On 2013-01-23, at 12:40 PM, Kumar McMillan <[email protected]> wrote:
> Hi all. > We're rapidly approaching the day when third party app developers can begin > testing web payments using navigator.mozPay() [1] against Mozilla's Web > Payment Provider [2]. I'd like to get some feedback on ideas for how > developers can *test* their use of the API. > > [1] https://wiki.mozilla.org/WebAPI/WebPayment > [2] https://wiki.mozilla.org/WebAPI/WebPaymentProvider We've got to make a plan to reenable and get started on the MDN docs too. > Some info on those wiki pages is outdated already (fixes are coming). Here is > a summary of how developers will set up payments: > > The developer... > - submits app to Firefox Marketplace > - activates in-app payments > - enters bank details to receive money If its a paid app, they can stop here and we move on to receipt checking. Simpler for them at least. > - clicks a button to generate a secret key > - hosts an app on a server > - writes server code to sign JWTs (JSON Web Tokens) with the secret key > - hosts two URLs, a postback and a chargeback > - creates purchase button in app that calls nav.mozPay([signedJWT]) > Note that these success/error handlers on the client are not as useful as the > server side postback/chargeback handlers. The former is more for UI errors > like the user clicking the Cancel button. In order to fulfill payment, the > developer must use a postback handler so she can verify the JWT signature. We should be write a simple example server that does copes with postback/chargeback handlers. > TEST PROPOSAL > > The developer could test successful payments by amending a JWT like this: > > { > ... > "request" : { > "name" : "Unlock Level 10", > ... > "simulate": { > "result": "postback" > }, > } > } This seems fine to me. The post back and chargebacks would come through on the developers end with that JWT in, so they'd know it was a simulated request and can ignore it. It's a bit of a pain on the server as we'll have a special code path that involves not calling Bango and faking some things out. _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
