Marketplace/InAppPayments

This page discusses some improvements to In-app Payments for the Marketplace.

Issues

• Developers have to manage the in-app keys.
• Developers require a server to store the in-app keys.
• Developers respond to payment notices for success or failure.
• Marketplace doesn't know anything about an in-app payment, meaning purchase history and refunds are empty.

Proposed solution

• App developer must give their app a domain. Already exists for hosted apps, would be added into the manifest for packaged apps.
• App developers enters in a product and price on the Mozilla Marketplace developer hub and gets a URL for example /mozpay/product/shiny-pony/buy.
• User clicks a Buy button.
• App does a POST to /mozpay/product/shiny-pony/buy

 * Server checks the domain of the request to ensure its coming from the app. How?
 * That initiates a transaction on the server.
 * Server contacts the marketplace to record start of the transaction.
   * Is there an issue here with matching up Marketplace persona accounts?
 * Creates the JWT and returns it to the client
 * The client receives the JWT and passes it to mozPay.

• App polls the server waiting for a completed purchase...
• When completed a receipt is returned to the client

 * Client installs the receipt (bug https://bugzilla.mozilla.org/show_bug.cgi?id=757226)

• App verifies the receipt is correct for that app.

 * App verifies the receipt against the receipt verification.

• App grants access to product purchased.

• User can revisit the marketplace and get a list of completed in-app payments.

 * Users can click a button to get a receipt for an in-app payment.
   * App should check the receipt is correct for that app.
   * App verifies the receipt against the receipt verification.

Bugs

To come.