feat(iapkit): route Horizon verification through IAPKit — no Horizon key on the device

[hyochan]

Summary

Lets clients use `verifyPurchaseWithIapkit` for Meta Horizon the same way they already use it for Google — with just the IAPKit Bearer API key. The Meta App Secret stays on the IAPKit server (stored per project) and the server composes `OC|APP_ID|APP_SECRET` per request, so no Horizon credential ever lives on the device.

Pairs with hyodotdev/openiap-kit#3 which adds the matching server-side `verify_entitlement` path on the IAPKit backend.

Changes

GraphQL schema

`packages/gql/src/type.graphql`:

• New input `RequestVerifyPurchaseWithIapkitHorizonProps { userId, sku }`.
• Extend `RequestVerifyPurchaseWithIapkitProps` with an optional `horizon` field — apple / google / horizon now sit alongside each other.

Regenerated types (unedited)

`bun run generate` regenerated target types so every wrapper gets the new shape automatically:

• TypeScript — `react-native-iap/src/types.ts`, `expo-iap/src/types.ts`, `gql/src/generated/types.ts`
• Kotlin — `google/.../Types.kt`, `kmp-iap/.../Types.kt`, `gql/src/generated/Types.kt`
• Swift — `apple/Sources/Models/Types.swift`, `gql/src/generated/Types.swift`
• Dart — `flutter/lib/types.dart`, `gql/src/generated/types.dart`
• Godot — `godot-iap/.../types.gd`, `gql/src/generated/types.gd`

Android validator

`packages/google/openiap/src/main/java/dev/hyo/openiap/utils/PurchaseVerificationValidator.kt`:

• `verifyPurchaseWithIapkit` routes on whichever platform block is populated: `horizon` first (Quest flavor), then `google` (Play). Clearer error when neither is set.
• New `buildHorizonPayload` — mirrors `buildGooglePayload`, returns `{ store: "horizon", userId, sku }`. Validates nonempty inputs before the HTTP call.
• Removes the old "Horizon verification requires direct S2S API calls to Meta (not yet supported)" comment.

Call site (consumer view)

```kotlin
val result = verifyPurchaseWithIapkit(
RequestVerifyPurchaseWithIapkitProps(
apiKey = "openiap-kit_…", // only credential needed on the device
horizon = RequestVerifyPurchaseWithIapkitHorizonProps(
userId = currentOculusUser.id,
sku = "coin_pack_100"
),
),
tag = TAG,
)
```

Behind the scenes IAPKit reads the project's stored App ID + App Secret, builds the Meta access token, calls `graph.oculus.com/{APP_ID}/verify_entitlement`, and returns a harmonized `{ isValid, state }`.

Test plan

• `./gradlew :openiap:compileHorizonDebugKotlin` — build success
• `./gradlew :openiap:compilePlayDebugKotlin` — build success (no regression)
• Types regenerate cleanly (`bun run generate` idempotent — diff matches what's committed)
• Wire a sandbox Quest app to `verifyPurchaseWithIapkit` with only an IAPKit API key after the matching IAPKit server PR merges.

Related

• IAPKit server PR: hyodotdev/openiap-kit#3

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features
  • Added Meta Horizon purchase verification support, enabling entitlement verification for Quest devices. Users can now verify purchases across Apple, Google, and Meta Horizon platforms.

[coderabbitai]

Warning

Rate limit exceeded

@hyochan has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 48 minutes and 14 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 48 minutes and 14 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6ba0b9c5-9c73-41ea-b102-43c89860ab90

📥 Commits

Reviewing files that changed from the base of the PR and between f0de553 and 4616640.

⛔ Files ignored due to path filters (5)

• packages/gql/src/generated/Types.kt is excluded by !**/generated/**
• packages/gql/src/generated/Types.swift is excluded by !**/generated/**
• packages/gql/src/generated/types.dart is excluded by !**/generated/**
• packages/gql/src/generated/types.gd is excluded by !**/generated/**
• packages/gql/src/generated/types.ts is excluded by !**/generated/**

📒 Files selected for processing (11)

• libraries/expo-iap/src/types.ts
• libraries/flutter_inapp_purchase/lib/types.dart
• libraries/godot-iap/addons/godot-iap/types.gd
• libraries/kmp-iap/library/src/commonMain/kotlin/io/github/hyochan/kmpiap/openiap/Types.kt
• libraries/react-native-iap/src/types.ts
• packages/apple/Sources/Models/Types.swift
• packages/google/openiap/src/horizon/java/dev/hyo/openiap/OpenIapModule.kt
• packages/google/openiap/src/horizon/java/dev/hyo/openiap/utils/PurchaseVerificationValidatorHorizon.kt
• packages/google/openiap/src/main/java/dev/hyo/openiap/Types.kt
• packages/google/openiap/src/main/java/dev/hyo/openiap/utils/PurchaseVerificationValidator.kt
• packages/gql/src/type.graphql

