Authentication via custom ID

You can authenticate users on the Xsolla side via a custom ID (a user ID generated on your server).

This authentication option allows to:

To authenticate a user via a custom ID, you will need to implement the Auth by custom ID API call in the back end of your application. The call returns a user JSON Web Token (JWT), that you can use as an authorization token in the SDK methods for making a payment and managing inventory.

Note
A new account is created automatically on the Xsolla side when a user completes authentication with their ID for the first time.
To end an active user session, use the logUserOut SDK method.

How-tos

Learn about advanced setups from our how-tos.

How to use your own authorization system

You can integrate the SDK with your own authorization system. To do this, implement user identification by custom ID (user ID generated on your server) to open an in-game store, make a payment, and manage inventory.

The flow of interaction with Xsolla servers when using your own authorization system:

  1. Your client sends an authentication request to your server.
  2. Your server authorizes the user and sends a request to the Xsolla server to receive the user JSON Web Token (JWT), passing in the custom ID.
  3. Xsolla server returns the user JWT.
  4. Your server passes the user JWT to the client.
  5. SDK methods use the received user JWT instead of authorization token to open an in-game store, make a payment, and manage inventory.

To use your own authorization system with Xsolla products:

  1. Set up server OAuth 2.0 client in your Publisher Account.
  2. Implement getting the server JWT.
  3. Implement getting the user JWT.
  4. Implement the logic of working with the in-game store, purchases, and inventory using the user JWT.

Note
If you use the PlayFab or Firebase authorization system, get the user JWT using Xsolla ready-made extensions for BaaS.

Set up server OAuth 2.0 client

  1. Open your project in Publisher Account and go to the Login section.
  2. Click Configure in the pane of a Login project.
  3. Go to the Security block and select the OAuth 2.0 section.
  4. Click Add OAuth 2.0.
  5. Specify OAuth 2.0 redirect URIs.
  6. Check the Server (server-to-server connection) box.
  7. Click Connect.
  8. Copy and save the client ID and secret key.

Get server JWT

On the back end of your application, implement a method to get the server JWT using the Generate JWT API call. The request must contain the following parameters:

Note
The server JWT lifetime is 59 minutes.

Get user JWT

On the back end of your application, implement a method to get the user JWT using the Auth by custom ID API call. The request must contain the X-Server-Authorization: <server_JWT> header, where <server_JWT> is the server JWT obtained in the previous step.

Note
The user JWT lifetime is 24 hours. To change it, contact your Customer Success Manager or email integration@xsolla.com.

Use user JWT

Pass the user JWT to the SDK methods as an authorization token.

Implement the logic of receiving a new JWT after it expires. We recommend that you get a new token in background mode so the user doesn’t have to log into the application again.

Was this article helpful?
Thank you!
Is there anything we can improve? Message
We’re sorry to hear that
Please explain why this article wasn’t helpful to you. Message
Thank you for your feedback!
We’ll review your message and use it to help us improve your experience.
Hide

Useful links

Last updated: January 22, 2024

Found a typo or other text error? Select the text and press Ctrl+Enter.

Report a problem
We always review our content. Your feedback helps us improve it.
Provide an email so we can follow up
Thank you for your feedback!