User flow

1. The user goes to the Web Shop where they already set up their user ID authentication.
2. The user clicks Buy now under the selected item or Login on the top bar.
3. A modal window opens that requires the user to enter their ID or choose a social network.

4. User enters their user ID and clicks Continue or clicks on the social networks icon to choose a social network and completes authentication on the social network page.
5. The system checks if a user exists in the game. If a user with this ID or social account exists in the game, the user is authorized in the Web Shop. Otherwise an error message is displayed.

How to get it

1. On your application’s side, implement handling of the user validation webhook.

When receiving a webhook, the application should do the following:

• Search for a user by their ID passed in the webhook.
• Depending on the result, send one of the following status codes:
  • 200 HTTP-code with an answer from webhook if a user is found
  • 404 HTTP-code if the user ID is not found
• Send user attributes for personalization.

2. Open your project in Publisher Account.
3. In the side bar click Site Builder.
4. Click Open Site Builder.
5. Go to the Login Settings block.

6. Select the User ID option.

7. In the drop-down list, select New Login.

8. Enter the URL to receive webhooks.

9. Set up authorization via social networks already connected to your application (optional):
   1. Open your project in Publisher Account and go to the Login section.
   2. Click Configure in the site bar.
   3. Go to the Authentication block and select Social login.

1. 4. To set up a social network, go to the social network card, click the ⚙ icon to the right of the title, and select Connect.

How to get it

1. In the Builder for your site, go to the Login settings block.

2. Select the Xsolla Login authorization option.
3. In the drop-down list, select New Login.

4. Go to the Login project settings from the modal window or click Set up authentication method in the Xsolla Login block.

5. Connect user data storage.

Depending on the method of storing user data, different product functionality is available to you (see Comparison of user data storage options).

Xsolla storage

If you want the Login product to process all authentication logic, connect to Xsolla storage. More flexible settings will be available to you.

When you create a Login project, Xsolla storage is connected by default, no additional steps are required to configure it. If you have changed the default storage type and need to reconnect to Xsolla storage, follow these steps:

1. On the navigation page, go to the User database block and select the Storage section.
2. Select Xsolla storage and click Save changes.

PlayFab storage

If you want to use PlayFab functionality to work with users, connect to PlayFab storage. The storage saves the following user data:

• username
• user email address
• user password
• fields from an extended registration form if the form is set up

PlayFab storage gives you access to the following features:

• user registration
• authentication by email address or username and password
• authentication via Twitch
• user password reset
• user blocking

To connect the storage:

1. On the navigation page, go to the User database block and select the Storage section.
2. Select PlayFab.
3. In the Title ID field, enter the value of the same field from your PlayFab account.
4. Click Save changes.

Firebase storage

If you want to use Firebase functionality to work with users, connect to Firebase storage. This storage saves the following user data:

• username
• user email address
• user password
• fields from an extended registration form if the form is set up

To connect the storage:

1. On the navigation page, go to the User database block and select the Storage section.
2. Select Firebase.
3. In the API key field, enter the value of the same field from your Firebase account.
4. Click Save changes.

Custom storage

If you use your own authorization system and store user data on your application side, connect to custom storage.

The custom storage gives you access to the following features:

• user registration
• authentication by email address or username and password
• passwordless authentication by phone number
• authentication via social networks
• user password reset

To set up the connection between the Xsolla Login server and your application as a client:

1. Connect the custom storage.
2. Set up the processing of requests from the Xsolla Login server.

Connect custom storage

1. On the navigation page, go to the User database block and select the Storage section.
2. Select Custom storage.
3. Enter URLs where to send API requests:
   • User verification URL
   • New user URL
   • Password reset URL
   • Passwordless login with phone URL
   • Social login URL
4. Click Save changes.
5. For the URLs you have set, implement an API that will respond as follows:
   • HTTP 200 / HTTP 204 for successful requests. If required, a JSON containing additional user data can be placed in the response body. The passed data is written to a JWT (the partner_data parameter).
   • Other HTTP status codes for unsuccessful requests.

Set up processing of requests from Xsolla Login server

Xsolla Login server requests are sent to URLs, you specified in Publisher Account, with the Authorization: Bearer <JWT> header. The JWT is signed with the secret key of your project.

To process a request:

1. Validate a received JWT.
2. If the validation is successful, decode the JWT and make sure it includes the claims from the table below. Find and use a library for decoding.

Example of a token payload:

{
  "exp": 1573635020,
  "iat": 1573634600,
  "iss": "https://login.xsolla.com",
  "request_type": "gateway_request",
  "xsolla_login_project_id": "00000000-0000-0000-0000-000000000000"
}