SDKs for Unity / Authentication
 Back to Docs

SDKs for Unity

  • Integration guide

  • Demo project

  • Authentication

  • Catalog

  • Subscriptions

  • Promotions

  • Item purchase

  • Player inventory

  • User account and attributes

  • Application build guides

  • Troubleshooting


    • General information

      The solution for user login and registration is based on the Login product. Authentication settings for your project are available in Publisher Account in the Login section.

      If you use the SDK, add the Xsolla Privacy Policy Agreement link to your application. You can see the example of this link in the demo project on the sign up page.

      Note
      Note that the Xsolla Privacy Policy Agreement doesn’t mean user data will be used. If you plan to collect and process this kind of data, make sure that your actions comply with the law. You should ask users for their permission to collect and process their data or inform them about the Privacy Policy Agreement.

      How-tos

      Learn about advanced setups from our how-tos.

      How to set up OAuth 2.0 authentication

      OAuth 2.0 uses short-lived tokens with long-term authorization (refresh tokens) instead of long-lived tokens. A refresh token allows users to stay in your application for an extended period of time without needing to re-enter their username and password. This eliminates the risk of compromising user authentication data.

      Set up OAuth 2.0 for authorization:

      • via username or email and password
      • via social networks
      • via Steam

      If the option is enabled, user registration and authentication is carried out by calling the Register new user and JWT auth by username and password API calls. The SDK provides the same methods for OAuth 2.0 authorization as for JWT token authorization.

      Note
      Enabling this setting doesn’t change the authentication process in your application for the user.

      To configure OAuth 2.0 authorization:

      1. Set up OAuth 2.0 authentication for Login project in your Publisher Account.
      2. Set up asset in your Unity project.

      Set up OAuth 2.0 authentication for Login project in your Publisher Account

      1. Go to your Publisher Account.
      2. In the side menu, сlick Login.
      3. Click Configure in the Login project pane.
      4. Go to the Security block and select the OAuth 2.0 section.
      5. Click Add OAuth 2.0.
      6. In the OAuth 2.0 redirect URIs field, specify the URL or path in the application to which users are redirected after they have successfully authenticated, confirmed their email, or reset their password.
      7. Click Connect.
      8. Copy and save the Client ID.

      Set up asset in your Unity project

      1. Go to your Unity project.
      2. Click Window > Xsolla > Edit Settings in the main menu.
      3. In Inspector panel:
        1. In the Authorization Type field, select OAuth2.0.
        2. In the OAuth2.0 client ID field, specify Client ID received when setting up OAuth 2.0 in Publisher Account.

      The following methods are implemented in the SDK to work with refresh tokens:

      • RefreshOAuthToken — refreshes the existing token using previously saved OAuth2.0 refresh token.
      • ExchangeCodeToToken — exchanges the user’s authentication code for a valid JWT.

      The oauthState argument found in the GetSocialNetworkAuthUrl method is used for additional user verification during OAuth 2.0 authentication. This argument is used to mitigate possible CSRF attacks.

      Was this article helpful?
      Thank you!
      Is there anything we can improve? Message
      We’re sorry to hear that
      Please explain why this article wasn’t helpful to you. Message
      Thank you for your feedback!
      We’ll review your message and use it to help us improve your experience.
      Hide

      How to set up token invalidation

      Token invalidation allows for improved security of user authentication data in your application. If the option is enabled, a new token replaces the old one that becomes invalid every time the user authenticates.

      Note
      You can configure token invalidation for authentication that uses a JWT token. For OAuth 2.0 authentication, token invalidation is provided by the protocol itself and does not need to be configured separately.

      When using SDK, invalidation of the existing token and generation of a new one is made by calling Auth by username and password and Auth via social network API calls, if the with_logout parameter is set to 1.

      To enable token invalidation in your Unity project:

      1. In the main menu, go to Window > Xsolla > Edit Settings.
      2. Go to the Inspector panel. In the Authorizaton Type field, select JWT. Check the Invalidate Existing Sessions box.

      Was this article helpful?
      Thank you!
      Is there anything we can improve? Message
      We’re sorry to hear that
      Please explain why this article wasn’t helpful to you. Message
      Thank you for your feedback!
      We’ll review your message and use it to help us improve your experience.
      Hide

      Continue reading

      Last updated: August 2, 2022

      Found a typo or other text error? Select the text and press Ctrl+Enter.

      Report a problem
      We always review our content. Your feedback helps us improve it.
      Provide an email so we can follow up
      Thank you for your feedback!