appAppleId is required for verification in production environment but it's easy to miss

[shimastripe]

WHY

• appAppleId is nil in readme sample code.

// try! used for example purposes only
let verifier = try! SignedDataVerifier(rootCertificates: appleRootCAs, bundleId: bundleId, appAppleId: nil, environment: environment, enableOnlineChecks: enableOnlineChecks)

• This code works fine in the sandbox environment, but not in the production environment.
  • Because SignedDataVerifier is checked appAppleId in production environment.

• app-store-server-library-swift/Sources/AppStoreServerLibrary/SignedDataVerifier.swift

  Lines 73 to 74 in 8fb4668

  	if self.bundleId != bundleId || (self.environment == .production && self.appAppleId != appAppleId) {
  	return VerificationResult.invalid(VerificationError.INVALID_APP_IDENTIFIER)

• It's easy to miss, so it is better to include some measures.

How

• Add a comment to sample code
• Print warning logs if appAppleId is nil
• Create a function to check the production configuration

What do you think? I would be happy to receive your comments.

Thanks!

[alexanderjordanbaker]

@shimastripe
That is a good suggestion, I will plan on

1. Adding a comment to the READMEs
2. Throwing an error in the constructor if appAppleId is null/nil/undefined and the environment is Production

[shimastripe]

Thanks @alexanderjordanbaker ! I create a PR #35 .
Is this the way you would like to do it?

[alexanderjordanbaker]

Resolved in #35