Silent authentication

How it works

Silent authentication allows you to automatically authenticate users in Login via a publishing platform (Xbox, Steam, Stone, and Mail.ru).

Interaction flow:

  1. User launches the game.
  2. Your game receives the platform authentication data via an SDK.
  3. Your game forms a request and sends it to the Xsolla Login server to get a JWT.
  4. The Xsolla Login server authenticates a user and sends a JWT.

Note:
If you integrated Xsolla Launcher, use the recipe to authenticate users via platforms.

You can collect user emails during silent authentication as well as during social authentication. Use the Collecting emails during social authentication instruction to set it up.

Who can use it

Partners who have already integrated Login and have a publishing platform account.

How to get it

To set up silent authentication in Login:

  1. Set up silent authentication in Publisher Account.
  2. Choose the platform the game is published in and follow the instructions.

Setting up silent authentication

  1. Go to Publisher Account > your Login project > Social connections > Authentication via publishing platforms.
  2. Choose the publishing platform and click Connect/Edit.
  3. In the modal window set up parameters for the respective platform:
    • Steam:
      1. Application ID — your app ID (AppID)
      2. Application Secret — Web API Key
    • Stone:
      1. Application ID — your app ID (Stoneport ID)
      2. Application Secret — secret key (Stoneport Keys)
    • Mail.ru:
      1. Application ID — your app ID (GMRID)
      2. Application Secret — secret key (you can find it in Mail.ru Developer profile on the System characteristics tab > Secret for api.games.mail/gc.mail.ru)
  4. Click Connect.

Note:
You do not need to enter parameter values for Xbox.

Xbox

  1. Form a session ticket (session_ticket parameter) based on the platform data after user authentication. The parameter is formed based on the <xid>-<uhs>;<XSTSToken> template where:
    • <xid> — Xbox User ID;
    • <uhs> — user hash;
    • <XSTSToken> — Xbox Secure Token Service.
  2. Pass the session_ticket parameter to the silent authentication request (JWT or OAuth 2.0).

Steam

Form a session ticket (session_ticket parameter) based on the platform data after user authentication:

  1. Get the session ticket.
  2. Pass it to the silent authentication request (JWT or OAuth 2.0) as a session_ticket parameter.

Stone

The session_ticket and area_id parameters are received from a platform after user authentication. Pass these parameters to the Silent authentication request:

Copy
Full screen
Small screen
GET /api/social/stone/cross_auth?projectId=<project_id>&session_ticket=<session_ticket>&area_id=<area_id>&app_id=<app_id>&login_url=<login_url> HTTP/1.1
Host: login.xsolla.com

Mail.ru

The uid and hash parameters (user ID and a session ticket analog, accordingly) are received from a platform after user authentication. Pass these parameters to the Silent authentication request:

Copy
Full screen
Small screen
GET /api/social/mailru/cross_auth?projectId=<project_id>&uid=<user_id>&hash=<ticket>&fields=email&login_url=<login_url> HTTP/1.1
Host: login.xsolla.com