Xsolla-logo

Silent authentication

get/oauth2/social/{oauth2_cross_social_provider_name}/cross_auth

Exchanges the user JWT from Steam, Xbox, Abyss to the JWT in your project (projectId). To enable silent authentication, use the instruction.

Request
path Parameters
oauth2_cross_social_provider_name
required
string

Name of the platform the user authorized in. Can be steam, xbox, abyss, epicgames.

query Parameters
client_id
required
integer

Your application ID. Get it after creating an OAuth 2.0 client.

response_type
required
string

Grant type used in your project that has the enabled OAuth 2.0 protocol. Must be code to get the user authentication code in the response. The received code must be exchanged to a JWT via the Generate JWT call to finish user authentication.

state
required
string

Value used for additional user verification. Often used to mitigate CSRF Attacks. The value will be returned in the response. Must be longer than 8 symbols.

redirect_uri
string

URL to redirect the user to after account confirmation, successful authentication, or password reset confirmation. To set up this parameter, please contact your Account Manager.

app_id
string

Your app ID in the platform.

scope
string

Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account.

Can be:

  • email for Auth via social network or Get link for social auth calls to request an email from the user additionally.
  • offline to use refresh_token from Generate JWT call to refresh the JWT when it is expired.
  • playfab to write SessionTicket to the session_ticket claim of the JWT if you store user data at PlayFab.

If you process your own values of the scope parameter, that are not mentioned above, you can set them when using this call. The Xsolla Login server does not process these values, but returns them in the received JWT.

session_ticket
string

Session ticket received from the platform.

code
string

Code received from the platform.

is_redirect
boolean
Default: true

Shows how the Xsolla Login server should respond. If you set:

  • true value, the Xsolla Login server returns the 302 response code. URL for user redirection with user JWT will be in the Location header.
  • false value, the Xsolla Login server returns the 200 response code. URL for user redirection with user JWT will be in the response body.
Responses
200

OK

302

Redirection

400

Bad Request

404

Not Found

422

Unprocessable Entity

429

Too Many Requests

Request samples
curl -i -X GET \
  'https://login.xsolla.com/api/oauth2/social/{oauth2_cross_social_provider_name}/cross_auth?client_id=0&response_type=string&state=string&redirect_uri=string&app_id=string&scope=string&session_ticket=string&code=string&is_redirect=true'
Response samples
application/json
{
  • "login_url": "string"
}