📝 Walkthrough

Walkthrough

This PR adds Meta Horizon entitlement verification support across multiple SDK platforms by introducing a new RequestVerifyPurchaseWithIapkitHorizonProps type containing sku and userId fields, and extending RequestVerifyPurchaseWithIapkitProps to include an optional horizon field across TypeScript, Flutter, Godot, Kotlin, Swift, and GraphQL type systems.

Changes

Cohort / File(s)	Summary
TypeScript Types libraries/expo-iap/src/types.ts, libraries/react-native-iap/src/types.ts	Added RequestVerifyPurchaseWithIapkitHorizonProps interface with sku and userId; extended RequestVerifyPurchaseWithIapkitProps with optional horizon field and updated documentation for Meta Horizon verification.
Dart Types libraries/flutter_inapp_purchase/lib/types.dart	Added RequestVerifyPurchaseWithIapkitHorizonProps class with serialization support; extended RequestVerifyPurchaseWithIapkitProps with optional horizon field and updated fromJson/toJson methods.
GDScript Types libraries/godot-iap/addons/godot-iap/types.gd	Added RequestVerifyPurchaseWithIapkitHorizonProps class with from_dict/to_dict serialization; updated RequestVerifyPurchaseWithIapkitProps to include optional horizon field with conditional parsing/serialization.
Kotlin Types (KMP) libraries/kmp-iap/library/src/commonMain/kotlin/io/github/hyochan/kmpiap/openiap/Types.kt	Added RequestVerifyPurchaseWithIapkitHorizonProps data class with JSON serialization; extended RequestVerifyPurchaseWithIapkitProps with nullable horizon property and updated fromJson/toJson methods.
Swift Types packages/apple/Sources/Models/Types.swift	Added RequestVerifyPurchaseWithIapkitHorizonProps struct with sku and userId properties; extended RequestVerifyPurchaseWithIapkitProps with optional horizon field and updated initializer.
Java Types packages/google/openiap/src/main/java/dev/hyo/openiap/Types.kt	Added RequestVerifyPurchaseWithIapkitHorizonProps data class with JSON serialization; extended RequestVerifyPurchaseWithIapkitProps with nullable horizon parameter and updated JSON parsing/serialization.
Purchase Verification Logic packages/google/openiap/src/main/java/dev/hyo/openiap/utils/PurchaseVerificationValidator.kt	Updated verifyPurchaseWithIapkit to dynamically select IAPKit store and payload based on props.horizon vs props.google; added buildHorizonPayload helper to validate and construct Horizon-specific request body.
GraphQL Schema packages/gql/src/type.graphql	Added RequestVerifyPurchaseWithIapkitHorizonProps input type with userId and sku fields; extended RequestVerifyPurchaseWithIapkitProps to include optional horizon field.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• refactor: update verifyPurchase to support platform-specific options #53: Adds the same RequestVerifyPurchaseWithIapkitHorizonProps type and horizon field across verification types, extending purchase verification to handle Horizon-specific payloads.
• feat: deprecate platform field and ios/android props #49: Introduces Meta Horizon support to IAPKit verification with parallel type extensions and payload handling.
• feat: verify purchase with provider #46: Establishes the foundational IAPKit verification types that this PR extends with Horizon platform support.

Suggested labels

🎯 feature, ❄️ types, 🤖 android, cross-platform, flutter_inapp_purchase, react-native-iap, expo-iap, kmp-iap

Poem

🐰 Across the lands of code so bright,
Quest hopping through the starry night,
Horizon's verified with care so true—
New types in every language through and through!
From Dart to Swift, from Kotlin's gleam,
One feature powers every team! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 14.29% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding Meta Horizon verification support through IAPKit without requiring a Horizon key on the device. This aligns directly with the PR's primary objective of routing Horizon verification through IAPKit server-side.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/iapkit-horizon-verification

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request implements Meta Horizon (Quest) verification support across the monorepo. It adds the RequestVerifyPurchaseWithIapkitHorizonProps input type to the GraphQL schema and updates the corresponding platform-specific types and Android verification logic. A review comment correctly suggests using idiomatic immutable maps in Kotlin. Crucially, most changes in this PR affect auto-generated files which, according to the style guide, should not be edited manually; instead, the GraphQL schema should be updated and the sync scripts executed to propagate changes.

