Cross-Authentication

How It Works

Cross-authentication allows to automatically authenticate users in Login via a publishing platform (Xbox, Steam, Stone, and Mail.ru).

Interaction flow:

  1. User launches the game.
  2. Your game receives the platform authentication data via an SDK.
  3. Your game forms a request and sends it to the Xsolla Login server to get a JWT.
  4. The Xsolla Login server authenticates a user and sends a JWT.

Note: If you integrated Xsolla Launcher, use the recipe to authenticate users via platforms.

You can collect user emails during cross-authentication as well as during social authentication. Use the recipe to set it up.

Who Can Use It

Partners who have already integrated Login and have a publishing platform account.

How to Get It

To set up cross-authentication in Login, choose the platform the game is published in and follow the instructions.

Xbox

  1. Contact your Account Manager and specify:
    • xsolla_login_project_id — your Login project ID from Publisher Account;
    • app_client_id — your Xbox app ID;
    • app_client_secret — Web API Key.
  2. Form a session ticket (session_ticket parameter) based on the platform data after user authentication. The parameter is formed basing on the <xid>-<uhs>;<XSTSToken> template where:
    • <xid> — Xbox User ID;
    • <uhs> — user hash;
    • <XSTSToken> — Xbox Secure Token Service.
  3. Pass the session_ticket parameter to the cross-authentication request (JWT or OAuth 2.0).

Note: The app_client_id and app_client_secret parameters' values are checked only on the Xsolla Login server side. You can get the values via the Xbox API or they can be generated by your game.

Steam

  1. Contact your Account Manager and specify:
  2. Form a session ticket (session_ticket parameter) based on the platform data after user authentication:
    1. Get the session ticket.
    2. Pass it to the cross-authentication request (JWT or OAuth 2.0) as a session_ticket parameter.

Stone

  1. Contact your Account Manager and specify:
    • xsolla_login_project_id — your Login project ID from Publisher Account;
    • app_client_id — Stone app ID (Stoneport ID);
    • app_client_secret — secret key (Stoneport Keys).
  2. Pass the session_ticket and area_id parameters, received from a platform after user authentication, to the Cross Auth request:

GET https://login.xsolla.com/api/social/stone/cross_auth?projectId=<project_id>&session_ticket=<session_ticket>&area_id=<area_id>&app_id=<app_id>&login_url=<login_url>

Mail.ru

  1. Contact your Account Manager and specify:
    • xsolla_login_project_id — your Login project ID from Publisher Account;
    • app_client_id — Mail.ru app ID (GMRID);
    • app_client_secret — secret key (you can find it in Mail.ru Developer profile on the System characteristics tab > Secret for api.games.mail/gc.mail.ru).
  2. Pass the uid and hash parameters (user ID and a session ticket analog accordingly), received from a platform after user authentication, to the Cross Auth request:

GET https://login.xsolla.com/api/social/mailru/cross_auth?projectId=<project_id>&uid=<user_id>&hash=<ticket>&fields=email&login_url=<login_url>