webpay should use the solitude API to validate and deal with JWT issuers/secrets. Currently webpay has a stub database table of issuers. This can be removed. See: https://github.com/mozilla/solitude/blob/master/lib/sellers/models.py#L49 Also: https://github.com/mozilla/webpay/blob/master/webpay/pay/forms.py#L40
Priority: -- → P1
Target Milestone: --- → 2012-12-20
The app_id is coming from the JWT, where's the matching field in solitude, is it external_id on SellerProduct?
The app ID is whatever we want to make it. We will use this as a public identifier to lookup the seller's secret. I originally envisioned it as the seller uuid and I envisioned Marketplace setting seller uuid's to the domain name of the app. The product external ID is different; that is what gets passed through request.id in the JWT https://wiki.mozilla.org/WebAPI/WebPayment#In-app_payment
I'll set it assume its going to be seller uuid for now, easy to change later.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.