Sunday, November 19, 2017

Query purchase token returns Invalid Value in Google Play Developer API. How to solve this issue?

First I want to share with you what is 400 bad request and what is the real cause for occuring it?
Ans: It indicates that the query was invalid. E.g., parent ID was missing or the combination of dimensions or metrics requested was not valid.
Recommended Action: You need to make changes to the API query in order for it to work.
Resource Link: Standard Error Responses

Your problem:

Your code was running properly and returning related json file as output. But after a period,it is not working when you want to get information about purchase. It gives error message "HTTP/1.1 400 Bad Request"

Root cause:

For refresh token, the response always includes a new access token. A response is shown below:
{
  "access_token":"1/fFBGRNJru1FQd44AzqT3ZgXXXXXX",
  "expires_in":3920,
  "token_type":"Bearer",
}
So, access token has a expiry time. after a expiry time, the access token will not work.
There is another restriction also. There are limits on the number of refresh tokens that will be issued; one limit per client/user combination, and another per user across all clients.
So, in your case, you have already crossed your limit of creating refresh token.

Solution:

So, you first need to revoke the token. Then save refresh tokens in long-term storage and continue to use them as long as they remain valid.
As you are using refresh token, then you need to change the http post request https://accounts.google.com/o/oauth2/token to https://www.googleapis.com/oauth2/v4/token
So your code will be look like below:
String refreshToken = "1/ljll6d9ME3Uc13jMrBweqXugV4g4timYcXXXXXXXXX";
HttpPost request = new HttpPost("https://www.googleapis.com/oauth2/v4/token");
List<NameValuePair> params = new ArrayList<NameValuePair>();
...............
...............

Revoking procedure:

There are 2 ways for revoking.
  1. A user can revoke access by visiting Account Settings
  2. It is also possible for an application to programmatically revoke the access given to it.
To programmatically revoke a token, your application makes a request to https://accounts.google.com/o/oauth2/revoke and includes the token as a parameter:
curl https://accounts.google.com/o/oauth2/revoke?token={token}
The token can be an access token or a refresh token. If the token is an access token and it has a corresponding refresh token, the refresh token will also be revoked.
N.B: If the revocation is successfully processed, then the status code of the response is 200. For error conditions, a status code 400 is returned along with an error code.

Resource Link:

  1. Offline access, Using refresh token and Revoke a token
Resource Link: https://stackoverflow.com/a/36290762/2293534
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)