[gemini-code-assist]

Using mutableMapOf is unnecessary here as the map is not modified after creation. mapOf is more idiomatic for creating immutable maps in Kotlin. Additionally, the explicit type arguments <String, Any?> can be omitted as they are inferred from the context.

Suggested change

	return mutableMapOf<String, Any?>(
	"store" to IapStore.Horizon.rawValue,
	"userId" to horizon.userId,
	"sku" to horizon.sku
	)
	return mapOf(
	"store" to IapStore.Horizon.rawValue,
	"userId" to horizon.userId,
	"sku" to horizon.sku
	)

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

libraries/flutter_inapp_purchase/lib/types.dart (1)

4453-4479: ⚠️ Potential issue | 🟠 Major

Wire horizon into the verifyPurchaseWithProvider serializer.

RequestVerifyPurchaseWithIapkitProps includes an optional horizon field, but the manual serializer in verifyPurchaseWithProvider() only forwards apiKey, apple, and google to the native layer. Callers providing Horizon verification parameters via iapkit.horizon will have that data silently dropped.

Proposed fix

               if (iapkit != null) {
                 args['iapkit'] = {
                   if (iapkit.apiKey != null) 'apiKey': iapkit.apiKey,
                   if (iapkit.apple != null) 'apple': {'jws': iapkit.apple!.jws},
                   if (iapkit.google != null)
                     'google': {'purchaseToken': iapkit.google!.purchaseToken},
+                  if (iapkit.horizon != null)
+                    'horizon': {
+                      'userId': iapkit.horizon!.userId,
+                      'sku': iapkit.horizon!.sku,
+                    },
                 };
               }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@libraries/flutter_inapp_purchase/lib/types.dart` around lines 4453 - 4479,
The verifyPurchaseWithProvider serializer is dropping the
RequestVerifyPurchaseWithIapkitProps.horizon field; update the payload
construction inside verifyPurchaseWithProvider to include the horizon property
alongside apiKey, apple, and google so Horizon (Quest) verification params are
forwarded to the native layer, referencing
RequestVerifyPurchaseWithIapkitProps.horizon and the verifyPurchaseWithProvider
function when making the change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@libraries/flutter_inapp_purchase/lib/types.dart`:
- Around line 4453-4479: The verifyPurchaseWithProvider serializer is dropping
the RequestVerifyPurchaseWithIapkitProps.horizon field; update the payload
construction inside verifyPurchaseWithProvider to include the horizon property
alongside apiKey, apple, and google so Horizon (Quest) verification params are
forwarded to the native layer, referencing
RequestVerifyPurchaseWithIapkitProps.horizon and the verifyPurchaseWithProvider
function when making the change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 87eb7c27-d9f8-4eb5-82da-e8f5cc195e1a

📥 Commits

Reviewing files that changed from the base of the PR and between 1587d36 and f0de553.

⛔ Files ignored due to path filters (5)

• packages/gql/src/generated/Types.kt is excluded by !**/generated/**
• packages/gql/src/generated/Types.swift is excluded by !**/generated/**
• packages/gql/src/generated/types.dart is excluded by !**/generated/**
• packages/gql/src/generated/types.gd is excluded by !**/generated/**
• packages/gql/src/generated/types.ts is excluded by !**/generated/**

📒 Files selected for processing (9)

• libraries/expo-iap/src/types.ts
• libraries/flutter_inapp_purchase/lib/types.dart
• libraries/godot-iap/addons/godot-iap/types.gd
• libraries/kmp-iap/library/src/commonMain/kotlin/io/github/hyochan/kmpiap/openiap/Types.kt
• libraries/react-native-iap/src/types.ts
• packages/apple/Sources/Models/Types.swift
• packages/google/openiap/src/main/java/dev/hyo/openiap/Types.kt
• packages/google/openiap/src/main/java/dev/hyo/openiap/utils/PurchaseVerificationValidator.kt
• packages/gql/src/type.graphql

[hyochan]

Closing — the IAPKit server (https://github.com/hyodotdev/openiap-kit/pull/3) already accepts {store:"horizon", userId, sku} over REST, so a Quest app can call https://kit.openiap.dev/api/v1/purchase/verify directly with just the IAPKit Bearer API key. Wrapping that in the SDK would require a GraphQL schema change + codegen across 5 targets + flavor-specific file placement — not worth the cost when the existing direct-to-Meta path in horizon flavor's verifyPurchase already works and folks who want IAPKit can POST to it themselves.