Silent authentication
How it works
Silent authentication allows you to automatically authenticate users in Login via a publishing platform (Xbox, Steam, Stone, and Mail.ru).
Interaction flow:
- User launches the game.
- Your game receives the platform authentication data via an SDK.
- Your game forms a request and sends it to the Xsolla Login server to get a JWT.
- The Xsolla Login server authenticates a user and sends a JWT.
You can collect user emails during silent authentication as well as during social authentication. Use the Collecting emails during social authentication instruction to set it up.
Who can use it
Partners who have already integrated Login and have a publishing platform account.
How to get it
To set up silent authentication in Login:
- Set up silent authentication in Publisher Account.
- Choose the platform the game is published in and follow the instructions.
Setting up silent authentication
- Go to Publisher Account > your Login project > Social connections > Authentication via publishing platforms.
- Choose the publishing platform and click Connect/Edit.
- In the modal window set up parameters for the respective platform:
- Steam:
- Application ID — your app ID (AppID)
- Application Secret — Web API Key
- Stone:
- Application ID — your app ID (Stoneport ID)
- Application Secret — secret key (Stoneport Keys)
- Mail.ru:
- Application ID — your app ID (GMRID)
- Application Secret — secret key (you can find it in Mail.ru Developer profile on the
System characteristics tab >Secret for api.games.mail/gc.mail.ru )
- Steam:
- Click Connect.
Xbox
- Form a session ticket (session_ticket parameter) based on the platform data after user authentication. The parameter is formed based on the
<xid>-<uhs>;<XSTSToken> template where:<xid> — Xbox User ID ;<uhs> — user hash ;<XSTSToken> — Xbox Secure Token Service .
- Pass the session_ticket parameter to the silent authentication request (JWT or OAuth 2.0).
Steam
Form a session ticket (session_ticket parameter) based on the platform data after user authentication:
- Get the session ticket.
- Pass it to the silent authentication request (JWT or OAuth 2.0) as a session_ticket parameter.
Stone
The session_ticket and area_id parameters are received from a platform after user authentication. Pass these parameters to the
- http
GET /api/social/stone/cross_auth?projectId=<project_id>&session_ticket=<session_ticket>&area_id=<area_id>&app_id=<app_id>&login_url=<login_url> HTTP/1.1
Host: login.xsolla.com
Mail.ru
The
- http
GET /api/social/mailru/cross_auth?projectId=<project_id>&uid=<user_id>&hash=<ticket>&fields=email&login_url=<login_url> HTTP/1.1
Host: login.xsolla.com