General information
The solution for user login and registration is based on the Login product. Authentication settings for your project are available in Publisher Account in the Login section.
If you use the SDK, add the Xsolla Privacy Policy Agreement link to your application. You can see the example of this link in the demo project on the sign up page.
How-tos
OAuth 2.0 uses short-lived tokens with long-term authorization (refresh tokens) instead of long-lived tokens. A refresh token allows users to stay in your application for an extended period of time without needing to re-enter their username and password. This eliminates the risk of compromising user authentication data.
Set up OAuth 2.0 for authorization:
- via username or email and password
- via social networks
- via Steam
If the option is enabled, user registration and authentication is carried out by calling the FXsollaAuthToken
structure, the refresh token is specified in the RefreshToken
field.
- Set up OAuth 2.0 authentication for Login project in your Publisher Account.
- Set up plug-in in your Unreal Engine project.
Set up OAuth 2.0 authentication for Login project in your Publisher Account
- Go to your Publisher Account.
- In the side menu, click Login.
- Click Configure in the Login project pane.
- Go to the Security block and select the OAuth 2.0 section.
- Click Add OAuth 2.0.
- In the OAuth 2.0 redirect URIs field, specify the URL or path in the application to which users are redirected after they have successfully authenticated, confirmed their email, or reset their password.
- Click Connect.
- Copy and save the Client ID.
Set up plug-in in your Unreal Engine project
- Open your Unreal Engine project in Unreal Editor.
- Go to
Settings > Project Settings > Plugins > Xsolla Settings > General . - In the
Client ID field, specify Client ID received when setting up OAuth 2.0 in Publisher Account. - In the
Redirect URI field, specify the URL or path. The value must match the one specified in Publisher Account in the Login > your Login project > Security > OAuth 2.0 section.
The following methods are implemented in the SDK to work with refresh tokens:
RefreshToken
— refreshes the token if it has expired.ExchangeAuthenticationCodeToToken
— exchanges the user’s authentication code for a valid JWT.
The State
parameter found in the RegisterUser
, GetSocialAuthenticationUrl
, and AuthenticateWithSessionTicket
methods is used for additional user verification during OAuth 2.0 authentication. This parameter is used to mitigate possible CSRF attacks.
Token invalidation allows for improved security of user authentication data in your application. If the option is enabled, a new token replaces the old one that becomes invalid every time the user authenticates.
When using the SDK, invalidation of the existing token and generation of a new one is made by calling with_logout
parameter has the 1
value.
To enable token invalidation in your Unreal Engine project:
- Go to
Settings > Project Settings > Plugins > Xsolla Settings . - Enable the
Invalidate Existing Sessions option.
Continue reading
Found a typo or other text error? Select the text and press Ctrl+Enter.