Closed
Bug 738368
Opened 13 years ago
Closed 13 years ago
Allow developers to revoke compromised in-app payment secret
Categories
(addons.mozilla.org Graveyard :: Developer Pages, defect, P2)
Tracking
(Not tracked)
VERIFIED
FIXED
2012-06-14
People
(Reporter: kumar, Assigned: kumar)
References
Details
Attachments
(2 files)
If an app developer *knows* their in-app payment secret has been compromised, they need a way to disable the secret ASAP. This should be a feature on the developer hub management screen.
The management screen for key/secret was built in bug 703093
Comment 1•13 years ago
|
||
Is this documented somewhere? https://wiki.mozilla.org/Apps/WebApplicationReceipt/GenerationService covers our keys, but I haven't seen anything about in-app purchases. I'm curious about effects for the end user - will they migrate to a new key, or..?
Assignee | ||
Comment 2•13 years ago
|
||
In this case I think the app developer would just regenerate the key/secret and update their hopefully no longer compromised app. This feature would need to be documented on https://developer.mozilla.org/en/Apps/In-app_payments
Updated•13 years ago
|
Priority: -- → P3
Assignee | ||
Updated•13 years ago
|
Assignee: nobody → kumar.mcmillan
Target Milestone: --- → 6.5.2
Assignee | ||
Updated•13 years ago
|
Target Milestone: 6.5.2 → 6.5.3
Comment 3•13 years ago
|
||
I have added info on how to handle a compromised app secret to MDN here:
https://developer.mozilla.org/en/Apps/In-app_payments#section_5
Updated•13 years ago
|
Target Milestone: 6.5.3 → 6.5.4
Updated•13 years ago
|
Target Milestone: 2012-05-10 → 2012-05-17
Assignee | ||
Updated•13 years ago
|
Target Milestone: 2012-05-17 → 2012-05-24
Assignee | ||
Updated•13 years ago
|
Target Milestone: 2012-05-24 → 2012-05-31
Assignee | ||
Updated•13 years ago
|
Target Milestone: 2012-05-31 → 2012-06-07
Assignee | ||
Updated•13 years ago
|
Priority: P3 → P2
Assignee | ||
Comment 4•13 years ago
|
||
Fixed:
https://github.com/mozilla/zamboni/commit/e576444a5397490e8d9f9634d8f78adafdf8c674
Devs now get a button to reset their credentials on the Manage In-App Payments page, like this: https://marketplace-dev.allizom.org/en-US/developers/app/in-app-payment-tester-10/in-app-config
I've updated the MDN docs too: https://developer.mozilla.org/en/Apps/In-app_payments#Revoking_a_compromised_app_secret
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: 2012-06-07 → 2012-06-14
Comment 5•13 years ago
|
||
verified at https://marketplace-dev.allizom.org/en-US/developers/app/in-app-payment-tester/in-app-config
Checked that in-app payments are unsuccessful if Application secret is revoked.
Status: RESOLVED → VERIFIED
Comment 6•13 years ago
|
||
Comment 7•13 years ago
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•