PlayFab

How It Works

You can use PlayFab as a storage for the following user data:

  • username
  • user email address
  • user password
  • fields from an extended registration form if the form is set up
This user data is stored at Xsolla’s side too, but passwords are validated by PlayFab only.

If you use a PlayFab storage, you have access to the following features:

You can use the login widget or your application as a client. The interaction flow between the client and the Xsolla Login server is the following:

  1. The client sends requests to the Xsolla Login server. The requests format is described in JWT, OAuth 2.0, and General methods groups.
  2. The Xsolla Login server sends requests to PlayFab.
  3. The Xsolla Login server processes a response from PlayFab and returns results to the client.
  4. The client processes the response.

User Registration in PlayFab

User registration follows the flow. You can set up sending the user account confirmation email to finish user registration.

User Registration Flow

  1. The client sends the Register a New User request to the Xsolla Login server.
  2. The Xsolla Login server sends a registration request.
  3. User data is written to the Xsolla database.
  4. The Xsolla Login server sends the request to change data in PlayFab.
  5. If you set up the account confirmation:
    1. When you use the API methods for integrating the solution, registration is finished.
    2. If you use the Login widget for integrating the solution, the user is redirected to a page with the following message: The account confirmation email is sent to {email address}.
    If you do not set up account confirmation, the user automatically logs in after registration.

User Account Confirmation in PlayFab

To set up sending the account confirmation email, complete the following steps:

  1. Follow the instruction to set up your project in PlayFab.
  2. Make sure you have completed the Create an email template and Create a rule to send an email when a contact email is updated steps from the Requirements module.
  3. Contact your Account Manager.

Note: The user who signed up to the project that uses PlayFab, can log in without confirming their email address.

Authentication via User Email Address and Password

There are two types of authentication via user email address and password — JWT-based and OAuth 2.0 protocol-based authentication.

Authentication (JWT):

  1. The client sends the Auth by Username and Password request to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket from the response to the PlayFab request is written to the session_ticket claim.
  4. The user is redirected to login_url with a query parameter token. A user JWT is written to the token parameter.

Authentication (OAuth 2.0):

  1. The client sends the Auth by Username and Password request with the redirect_uri parameter to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The Xsolla Login server returns login_url with code in a query parameter and passed redirect_uri.
  4. The user is redirected to redirect_uri with a query parameter code.
  5. The client sends the Generate JWT request to the Xsolla Login server to exchange the received code for a user JWT.
  6. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket from the response to the PlayFab request is written to the session_ticket claim if you passed scope=playfab to the Auth by Username and Password request.

If there is no user data in the Xsolla storage:

  1. The user data is written there.
  2. The Xsolla Login server sends the request to change data in PlayFab.

Authentication via Twitch

You should set up a social network in PlayFab to authenticate users via Twitch. There are two types of authentication via Twitch — JWT-based and OAuth 2.0 protocol-based authentication.

Authentication (JWT):

  1. The client sends the Auth via Social Network request to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The user data is written to the Xsolla database.
  4. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket from the response to the PlayFab request is written to the session_ticket claim.
  5. The user is redirected to login_url with a query parameter token. A user JWT is written to the token parameter.

Authentication (OAuth 2.0):

  1. The client sends the Auth via Social Network request with the redirect_uri parameter to the Xsolla Login server.
  2. The Xsolla Login server sends the authentication request to PlayFab.
  3. The user data is written to the Xsolla database.
  4. The Xsolla Login server sends the request to change data in PlayFab.
  5. The user is redirected to redirect_uri with a query parameter code.
  6. The client sends the Generate JWT request to the Xsolla Login server to exchange the received code for a user JWT.
  7. The Xsolla Login server generates a user JWT, while:
    • The PlayFabId value from the response to the PlayFab request is written to the external_account_id claim.
    • The SessionTicket from the response to the PlayFab request is written to the session_ticket claim if you passed scope=playfab to the Twitch authentication request.

Info: If the user record in PlayFab is linked to the Twitch account, it is considered to be a one account.

User Password Reset

The user password reset flow is the following:

  1. The client sends the Reset Password request to the Xsolla Login server.
  2. The Xsolla Login server sends the password reset request to PlayFab.
  3. The updated password is written to PlayFab.

Blocking User

You can block users via Publisher Account > your Login project > Users. Blocked users cannot authenticate. The record about the blocking will be saved in the Xsolla database only.

Who Can Use It

Partners who have already integrated Login and have a project in PlayFab.

How to Get It

To connect a PlayFab storage:

  1. Go to Publisher Account > your Login project > General settings.
  2. Choose PlayFab in the User data storage block.
  3. Enter Title ID from your PlayFab account.

Info: You can use the PlayFab methods for sending additional emails to users.

To set up Twitch in Playfab:

  1. Create your Twitch account and get Twitch Client ID.
  2. Go to your Login project > Social connections.
  3. Connect Twitch.tv by entering Twitch Client ID to the Application ID field.
  4. Follow the instruction to set up Twitch in a PlayFab account.
  5. If you integrated Xsolla Login via the API methods:
    1. Get the link for authentication via Twitch. Use the social authentication method for it (JWT or OAuth 2.0).
    2. Place the received link in your UI.