PlayFab storage

If you use PlayFab storage, you have access to:

Note
You can use the PlayFab methods to send newsletters to users, for example, about promotions or updates.

Interaction flow

You can use the Login widget or your application as a client. The interaction flow between the client and the Xsolla Login server is the following:

  1. The client sends requests to the Xsolla Login server. The requests format is described in JWT, OAuth 2.0, and Password endpoints.
  2. The Xsolla Login server sends requests to PlayFab.
  3. The Xsolla Login server processes a response from PlayFab and returns results to the client.
  4. The client processes the response.

User registration in PlayFab

User registration follows this flow. You can set up the account confirmation email that your users get to complete their registration.

User registration flow

  1. The client sends the Register new user request to the Xsolla Login server.
  2. The Xsolla Login server sends a registration request.
  3. User data is written to the Xsolla database.
  4. The Xsolla Login server sends a request to PlayFab to change user data.
  5. If you have set up account confirmation:
    • When you use the Login API calls for integrating the solution, registration is considered complete.
    • When you use the Login widget for integrating the solution, the user is redirected to a page with the following message: The account confirmation email is sent to {email address}.
    If you have not set up account confirmation, the user is automatically logged in after registration.

User account confirmation in PlayFab

To set up sending the account confirmation email, complete the following steps:
  1. Follow the instruction to set up your project in PlayFab.
  2. Make sure you have completed the Create an email template and Create a rule to send an email when a contact email is updated steps from the Requirements module.
  3. Contact your Customer Success Manager or email to csm@xsolla.com.
Note
The user who signed up to the project that uses PlayFab can log in without confirming their email address.

Authentication via user email address and password

There are two types of authentication via user email address and password: JWT standard-based authentication and OAuth 2.0 protocol-based authentication.

Note
If there is no user data in the Xsolla storage:
  • The user data is written there.
  • The Xsolla Login server sends the request to change data in PlayFab.

JWT standard-based authentication flow

  1. The client sends the Auth by username and password request to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket value from the response to the PlayFab request is written to the session_ticket claim.
    • The EntityToken values from the response to the PlayFab request is written to the entity_token, entity_id, entity_type claims.
  4. The user is redirected to login_url with a query parameter token. The user JWT is written to the token parameter.

OAuth 2.0 protocol-based authentication flow

  1. The client sends the Auth by username and password request with the redirect_uri parameter to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The Xsolla Login server returns login_url along with code in the query parameter and the passed redirect_uri parameter.
  4. The user is redirected to redirect_uri with the query parameter code.
  5. The client sends the Generate JWT request to the Xsolla Login server to exchange the received code for a user JWT.
  6. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket value from the response to the PlayFab request is written to the session_ticket claim if you passed scope=playfab to the Auth by username and password request.
    • The EntityToken values from the response to the PlayFab request is written to the entity_token, entity_id, entity_type claims.

Authentication via Twitch

You should set up a social network in PlayFab to authenticate users via Twitch. There are two types of authentication via Twitch — JWT standard-based and OAuth 2.0 protocol-based authentication.

Note
If the user record in PlayFab is linked to the Twitch account, it is considered to be one account.

JWT standard-based authentication flow

  1. The client sends the Auth via social network request to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The user data is written to the Xsolla database.
  4. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket value from the response to the PlayFab request is written to the session_ticket claim.
    • The EntityToken values from the response to the PlayFab request is written to the entity_token, entity_id, entity_type claims.
  5. The user is redirected to login_url with a query parameter token. The user JWT is written to the token parameter.

OAuth 2.0 protocol-based authentication flow

  1. The client sends the Auth via social network request with the redirect_uri parameter to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The user data is written to the Xsolla database.
  4. The Xsolla Login server sends the request to change data in PlayFab.
  5. The user is redirected to redirect_uri with a query parameter code.
  6. The client sends the Generate JWT request to the Xsolla Login server to exchange the received code for a user JWT.
  7. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket value from the response to the PlayFab request is written to the session_ticket claim if you passed scope=playfab to the Twitch authentication request.
    • The EntityToken values from the response to the PlayFab request is written to the entity_token, entity_id, entity_type claims.

Set up Twitch authentication

  1. Create your Twitch account and get a Twitch Client ID.
  2. Go to Publisher Account and open your project > Login.
  3. Click Configure in the panel of the required Login project.
  4. Go to the Authentication block and select the Social login section.
  5. Go to the Twitch social network panel, click the ⚙ icon and select Settings.
  6. Enter your Twitch Client ID in the Application ID field.
  7. If necessary, change other settings.
  8. Click Connect.
  9. Set up Twitch in your PlayFab account.
  10. If you have integrated the Login product via the Login API calls:
    1. Get a link for authentication via Twitch. To do this, use the social network authentication call (JWT or OAuth 2.0).
    2. Place the received link in the interface of your application.

User password reset

The user password reset flow is the following:

  1. The client sends the Reset password request to the Xsolla Login server.
  2. The Xsolla Login server sends the password reset request to PlayFab.
  3. The updated password is written to PlayFab.

User blocking

You can block users via Publisher Account. Blocked users cannot authenticate. The blocking will be recorded and saved on the Xsolla side only.

Was this article helpful?
Thank you!
Is there anything we can improve? Message
We’re sorry to hear that
Please explain why this article wasn’t helpful to you. Message
Thank you for your feedback!
We’ll review your message and use it to help us improve your experience.
Rate this page
Rate this page
Is there anything we can improve?

Don’t want to answer

Thank you for your feedback!

Continue reading

Last updated: October 10, 2023

Found a typo or other text error? Select the text and press Ctrl+Enter.

Report a problem
We always review our content. Your feedback helps us improve it.
Provide an email so we can follow up
Thank you for your feedback!