't need this headache. I even tried RevenueCat which had its own set of problems (and will not be using). If anyone from Apple is reading this, please consider coming up with an easy solution for checking receipt values before removing /verifyreceipt. And also, if there's an easy solution I'm missing, please let me know. I've done so much reading, but once I hit docs that say "...your server...", I just shake my head and move to finding a different solution. Thanks!
5
0
1.4k
Aug ’23