Exchanges the user JWT from Steam, Xbox, or Epic Games to the JWT in your project (projectId
).
To enable silent authentication, use the instruction.
client_id required | integer Your application ID. Get it after creating an OAuth 2.0 client. |
response_type required | string Grant type used in your project that has the enabled OAuth 2.0 protocol. Must be |
state required | string Value used for additional user verification. Often used to mitigate CSRF Attacks. The value will be returned in the response. Must be longer than 8 symbols. |
redirect_uri | string URL to redirect the user to after account confirmation, successful authentication, or password reset confirmation. To set up this parameter, contact your Account Manager. Notice
The parameter is required if you have more than one redirect URI in your project settings. |
app_id | string Your app ID in the platform. |
scope | string Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. Can be:
If you process your own values of the |
audience | string The "aud" (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the "aud" claim when this claim is present, then the JWT MUST be rejected. In the general case, the "aud" value is an array of case- sensitive strings, each containing a StringOrURI value. In the special case when the JWT has one audience, the "aud" value MAY be a single case-sensitive string containing a StringOrURI value. The interpretation of audience values is generally application specific. Use of this claim is OPTIONAL. |
session_ticket | string Session ticket received from the platform. |
code | string Code received from the platform. |
is_redirect | boolean Default: true Shows how the Xsolla Login server should respond. If you set:
|
OK
Redirection
Bad Request
Not Found
Unprocessable Entity
Too Many Requests
{- "login_url": "string"
}