How to Save In App Purchase state in Keychain

Question

Inside my app the user can purchase a non-consumable product. My problem right now is that I don't quite know how to store the information correctly wether or not a user has bought the product or not. I read the User Defaults is not the most secure way, so I tried it with Keychain. For that I am using this helper lib.

Now this is how I tried implementing it:

keychain["isPremium"] = "true"             // set the state
let token = try? keychain.get("isPremium") // get the state to check if it worked
print(token as Any) 

This is printing "true". However if I logout the user, and login with another account and I only call this:

let token = try? keychain.get("isPremium") 

it still prints out "true" even though the second user hasn't purchased the item. How can I store the state of the IAP in my app then ?

Answer 1

This entirely depends on your application logic, the Keychain is working as expected: you save something to it, then read it out again (unchanged). The Keychain has no way of knowing what other kinds of logic is taking place in your app.

That said, you could do something simple like just storing each user's unlock state with a different key in the Keychain, based off some kind of user identifier.

// holds the current logged in user ID
// this needs to be persisted across the user's session,
// so store this somewhere like UserDefaults or the Keychain 
// (depending on your app's security model)
//
// I just use a simple variable for this example
var currentUserID = ""

// user 1 logs in, set:
currentUserID = "user1_"

keychain[currentUserID + "isPremium"] = "true"   
let token = try? keychain.get(currentUserID + "isPremium")
print(token as Any) 

// user 2 logs in, set:
currentUserID = "user2_"

keychain[currentUserID + "isPremium"] = "true"
let token = try? keychain.get(currentUserID + "isPremium")
print(token as Any)