In
this documentation page, Microsoft recommends caching in-app purchase receipt validation certificates retrieved from their servers when performing receipt validation on the back-end. However, i think that some essential information is missing, namely:
- since each certificate is given by an ID specified in the receipt, how many certificates should we expect to exist? Would their cumulative size be prohibitive for in-memory caching only?
- cache invalidation: there doesn't seem to be any way to figure out if a certificate has been retired or has expired besides re-downloading the entire certificate, which then defeats the purpose of caching; can we thus expect that each certificate will always
stay the same for all practical purposes, so once it's cached it never needs to be re-downloaded from MS servers?
I'd greatly appreciate if someone from Microsoft could officially clarify these aspects, otherwise caching seems to risky to use when validating those paid receipts.
