Closed Bug 738368 Opened 11 years ago Closed 10 years ago
Allow developers to revoke compromised in-app payment secret
If an app developer *knows* their in-app payment secret has been compromised, they need a way to disable the secret ASAP. This should be a feature on the developer hub management screen. The management screen for key/secret was built in bug 703093
11 years ago
Depends on: 740830
Is this documented somewhere? https://wiki.mozilla.org/Apps/WebApplicationReceipt/GenerationService covers our keys, but I haven't seen anything about in-app purchases. I'm curious about effects for the end user - will they migrate to a new key, or..?
In this case I think the app developer would just regenerate the key/secret and update their hopefully no longer compromised app. This feature would need to be documented on https://developer.mozilla.org/en/Apps/In-app_payments
Assignee: nobody → kumar.mcmillan
Target Milestone: --- → 6.5.2
I have added info on how to handle a compromised app secret to MDN here: https://developer.mozilla.org/en/Apps/In-app_payments#section_5
Fixed: https://github.com/mozilla/zamboni/commit/e576444a5397490e8d9f9634d8f78adafdf8c674 Devs now get a button to reset their credentials on the Manage In-App Payments page, like this: https://marketplace-dev.allizom.org/en-US/developers/app/in-app-payment-tester-10/in-app-config I've updated the MDN docs too: https://developer.mozilla.org/en/Apps/In-app_payments#Revoking_a_compromised_app_secret
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: 2012-06-07 → 2012-06-14
verified at https://marketplace-dev.allizom.org/en-US/developers/app/in-app-payment-tester/in-app-config Checked that in-app payments are unsuccessful if Application secret is revoked.
Status: RESOLVED → VERIFIED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.