Custom storage
If you use custom storage, you have access to:
- user registration
- authentication via username and password
- passwordless authentication via phone number
- authentication via social networks
- user password reset
Interaction flow
You can use the login widget or your application, that uses Login API calls, as a client. The interaction flow between the client and the Xsolla Login server is the following:
- The client sends requests to the Xsolla Login server. The requests format is described in JWT and Password endpoints.
- The Xsolla Login server sends requests to your server. Follow the instruction to validate the requests.
- The Xsolla Login server processes a response from your server and returns the result to the client.
- The client processes the response.
As a response to a server request, you can get information about the user in the form of a structure:
Parameter | Type | Description |
---|---|---|
attr_type | string | Definition of user’s access level to service attributes:
|
key | string | The name of the attribute that is used to identify the user’s attribute. Must be unique for each user. Maximum length: 256 symbols. You can use numbers, Latin letters, hyphens, and underscores. |
permission | string or null | The type of access to the user’s attributes affects the list of attributes returned by the methods:
Possible values: public , private (default). |
value | string | The value of the user’s attribute. Maximum length: 256 symbols. |
User registration
- The client sends the
Register new user request to the Xsolla Login server. - The Xsolla Login server sends a request to the New user URL. The response must be in the format described in this instruction. In the response, you can specify a list of user attributes.
New user URL response example:
- http
- curl
POST https://your.hostname/your_registration_uri HTTP/1.1
Authorization: Bearer {JWT}
Content-Type: application/json
{
"email": "john@gmail.com",
"password": "123456"
}
curl --request POST \
--url 'https://your.hostname/your_registration_uri' \
--header 'authorization: bearer_JWT' \
--header 'content-type: application/json' \
--data '{"email":"john@gmail.com","password":"123456"}'
Response example:
{
"attributes": [
{
"attr_type": "server",
"key": "company",
"permission": "private",
"value": "facebook-promo"
},
{
"attr_type": "server",
"key": "custom-id",
"permission": "private",
"value": 48582
}
]
}
- User data is written to the Xsolla database while the
email
is flagged as unconfirmed. The user will receive an account confirmation email. - If you have integrated the Login Widget, the user will be redirected to the page with the following message: Please confirm your account following the instructions we sent to {email}.
Authentication via username and password
- The client sends the
Auth by username and password request to the Xsolla Login server. - The Xsolla Login server sends a request to the User verification URL. The response must be in the format described in this instruction.
New user URL response example:
- http
- curl
POST https://your.hostname/your_authentication_uri HTTP/1.1
Authorization: Bearer {JWT}
Content-Type: application/json
{
"email": "john@gmail.com",
"password": "123456"
}
curl --request POST \
--url 'https://your.hostname/your_authentication_uri' \
--header 'authorization: bearer_JWT' \
--header 'content-type: application/json' \
--data '{"email":"john@gmail.com","password":"123456"}'
Response example:
{
"attributes": [
{
"attr_type": "server",
"key": "company",
"permission": "private",
"value": "facebook-promo"
},
{
"attr_type": "server",
"key": "custom-id",
"permission": "private",
"value": 48582
}
]
}
- The Xsolla Login server generates a user JWT.
- The user is redirected to the
login_url
with atoken
query parameter. Thetoken
parameter contains the user JWT.
Passwordless authentication via phone number
- The client opens an authentication form so the user can enter their phone number.
- The user enters their phone number.
- The client sends the
Start auth by phone number request to the Xsolla Login server. - The client shows a field so the user can fill in the verification code.
- The user enters the received verification code.
- The client sends the
Complete auth by phone number request to the Xsolla Login server. - If it is the first user authorization, the Xsolla Login server sends a request to the Passwordless login with phone URL. The response must be in the format described in this instruction.
New user URL response example:
- http
- curl
POST https://your.hostname/your_phone_authentication_uri HTTP/1.1
Authorization: Bearer {JWT}
Content-Type: application/json
{
"login": "+12025550140",
"type": "phone"
}
curl --request POST \
--url 'https://your.hostname/your_phone_authentication_uri' \
--header 'authorization: bearer_JWT' \
--header 'content-type: application/json' \
--data '{"login":"+12025550140","type":"phone"}'
Response example:
{
"attributes": [
{
"attr_type": "server",
"key": "company",
"permission": "private",
"value": "facebook-promo"
},
{
"attr_type": "server",
"key": "custom-id",
"permission": "private",
"value": 48582
}
]
}
Authentication via social networks
To get user data when authenticating via social networks, specify Social Login URL in the settings of your Login project in Publisher Account (section User database > Storage > Custom storage). A request with data received from the social network is sent to this URL.
Authentication flow:
- The client sends the
Auth via social network request to the Xsolla Login server. - The user logs into a social network.
- The Xsolla Login server processes the user data received from the social network and sends a request to Social Login URL. The response must be in the format described in the instruction.
The request contains data in the temporary token in the Authorization: Bearer <JWT>
header. The user JWT passed in the request contains the following data:
Claim | Type | Description |
---|---|---|
exp | Unix Timestamp | The date and time of the JWT expiry. The JWT lifetime is 7 minutes. Required. |
iat | Unix Timestamp | The date and time JWT is issued. Required. |
iss | string | The service that signed the JWT: https://login.xsolla.com . Required. |
request_type | string | Constant: gateway_request . Required. |
xsolla_login_project_id | string (UUID) | Your Login project ID in Publisher Account. Required. |
string | User email address. | |
sub | string (UUID) | User ID written on the Xsolla Login server side. Required. |
username | string | Username. |
provider | string | Name of a social network used for authentication. Required. |
id | string | User ID in a social network. Required. |
Example of a token payload:
- json
{
"exp": 1573635020,
"iat": 1573634600,
"iss": "https://login.xsolla.com",
"request_type": "gateway_request",
"xsolla_login_project_id": "00000000-0000-0000-0000-000000000000",
"sub": "00000000-0000-0000-0000-000000000000",
"email": "example@test.com",
"username": "Smith707",
"provider": "google",
"id": "123",
}
New user URL response example:
- http
- curl
POST https://your.hostname/your_social_authentication_uri HTTP/1.1
Authorization: Bearer {JWT}
Content-Type: application/json
{}
curl --request POST \
--url 'https://your.hostname/your_social_authentication_uri' \
--header 'authorization: bearer_JWT' \
--header 'content-type: application/json'
Response example:
{
"attributes": [
{
"attr_type": "server",
"key": "company",
"permission": "private",
"value": "facebook-promo"
},
{
"attr_type": "server",
"key": "custom-id",
"permission": "private",
"value": 48582
}
]
}
User password reset
- The client sends the
Reset password request to the Xsolla Login Server. - The Xsolla Login server sends the user a password reset confirmation email.
- After confirming password reset in the email, the user is redirected to the page where they can enter a new password.
- The user enters a new password.
- The Xsolla Login server sends a request to the Password reset URL. The response must have the format described in this instruction.
New user URL response example:
- http
- curl
POST https://your.hostname/your_reset_uri HTTP/1.1
Authorization: Bearer {JWT}
Content-Type: application/json
{
"username": "john@gmail.com",
"fields": {
"password": "NewPa$$word1"
}
}
curl --request POST \
--url 'https://your.hostname/your_reset_uri' \
--header 'authorization: bearer_JWT' \
--header 'content-type: application/json' \
--data '{"email":"john@gmail.com","fields":{"password":"NewPa$$word1"}}'
Was this article helpful?
Rate this page
Don’t want to answer
Thank you for your feedback!
Continue reading
Useful links
How to connect custom storageFound a typo or other text error? Select the text and press Ctrl+Enter.