Skip to content

fix: Test transaction may also return 401 when queried in the production environment #315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix: Test transaction may also return 401 when queried in the production environment #315

wants to merge 2 commits into from

Conversation

BB-5XGames
Copy link
Contributor

No description provided.

@richzw
Copy link
Collaborator

richzw commented Apr 24, 2025
edited
Loading

@BB-5XGames , I think the func (c *APIClient) Verify(ctx context.Context, transactionId string) (*TransactionInfoResponse, error) could meet your requirement. Please correct me if anything wrong.

@BB-5XGames
Copy link
Contributor Author

I tried using this interface directly, but it couldn't query the sandbox again in the case of a 401
The error is displayed as:
appstore api: https:api.storekit.itunes.apple.com/inApps/v1/transactions/xxxxxxxxxxxxxx return status code 401

@richzw
Copy link
Collaborator

richzw commented Apr 25, 2025

I tried using this interface directly, but it couldn't query the sandbox again in the case of a 401 The error is displayed as: appstore api: https:api.storekit.itunes.apple.com/inApps/v1/transactions/xxxxxxxxxxxxxx return status code 401

First of all. Per doc, the 401 Unauthorized

The JSON Web Token (JWT) in the authorization header is invalid

It means the jws token you provided is not valid. I think the jws token of your sandbox environment and production environment are different, am I right?

If so, I think the better solution to solve it is that try the sandbox environment validation when the error is not nil . The codes like below.

func (c *APIClient) Verify(ctx context.Context, transactionId string) (*TransactionInfoResponse, error) {
	result, err := c.productionCli.GetTransactionInfo(ctx, transactionId)
	if err != nil  {
		result, err = c.sandboxCli.GetTransactionInfo(ctx, transactionId)
	}
	return result, err
}

Please correct me if anything missing. @BB-5XGames

@BB-5XGames
Copy link
Contributor Author

I think the JWT used in the test and production environments should be the same, both generated by the code here, right?

authToken, err := a.Token.GenerateIfExpired()

This is indeed my temporary solution for now

func (c *APIClient) Verify(ctx context.Context, transactionId string) (*TransactionInfoResponse, error) {
	result, err := c.productionCli.GetTransactionInfo(ctx, transactionId)
	if err != nil  {
		result, err = c.sandboxCli.GetTransactionInfo(ctx, transactionId)
	}
	return result, err
}

@richzw
Copy link
Collaborator

richzw commented Apr 25, 2025

I think the JWT used in the test and production environments should be the same, both generated by the code here, right?

authToken, err := a.Token.GenerateIfExpired()

Yes, the jwt token is same both in test and production environment. However, please make sure the those values of Token is correct

	KeyID         string       // Your private key ID from App Store Connect (Ex: 2X9R4HXF34)
	BundleID      string       // Your app’s bundle ID
	Issuer        string       // Your issuer ID from the Keys page in App Store Connect (Ex: "57246542-96fe-1a63-e053-0824d011072a")

following this doc https://developer.apple.com/documentation/appstoreserverapi/creating-api-keys-to-authorize-api-requests.

Since the return code is 401, it means some of above parameters are not correct. You may double check them. @BB-5XGames

@BB-5XGames
Copy link
Contributor Author

Yes, I'm sure, the parameters used in the test environment and the real environment are the same

@richzw
Copy link
Collaborator

richzw commented Apr 28, 2025

Yes, I'm sure, the parameters used in the test environment and the real environment are the same

One more question, does the same parameters works well either on test environment or production environment? I think if the parameters are correct, it is impossible to return 401.

@BB-5XGames
Copy link
Contributor Author

Right now, my app is not officially launched, so I can't test it in the production environment. However, whether it's testing or production, the TOKEN generated under the same parameters is exactly the same

@richzw
Copy link
Collaborator

richzw commented Apr 29, 2025

Right now, my app is not officially launched, so I can't test it in the production environment. However, whether it's testing or production, the TOKEN generated under the same parameters is exactly the same

Got it. It is so weird that the status code 401 is returned since all those parameters are correct.

KeyID         string       // Your private key ID from App Store Connect (Ex: 2X9R4HXF34)
	BundleID      string       // Your app’s bundle ID
	Issuer        string       // Your issuer ID from the Keys page in App Store Connect (Ex: "57246542-96fe-1a63-e053-0824d011072a")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BB-5XGames @richzw