在我的Android应用上使用Google Pay付款时,付款经过验证后,会得到一个PaymentData变量,我可以从中获取一些信息,例如电子邮件,送货地址,帐单邮寄地址,...
是否有一种方法可以在我的后端获取这些信息,而无需发送它们以避免更改?
例如,当我使用OAuth执行Google Connect时,我得到了一个令牌,该令牌使我可以向Google的服务器执行请求并自己检索诸如“邮件”之类的数据,...这样,我可以检查是否邮件已更改。
谢谢
编辑:这是Android应用程序中的代码
private void payWithGooglePay() {
PaymentDataRequest.Builder request =
PaymentDataRequest.newBuilder()
.setEmailRequired(true)
.setShippingAddressRequired(needShippingAddress)
.setTransactionInfo(
TransactionInfo.newBuilder()
.setTotalPriceStatus(WalletConstants.TOTAL_PRICE_STATUS_FINAL)
.setTotalPrice(String.valueOf(amountToPay / 100))
.setCurrencyCode(currency.getCurrencyCode())
.build())
.addAllowedPaymentMethod(WalletConstants.PAYMENT_METHOD_CARD)
.addAllowedPaymentMethod(WalletConstants.PAYMENT_METHOD_TOKENIZED_CARD)
.setCardRequirements(
CardRequirements.newBuilder()
.setBillingAddressRequired(needBillingAddress)
.addAllowedCardNetworks(Arrays.asList(
WalletConstants.CARD_NETWORK_VISA,
WalletConstants.CARD_NETWORK_MASTERCARD))
.build());
PaymentMethodTokenizationParameters tokenizationParameters =
PaymentMethodTokenizationParameters.newBuilder()
.setPaymentMethodTokenizationType(WalletConstants.PAYMENT_METHOD_TOKENIZATION_TYPE_PAYMENT_GATEWAY)
.addParameter("gateway", "stripe")
.addParameter("stripe:publishableKey", liveMode ? getString(R.string.stripe_live_pk_key) : getString(R.string.stripe_test_pk_key))
.addParameter("stripe:version", "5.1.0")
.build();
PaymentDataRequest paymentDataRequest = request
.setPaymentMethodTokenizationParameters(tokenizationParameters)
.build();
if (paymentDataRequest == null) {
return;
}
AutoResolveHelper.resolveTask(paymentsClient.loadPaymentData(paymentDataRequest),
getActivity(), ProgressViewActivity.PAYMENT_WITH_GOOGLE_PAY_REQUEST_CODE);
}
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
switch (requestCode) {
case ProgressViewActivity.PAYMENT_WITH_GOOGLE_PAY_REQUEST_CODE:
if (resultCode == Activity.RESULT_OK) {
PaymentData paymentData = PaymentData.getFromIntent(data);
Log.d("MyGooglePay", "Google transaction ID: " + paymentData.getGoogleTransactionId());
Log.d("MyGooglePay", "mail: " + paymentData.getEmail());
Log.d("MyGooglePay", "token:" + paymentData.getPaymentMethodToken().getToken());
Log.d("MyGooglePay", "extra: " + (paymentData.getExtraData() != null ? paymentData.getExtraData().toString() : ""));
CardInfo cardInfo = paymentData.getCardInfo();
String description = cardInfo.getCardDescription();
Log.d("MyGooglePay", description);
UserAddress shippingAddress = paymentData.getShippingAddress();
UserAddress billingAddress = cardInfo.getBillingAddress();
Log.d("MyGooglePay", "shipping: " + shippingAddress);
Log.d("MyGooglePay", "billing: " + billingAddress);
String rawToken = paymentData.getPaymentMethodToken().getToken();
// Now that you have a Stripe token object, charge that by using the id
Token stripeToken = Token.fromString(rawToken);
if (stripeToken != null) {
// This chargeToken function is a call to your own server, which should then connect
// to Stripe's API to finish the charge.
Log.d("MyGooglePay", stripeToken.getCard().toJson().toString());
//sendFinalRequestAndGoToNext(stripeToken.getId());
}
break;
}
}
}
为了清楚起见,我想要的是直接从后端获取PaymentData ,而不是将其从应用程序发送到后端,以避免更改。
答案 0 :(得分:0)
这种与处理器和网关脱钩的行为是有意的,并且可以最大程度地提高所有相关代理的兼容性。
从Google Pay检索到的敏感信息经过加密,因此只有付款处理者才能显示有效内容。篡改中间的内容只会使有效负载无效。
要访问该内容,您还可以选择使用DIRECT integration实施Google Pay。如此说来,请注意,支付处理涉及复杂性和对PCI DSS等法规条款的遵守,因此,除非另有必要,否则不建议这样做。