Authentification par custom ID
You can authenticate users on the Xsolla side via a custom ID (a user ID generated on your server).
This authentication option allows to:
- use your own authorization system with Xsolla products
- implement the logic of a cross-platform user account
To authenticate a user via a custom ID, you will need to implement the Auth by custom ID API call in the back end of your application. The call returns a user JSON Web Token (JWT), that you can use as an authorization token in the SDK methods for making a payment and managing inventory.
To end an active user session, use the OAuthLogout
SDK method.
Instructions
You can integrate the SDK with your own authorization system. To do this, implement user identification by custom ID (user ID generated on your server) to open an in-game store, make a payment, and manage inventory.
The flow of interaction with Xsolla servers when using your own authorization system:
- Your client sends an authentication request to your server.
- Your server authorizes the user and sends a request to the Xsolla server to receive the user JSON Web Token (JWT), passing in the custom ID.
- Xsolla server returns the user JWT.
- Your server passes the user JWT to the client.
- SDK methods use the received user JWT instead of authorization token to open an in-game store, make a payment, and manage inventory.
To use your own authorization system with Xsolla products:
- Set up server OAuth 2.0 client in your Publisher Account.
- Implement getting the server JWT.
- Implement getting the user JWT.
- Implement the logic of working with the in-game store, purchases, and inventory using the user JWT.
Configurer le client OAuth 2.0 du serveur
- Open your project in Publisher Account and go to the Login section.
- Click Configure in the pane of a Login project.
- Go to the Security block and select the OAuth 2.0 section.
- Click Add OAuth 2.0.
- Specify OAuth 2.0 redirect URIs.
- Check the Server (server-to-server connection) box.
- Click Connect.
- Copy and save the client ID and secret key.
Obtenir un JWT de serveur
On the back end of your application, implement a method to get the server JWT using the Generate JWT API call. The request must contain the following parameters:
grant_type
is the JWT type, pass theclient_credentials
value.client_secret
is the secret key that is received when you set up the server OAuth 2.0 client.client_id
is the client ID received when you set up the server OAuth 2.0 client.
Obtenir un JWT d'utilisateur
On the back end of your application, implement a method to get the user JWT using the Auth by custom ID API call. The request must contain the X-Server-Authorization: <server_JWT>
header, where <server_JWT>
is the server JWT obtained in the previous step.
Utiliser un JWT d'utilisateur
Use the SDK methods to open the in-game store, make a payment, and manage inventory. While using the SDK methods, pass the user JWT to the Token.Instance
property.
The following tutorials contain examples of using the token:
- Sell virtual items for real currency
- Sell virtual items for virtual currency
- Display of virtual currency balance
- Display of items in inventory
Implement the logic of receiving a new user JWT after its expiration. It is recommended that you get a new token in background mode so the user doesn’t have to log in to the application again.
Liens utiles
Dernière mise à jour: 10 Octobre 2023Faute de frappe ou autre erreur dans le texte ? Sélectionnez le texte concerné et appuyez sur Ctrl+Entée.