Allow me to start from scratch, while I finish implementing the payment process in a new version of Jaxogram (Marketplace). I have many comments.
My profile: Linux, Java and JS. Server is Goog'App Engine.
First step: implementation.
I'm more Java than Python. When I started, I was frighten by yet again the thousands of lines to embed in my code: jsontoken with a json parser, a net/oauth (again), jquery, Finally, JWT is simple, and just a hundred lines suffice to implement what I thought was a beast. My only "bug" was related to RFC signature being Table I or Table II RFC 4648.
In short: we must provide a full Java/JS working example, a simplimistic, stand-alone and working one with no decorations. I plan to send you all what I did: java server side, and JS client side.
Now, about refunding and others.
I currently didn't look at your docs, b/c I want to keep my mind fresh.
Refund is as important as recovering a paid account from a rebooted device, renewal of a subscription, etc. Those are all the same.
As for the 3-legged OAuth, you (Mozilla Pay) are the person my user (Bob) is trusting and privately discussing with, and me (Jaxogram) don't interfere until you tell me Bob's choice. I have no idea of Bob persona, you do.
Me sent you a JWT to call me back when Bob decided 1) to give me money... or 2) not, OR??? 3) that he changed his mind after n minutes, OR??? 4) that he want to access again to my (paid) services after recovering from a disaster, phone change, reboot, etc.
mozPay should register an event listener. Need to think more.