Authentication via custom ID
You can authenticate users on the Xsolla side via a custom ID (a user ID generated on your server).
This authentication option allows to:
- use your own authorization system with Xsolla products
- implement the logic of a cross-platform user account
To authenticate a user via a custom ID, you will need to implement the Auth by custom ID API call in the back end of your application. The call returns a user JSON Web Token (JWT), that you can use as an authorization token in the SDK methods for making a payment and managing inventory.
To end an active user session, use the
logUserOut SDK method.
You can integrate the SDK with your own authorization system. To do this, implement user identification by custom ID (user ID generated on your server) to open an in-game store, make a payment, and manage inventory.
The flow of interaction with Xsolla servers when using your own authorization system:
- Your client sends an authentication request to your server.
- Your server authorizes the user and sends a request to the Xsolla server to receive the user JSON Web Token (JWT), passing in the custom ID.
- Xsolla server returns the user JWT.
- Your server passes the user JWT to the client.
- SDK methods use the received user JWT instead of authorization token to open an in-game store, make a payment, and manage inventory.
To use your own authorization system with Xsolla products:
- Set up server OAuth 2.0 client in your Publisher Account.
- Implement getting the server JWT.
- Implement getting the user JWT.
- Implement the logic of working with the in-game store, purchases, and inventory using the user JWT.
Set up server OAuth 2.0 client
- Open your project in Publisher Account and go to the Login section.
- Click Configure in the panel of a Login project.
- Go to the Security block and select the OAuth 2.0 section.
- Click Add OAuth 2.0.
- Specify OAuth 2.0 redirect URIs.
- Check the Server (server-to-server connection) box.
- Click Connect.
- Copy and save the client ID and secret key.
Get server JWT
On the back end of your application, implement a method to get the server JWT using the Generate JWT API call. The request must contain the following parameters:
grant_typeis the JWT type, pass the
client_secretis the secret key that is received when you set up the server OAuth 2.0 client.
client_idis the client ID received when you set up the server OAuth 2.0 client.
Get user JWT
On the back end of your application, implement a method to get the user JWT using the Auth by custom ID API call. The request must contain the
X-Server-Authorization: <server_JWT> header, where
<server_JWT> is the server JWT obtained in the previous step.
Use user JWT
Pass the user JWT to the SDK methods as an authorization token.
Implement the logic of receiving a new JWT after it expires. We recommend that you get a new token in background mode so the user doesn’t have to log into the application again.
Was this article helpful?
Found a typo or other text error? Select the text and press Ctrl+Enter.