PlayFab storage

If you use a PlayFab storage, you have access to the following features:

Note
You can use the PlayFab methods for sending additional emails to users.

Interaction flow

You can use the login widget or your application as a client. The interaction flow between the client and the Xsolla Login server is the following:

  1. The client sends requests to the Xsolla Login server. The requests format is described in JWT, OAuth 2.0, and Password endpoints.
  2. The Xsolla Login server sends requests to PlayFab.
  3. The Xsolla Login server processes a response from PlayFab and returns results to the client.
  4. The client processes the response.

User registration in PlayFab

User registration follows this flow. You can set up the account confirmation email that your users get to complete their registration.

User registration flow

  1. The client sends the Register new user request to the Xsolla Login server.
  2. The Xsolla Login server sends a registration request.
  3. User data is written to the Xsolla database.
  4. The Xsolla Login server sends the request to change data in PlayFab.
  5. If you set up the account confirmation:
    1. When you use the API calls for integrating the solution, registration is finished.
    2. If you use the Login widget for integrating the solution, the user is redirected to a page with the following message: The account confirmation email is sent to {email address}.
    If you do not set up account confirmation, the user automatically logs in after registration.

User account confirmation in PlayFab

To set up sending the account confirmation email, complete the following steps:

  1. Follow the instruction to set up your project in PlayFab.
  2. Make sure you have completed the Create an email template and Create a rule to send an email when a contact email is updated steps from the Requirements module.
  3. Contact your Account Manager.

Note
The user who signed up to the project that uses PlayFab can log in without confirming their email address.

Authentication via user email address and password

There are two types of authentication via user email address and password — JWT standard-based and OAuth 2.0 protocol-based authentication.

Note
If there is no user data in the Xsolla storage:
  1. The user data is written there.
  2. The Xsolla Login server sends the request to change data in PlayFab.

JWT standard-based authentication flow

  1. The client sends the Auth by username and password request to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket value from the response to the PlayFab request is written to the session_ticket claim.
    • The EntityToken values from the response to the PlayFab request is written to the entity_token, entity_id, entity_type claims.
  4. The user is redirected to login_url with a query parameter token. A user JWT is written to the token parameter.

OAuth 2.0 protocol-based authentication flow

  1. The client sends the Auth by username and password request with the redirect_uri parameter to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The Xsolla Login server returns login_url with code in a query parameter and passed redirect_uri.
  4. The user is redirected to redirect_uri with a query parameter code.
  5. The client sends the Generate JWT request to the Xsolla Login server to exchange the received code for a user JWT.
  6. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket value from the response to the PlayFab request is written to the session_ticket claim if you passed scope=playfab to the Auth by username and password request.
    • The EntityToken values from the response to the PlayFab request is written to the entity_token, entity_id, entity_type claims.

Authentication via Twitch

You should set up a social network in PlayFab to authenticate users via Twitch. There are two types of authentication via Twitch — JWT standard-based and OAuth 2.0 protocol-based authentication.

Note
If the user record in PlayFab is linked to the Twitch account, it is considered to be a one account.

JWT standard-based authentication flow

  1. The client sends the Auth via social network request to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The user data is written to the Xsolla database.
  4. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket value from the response to the PlayFab request is written to the session_ticket claim.
    • The EntityToken values from the response to the PlayFab request is written to the entity_token, entity_id, entity_type claims.
  5. The user is redirected to login_url with a query parameter token. A user JWT is written to the token parameter.

OAuth 2.0 protocol-based authentication flow

  1. The client sends the Auth via social network request with the redirect_uri parameter to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The user data is written to the Xsolla database.
  4. The Xsolla Login server sends the request to change data in PlayFab.
  5. The user is redirected to redirect_uri with a query parameter code.
  6. The client sends the Generate JWT request to the Xsolla Login server to exchange the received code for a user JWT.
  7. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket value from the response to the PlayFab request is written to the session_ticket claim if you passed scope=playfab to the Twitch authentication request.
    • The EntityToken values from the response to the PlayFab request is written to the entity_token, entity_id, entity_type claims.

Set up Twitch authentication

  1. Create your Twitch account and get Twitch Client ID.
  2. Open your project in Publisher Account.
  3. Click Login in the side menu and go to Login projects > your Login project > Social connections.
  4. Connect Twitch.tv by entering Twitch Client ID to the Application ID field.
  5. Follow the instruction to set up Twitch in a PlayFab account.
  6. If you integrated Xsolla Login via the API calls:
    1. Get the link for authentication via Twitch. Use the social authentication call for it (JWT or OAuth 2.0).
    2. Place the received link in your UI.

User password reset

The user password reset flow is the following:

  1. The client sends the Reset password request to the Xsolla Login server.
  2. The Xsolla Login server sends the password reset request to PlayFab.
  3. The updated password is written to PlayFab.

Blocking user

You can block users via Publisher Account. Blocked users cannot authenticate. The blocking will be recorded and saved on the Xsolla side only.

Was this article helpful?
Thank you!
Is there anything we can improve? Message
We're sorry to hear that
Please explain why this article wasn't helpful to you. Message
Thank you for your feedback!
We'll review your message and use it to help us improve your experience.
Rate this page
Rate this page
Is there anything we can improve?

Don't want to answer

Thank you for your feedback!

Continue reading

Last updated: June 9, 2021

Found a typo or other text error? Select the text and press Ctrl+Enter.

Report a problem
We always review our content. Your feedback helps us improve it.
Provide an email so we can follow up
Thank you for your feedback!