Update StoreKit integration to StoreKit 2

[PickleJesus123]

There is a vulnerability with the way most Godot users are currently using this "inappstore" plugin.

Unlike the Android Billing plugin, there is no way to query_purchases() and find out what the user has purchased/subscribed to when the app starts up. This is due to the plugin using StoreKit 1. From what I've seen, it seems like most Godot game developers using this plugin have the following logic:

func check_events():
	while in_app_store.get_pending_event_count() > 0:
		var event = in_app_store.pop_pending_event()
		if event.type == "purchase":
			if event.result == "ok":
				// save a local variable somewhere that "purchased = true"

Some notes about this:

• For consumable purchases, this is no problem
• For "permanent" purchases, this should mostly work. But if a malicious player buys and then quickly refunds your item, you would have no way of telling. There is no "event fired" in StoreKit 1. To detect refunds, you would need to maintain your own server infrastructure that is constantly in contact with Apple's servers, and your app would have to contact your server to revoke the premium features. I guarantee this is out of scope for most Godot game developers.
• For "auto-renewing subscriptions", being able to read essential information like expiry_date involves maintaining your own server that can decrypt the receipt data. If you want it to detect refunds, renewals, or cancellations, you need to implement the whole App Store Server Api on your server infrastructure. It's a mess.

There is a solution to this however: upgrading the plugin to Apple's new StoreKit 2, which is designed to simplify this whole process. You would be able to simply query active purchases through the Transaction History methods - that's it! Here's a breakdown:

Transactions retrieved through StoreKit 2 include detailed information such as product identifiers, purchase dates, and expiration dates for subscriptions, all in a decoded and easy-to-use format. This information was previously only obtainable by decoding the opaque receipt file.

Developers can access the complete transaction history, which provides the context necessary for supporting features like restoring purchases or verifying the entitlements of a user at any point in time.

StoreKit 2 requires iOS 15+, but it is installed on 99%+ of iOS devices, so there are no compatibility concerns there. Creating a StoreKit 2 branch would make it a lot easier for your average solo developer or small studio to monetize their Godot games.

[Calinou]

• Related to Inappstore plugin support for refund notifications via didRevokeEntitlementsForProductIdentifiers #17.

The iOS plugins need to be updated for Godot 4 first before this can be tackled. We currently lack contributors available to do so.

[dinopanagos]

This has been lacking contributors and is pushing people away from Godot. Is there any way we can all chip in an just pay someone to take care of it. Been over 6 months with no updates or timeline. Godot is amazing and its just going to fade if independent devs cant monetize.

[Calinou]

Is there any way we can all chip in an just pay someone to take care of it.

While you are free to contact a developer and pay them to work on this (or organize your own crowdfunding campaign), we don't use a bounty system. This is something you will have to organize on your own, including finding that developer (likely the hardest part) and ensuring they do their work correctly. There's a lot of risk involved in this process by design.

[djordjije]

I am more than willing to work on the iOS plugins if I can successfully find some information on how to code them. Just give me some time.

[dinopanagos]

almost finished with it ! no worries :)

[djrain]

@dinopanagos hey, did you make any progress on this? If so, would you mind sharing the files?