Need Clarification on Receipt Validation Without a Backend Using RNIap.validateReceiptAndroid()

[ayazalphasquad]

Description

Hi team,

I have a concern regarding the receipt validation process for Android in the react-native-iap library. While the common recommendation is to validate receipts on a secure server, our application does not currently have any backend integration not even firebase.

We are looking to perform receipt validation directly on the client side within the React Native app. Specifically, we want to use the RNIap.validateReceiptAndroid() method for Android subscriptions. However, this method requires several parameters:

• packageName
• productId
• productToken
• accessToken
• isSub

My concern lies with the accessToken parameter. It appears that obtaining an access token requires authorization through Google Cloud Console, which typically involves server-side operations to securely authenticate and manage tokens.

Questions:
1- How can we obtain and manage the accessToken directly within a React Native app without a backend server?
2- Is there a recommended approach for securely handling Google authorization and token management directly on the client-side in a mobile app?
3- Are there any best practices or alternative methods provided by react-native-iap for validating receipts on Android without a backend server?

I would appreciate any guidance or suggestions on how to effectively handle receipt validation on Android using RNIap.validateReceiptAndroid() in an environment that lacks backend server support or also suggest to handle the receipt validation if we have backend as well.

• react-native-iap: 12.11.0
• react-native: 0.72.3
• Platforms (iOS, Android, emulator, simulator, device): Android

Thank you!