SDKs for Android / Authentication via custom ID

Authentication via custom ID

You can authenticate users on the Xsolla side via a custom ID (a user ID generated on your server).

This authentication option allows to:

To authenticate a user via a custom ID, you will need to implement the Auth by custom ID API call in the back end of your application. The call returns a user JSON Web Token (JWT), that you can use as an authorization token in the SDK methods for making a payment and managing inventory.

Note
A new account is created automatically on the Xsolla side when a user completes authentication with their ID for the first time.
To end an active user session, use the oauthLogout SDK method.
SDK reference documentation
Learn more about SDK methods and its parameters.

How-tos

Learn about advanced setups from our how-tos.

How to use your own authorization system

Notice
Use this how-to when working with the following libraries:
  • Store
  • Payments
  • Inventory

You can integrate the SDK with your own authorization system. To do this, implement user identification by custom ID (user ID generated on your server) to open an in-game store, make a payment, and manage inventory.

The flow of interaction with Xsolla servers when using your own authorization system:

  1. Your client sends an authentication request to your server.
  2. Your server authorizes the user and sends a request to the Xsolla server to receive the user JSON Web Token (JWT), passing in the custom ID.
  3. Xsolla server returns the user JWT.
  4. Your server passes the user JWT to the client.
  5. SDK methods use the received user JWT instead of authorization token to open an in-game store, make a payment, and manage inventory.

To use your own authorization system with Xsolla products:

  1. Set up server OAuth 2.0 client in your Publisher Account.
  2. Implement getting the server JWT.
  3. Implement getting the user JWT.
  4. Implement the logic of working with the in-game store, purchases, and inventory using the user JWT.

Note
If you use the PlayFab or Firebase authorization system, get the user JWT using Xsolla ready-made extensions for BaaS.

Set up server OAuth 2.0 client

  1. Open your project in Publisher Account and go to the Login section.
  2. Click Configure in the panel of a Login project.
  3. Go to the Security block and select the OAuth 2.0 section.
  4. Click Add OAuth 2.0.
  5. Specify OAuth 2.0 redirect URIs.
  6. Check the Server (server-to-server connection) box.
  7. Click Connect.
  8. Copy and save the client ID and secret key.

Get server JWT

On the back end of your application, implement a method to get the server JWT using the Generate JWT API call. The request must contain the following parameters:

Note
The server JWT lifetime is 59 minutes.

Get user JWT

On the back end of your application, implement a method to get the user JWT using the Auth by custom ID API call. The request must contain the X-Server-Authorization: <server_JWT> header, where <server_JWT> is the server JWT obtained in the previous step.

Note
The user JWT lifetime is 24 hours. To change it, contact your Account Manager or email integration@xsolla.com.

Use user JWT

Pass the user JWT to the XStore.init method and use the SDK methods to open the in-game store, make a payment, and manage inventory.

Implement the logic of receiving a new user JWT after its expiration. It is recommended that you get a new token in background mode so the user doesn’t have to log in to the application again.

Was this article helpful?
Thank you!
Is there anything we can improve? Message
We’re sorry to hear that
Please explain why this article wasn’t helpful to you. Message
Thank you for your feedback!
We’ll review your message and use it to help us improve your experience.
Hide

Useful links

Last updated: October 31, 2022

Found a typo or other text error? Select the text and press Ctrl+Enter.

Report a problem
We always review our content. Your feedback helps us improve it.
Provide an email so we can follow up
Thank you for your feedback!