Authentication via custom ID
You can authenticate users on the Xsolla side via a custom ID (a user ID generated on your server).
This authentication option allows to:
- use your own authorization system with Xsolla products
- implement the logic of a cross-platform user account
To authenticate a user via a custom ID, you will need to implement the Auth by custom ID API call in the back end of your application. The call returns a user JSON Web Token (JWT), that you can use as an authorization token in the SDK methods for making a payment and managing inventory.
To end an active user session, use the OAuthLogout
SDK method.
How-tos
You can integrate the SDK with your own authorization system. To do this, implement user identification by custom ID (user ID generated on your server) to open an in-game store, make a payment, and manage inventory.
The flow of interaction with Xsolla servers when using your own authorization system:
- Your client sends an authentication request to your server.
- Your server authorizes the user and sends a request to the Xsolla server to receive the user JSON Web Token (JWT), passing in the custom ID.
- Xsolla server returns the user JWT.
- Your server passes the user JWT to the client.
- SDK methods use the received user JWT instead of authorization token to open an in-game store, make a payment, and manage inventory.
To use your own authorization system with Xsolla products:
- Set up server OAuth 2.0 client in your Publisher Account.
- Implement getting the server JWT.
- Implement getting the user JWT.
- Implement the logic of working with the in-game store, purchases, and inventory using the user JWT.
Set up server OAuth 2.0 client
- Open your project in Publisher Account and go to the Login section.
- Click Configure in the pane of a Login project.
- Go to the Security block and select the OAuth 2.0 section.
- Click Add OAuth 2.0.
- Specify OAuth 2.0 redirect URIs.
- Check the Server (server-to-server connection) box.
- Click Connect.
- Copy and save the client ID and secret key.
Get server JWT
On the back end of your application, implement a method to get the server JWT using the Generate JWT API call. The request must contain the following parameters:
grant_type
is the JWT type, pass theclient_credentials
value.client_secret
is the secret key that is received when you set up the server OAuth 2.0 client.client_id
is the client ID received when you set up the server OAuth 2.0 client.
Get user JWT
On the back end of your application, implement a method to get the user JWT using the Auth by custom ID API call. The request must contain the X-Server-Authorization: <server_JWT>
header, where <server_JWT>
is the server JWT obtained in the previous step.
Use user JWT
Use the SDK methods to open the in-game store, make a payment, and manage inventory. While using the SDK methods, pass the user JWT to the Token.Instance
property.
The following tutorials contain examples of using the token:
- Sell virtual items for real currency
- Sell virtual items for virtual currency
- Display of virtual currency balance
- Display of items in inventory
Implement the logic of receiving a new user JWT after its expiration. It is recommended that you get a new token in background mode so the user doesn’t have to log in to the application again.
Useful links
Last updated: October 10, 2023Found a typo or other text error? Select the text and press Ctrl+Enter.