Closed Bug 707994 Opened 13 years ago Closed 12 years ago

Implement navigator.mozApps.verifyReceipt

Categories

(Core :: DOM: Core & HTML, defect, P1)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: anant, Unassigned)

References

Details

Currently verifyReceipt is implemented, but only for the native-shell: https://github.com/mozilla/openwebapps/blob/develop/addons/jetpack/data/native-install/XUL/content/window.js#L142

This code should be shared across all the other mozApps implementations, which are currently the add-on and HTML5 shim.
Depends on: 701409
Depends on: 709288
Priority: P2 → P1
Component: General → DOM: Mozilla Extensions
Product: Web Apps → Core
QA Contact: general → general
Did this feature get implemented? What's the status on this?
Whiteboard: [mozappsapi]
(In reply to Jason Smith from comment #2)
> Did this feature get implemented? What's the status on this?

It's not implemented on m-c.
Whiteboard: [mozappsapi] → [mozApps API 1.0]
There's an open design question here: do we still want to implement verifyReceipt?
(In reply to Ian Bicking (:ianb) from comment #4)
> There's an open design question here: do we still want to implement
> verifyReceipt?

What benefits does our stakeholders using verifyReceipt get for it existing? What cost is lost for it not existing?

Clarification - Is verifyReceipt a convenience function to operate against marketplace's receipt validation service? Or it something else?
For the most part, verifyReceipt could be implemented as a JS file, a kind of helper that we provide, but don't need to specifically include as part of the mozApps API.  That is, there's no special abilities we need, and no hard security advantage to providing it natively (though there might be some soft advantages).

I believe the actual verifyReceipt function was probably too complicated to be part of the mozApps API - it also included some options for various levels of app security.  We'd want to distill a smaller API from it, and allow supporting libraries cover app policies.
Ian is right, there are no hard advantages to including it as part of the mozApps API (and is definitely not part of the spec). The original implementation in the add-on served two purposes:

- A vehicle to prototype apps that depended on receipt validation quickly
- Provide sample code to app developers who wanted to know what the "right" way to validate a receipt was

Most serious developers will want to do receipt verification themselves, but for some smaller scale apps the thinking was that verifyReceipt() would serve as a nice convenience function, when the app developer trusts the web run-time to a certain extent.
Blocks: 746465
Whiteboard: [mozApps API 1.0]
Is this bug still valid, given that Ian is actively working on https://github.com/mozilla/receiptverifier to be integrated into mozmarket.js per bug 755006 and bug 758733?
I believe the library supersedes this function.
Okay. Resolving as a won't fix then.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Component: DOM: Mozilla Extensions → DOM
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.