[OAuth 2.0] Silent authentication

Xsolla Developers

[OAuth 2.0] Silent authentication Client-side

get/oauth2/social/{oauth2_cross_social_provider_name}/cross_auth

Exchanges the user JWT from Steam, Xbox, or Epic Games to the JWT in your project (projectId). To enable silent authentication, use the instruction.

Request

path Parameters

oauth2_cross_social_provider_name

required

string

Name of the platform the user authorized in. Can be steam, xbox, epicgames.

query Parameters

client_id required	integer Your application ID. Get it after creating an OAuth 2.0 client.
response_type required	string Grant type used in your project that has the enabled OAuth 2.0 protocol. Must be `code` to get the user authentication code in the response. The received code must be exchanged to a JWT via the Generate JWT call to finish user authentication.
state required	string Value used for additional user verification. Often used to mitigate CSRF Attacks. The value will be returned in the response. Must be longer than 8 symbols.
redirect_uri	string URL to redirect the user to after account confirmation, successful authentication, or password reset confirmation. To set up this parameter, contact your Customer Success Manager or email to csm@xsolla.com. Notice The parameter is required if you have more than one redirect URI in your project settings.
session_ticket	string Session ticket received from the platform encoded according to the Base64 standard.
scope	string Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. Can be: `email` for Auth via social network or Get link for social auth calls to request an email from the user additionally. `offline` to use `refresh_token` from Generate JWT call to refresh the JWT when it is expired. `playfab` to write SessionTicket to the `session_ticket` claim of the JWT if you store user data at PlayFab. If you process your own values of the `scope` parameter, that are not mentioned above, you can set them when using this call. The Xsolla Login server does not process these values, but returns them in the received JWT.
audience	string Identification parameter of the application the token was issued for. Parameter value will be passed in the `aud` JWT field.
app_id	string Your app ID on the platform. Required if the platform where the user is authorized is Steam.
code	string Code received from the platform.
is_redirect	boolean Default: true Shows how the Xsolla Login server should respond. If you set: `true` value, the Xsolla Login server returns the 302 response code. URL for user redirection with user JWT will be in the `Location` header. `false` value, the Xsolla Login server returns the 200 response code. URL for user redirection with user JWT will be in the response body.
no_user_creation	boolean Default: false Do not create new user if they not exist yet. Existing users will be authorized as usual
deployment_id	string The deployment ID that the client is trying to authenticate with. This will impact interactions with other services that require a deployment. If the deployment is not public, only users who have been entitled will be able to log in. For more information on deployments and deployment IDs see Product, Sandbox, and Deployment IDs. Note: You must use this unique identifier to use the Ecommerce APIs, and to request access tokens used by game clients.

Responses

200

302

Redirection

400

Bad Request

404

Not Found

422

Unprocessable Entity

429

Too Many Requests

Request samples

curl --request GET \
  --url 'https://login.xsolla.com/api/oauth2/social/{oauth2_cross_social_provider_name}/cross_auth?client_id=SOME_INTEGER_VALUE&response_type=SOME_STRING_VALUE&redirect_uri=SOME_STRING_VALUE&state=SOME_STRING_VALUE&session_ticket=SOME_STRING_VALUE&scope=SOME_STRING_VALUE&audience=SOME_STRING_VALUE&app_id=SOME_STRING_VALUE&code=SOME_STRING_VALUE&is_redirect=true&no_user_creation=false&deployment_id=SOME_STRING_VALUE'

Response samples

application/json

{"login_url": "string"
}