question

rthor avatar image
rthor asked Mark Mullan Deactivated answered

Updating payment with external payment ID

Attempting to use the SDK to add an external payment ID to a payment. using the orderConnector.updatePayment(orderId, payment) I get the following exception:

09-21 17:35:46.481 1697-1708/? E/OrderBinderImpl: isCallerClover(OrderBinderImpl.java:3043): Calling process doesn't have appropriate permission
                                                  java.lang.SecurityException: Access denied to package com.mypackage
                                                      at com.clover.engine.authenticator.AccountAuthenticator.checkCallerClover(AccountAuthenticator.java:586)
                                                      at com.clover.engine.order.v3.OrderBinderImpl.isCallerClover(OrderBinderImpl.java:3040)
                                                      at com.clover.engine.order.v3.OrderBinderImpl.updatePayment(OrderBinderImpl.java:2830)
                                                      at com.clover.engine.order.v3.OrderBinderV3_1.updatePayment(OrderBinderV3_1.java:311)
                                                      at com.clover.sdk.v3.order.IOrderServiceV3_1$Stub.onTransact(IOrderServiceV3_1.java:1137)
                                                      at android.os.Binder.execTransact(Binder.java:404)
                                                      at dalvik.system.NativeStart.run(Native Method)

My sandbox app package has all permissions set. Tried re-authenticating using CloverAuth which did not solve it either. What would be the proper way to achieve this?
REST APIPaymentsClover Android SDKAuth
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Mark Mullan avatar image
Mark Mullan Deactivated answered
On the receiving side of OrderConnector#updatePayment, the first thing we do is validate that Clover is calling this method, and to disallow third parties from altering our Payment objects (you can imagine the downstream consequences of why we would want to not allow third parties to mutate our Payments). This is also noted in the SDK method itself: https://github.com/clover/clover-android-sdk/blob/ba1bc1e5ab0c2189108b3c4b6de6c79c4fb6065b/clover-android-sdk/src/main/java/com/clover/sdk/v3/order/OrderV31Connector.java#L608-L619

Our clover-android-sdk is partially autogenerated by Avro, which we use server-side, so I'll be the first to admit that it's unfortunate that OrderConnector#updatePayment is even in the SDK in the first place. Because the SDK is auto-generated by Avro, it makes completely removing these methods from the SDK a very non-trivial task.

The way to set an externalPaymentId on a Payment would be to fire the ACTION_SECURE_PAY intent and passing an EXTRA_EXTERNAL_PAYMENT_ID. https://github.com/clover/clover-android-sdk/blob/ba1bc1e5ab0c2189108b3c4b6de6c79c4fb6065b/clover-android-sdk/src/main/java/com/clover/sdk/v1/Intents.java#L392-L429
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Mark Mullan avatar image
Mark Mullan Deactivated answered
Resolving with the developer in a private thread, and I will post an answer on this thread when we find a solution.
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community