Authentication Basics

Authentication Basics#

This article covers the basics of how to register user accounts as well as the available authentication methods for logging in a user account to an Xsolla Backend cluster.

Account Registration#

Registering a new account in Xsolla Backend is very simple, requiring only the creation of a new account record. Due to the design of the platform setting a password during the registration process is completely optional. This guarantees flexibility in how you choose to implement authentication with your game.

A user account requires very little data, keeping the personally identifiable information to a minimum. The configurable properties of a user account are as follows:

Property

Description

Required

name

The unique name of the user.

true

email

The unique e-mail address of the user.

true

firstName

The user’s real first name.

false

lastName

The user’s real last name.

false

phone

The user’s real telephone number.

false

For security reasons all the information above (except name) is removed when requesting or searching for account data unless the user requesting that data is yourself or a system admin.

You can learn more about how these features are used by reading the Account Services documentation.

To implement user registration simply call the RegisterUser or RegisterUserAndPassword function on the CoreSDK object instance from the SDK as shown below:

 1using namespace xbe:::sdk;
 2
 3auto newUser = std::make_shared<models::User>();
 4// Required
 5newUser->SetName(_XPLATSTR("jsmith"));
 6newUser->SetEmail(_XPLATSTR("john.smith@gmail.com"));
 7
 8// Optional
 9newUser->SetFirstName(_XPLATSTR("John"));
10newUser->SetLastName(_XPLATSTR("Smith"));
11newUser->SetPhone(_XPLATSTR("+1 213-555-1234"));
12
13CoreSDK->RegisterUser(newUser).then([](pplx::task<std::shared_ptr<models::User>> task)
14{
15    try
16    {
17        task.get();
18    }
19    catch (const xbe::sdk::Exception& e)
20    {
21        // Handle error here
22    }
23});

The following example shows how to register a new account and immediately create a password for the newly created user:

 1using namespace xbe::sdk;
 2
 3auto newUser = std::make_shared<models::User>();
 4// Required
 5newUser->SetName(_XPLATSTR("jsmith"));
 6newUser->SetEmail(_XPLATSTR("john.smith@gmail.com"));
 7
 8// Optional
 9newUser->SetFirstName(_XPLATSTR("John"));
10newUser->SetLastName(_XPLATSTR("Smith"));
11newUser->SetPhone(_XPLATSTR("+1 213-555-1234"));
12
13CoreSDK->RegisterUserAndPassword(newUser, _XPLATSTR("MyP@ssw0rdIsSecur3!")).then([](
14   pplx::task<std::shared_ptr<models::User>> task)
15{
16    try
17    {
18        task.get();
19    }
20    catch (const xbe::sdk::Exception& e)
21    {
22        // Handle error here
23    }
24});

Authentication#

Xsolla Backend supports five different methods of user authentication:

  1. API key

  2. Password

  3. Token

  4. Device

  5. Third-party (e.g. OAuth2, Facebook, Google, Twitter)

In addition to the above, multi-factor authentication (TOTP) is also supported.

API Key & Password#

Basic authentication is used to perform a standard login using a valid user identifier and password or API key. Any valid user identifier can be used for the login name including the name, email, and phone properties of the registered User account data.

In the below example we will assume the use of the email property as the identifier for the account created in the previous section:

 1using namespace xbe::sdk;
 2
 3CoreSDK->Login(_XPLATSTR("john.smith@gmail.com"), _XPLATSTR("MyP@ssw0rdIsSecur3!"))
 4   .then([=](pplx::task<void> task)
 5{
 6    try
 7    {
 8        task.get();
 9
10        if (CoreSDK->GetLoggedInUser() != nullptr)
11        {
12            // Success
13        }
14        else
15        {
16            // Fail
17        }
18    }
19    catch (const xbe::sdk::Exception& e)
20    {
21        // Handle error here
22    }
23});

Attention

Never store a user’s login credentials to local disk or memory. If retaining the authenticated session between application runtimes is desired it is recommended to use the Device or Token login methods as described below.

Token#

It is also possible to login using an existing authentication token. The token may be obtained from a previous authenticated session or provided to the application as a command line argument:

 1using namespace xbe::sdk;
 2
 3CoreSDK->LoginToken(_XPLATSTR("<TOKEN>")).then(
 4   [=](pplx::task<void> task)
 5{
 6    try
 7    {
 8        task.get();
 9
10        if (CoreSDK->GetLoggedInUser() != nullptr)
11        {
12            // Success
13        }
14        else
15        {
16            // Fail
17        }
18    }
19    catch (const xbe::sdk::Exception& e)
20    {
21        // Handle error here
22    }
23});

Device#

Device authentication allows a user to automatically identify themselves using a device’s unique machine identifier and deterministic secret hash. This is the recommended method for maintaining session logins between application runtimes. This method is frequently desirable to implement Frictionless Login.

Device authentication will work regardless of whether or not an existing account has been created for a given user. This works by generating a deterministic unique identifier for the device as the login name and a secret hash to serve as a special type of password. The SDK will first attempt to login using this credential. If login fails a new account is created automatically:

 1CoreSDK->LoginDevice().then([](pplx::task<void> task)
 2{
 3    try
 4    {
 5        // Force the exception to be re-thrown if an error occurred.
 6        task.get();
 7    }
 8    catch (const xbe::sdk::Exception& e)
 9    {
10        // Handle error here
11    }
12});

Third-party#

Xsolla Backend supports multiple third-party authentication methods for single-sign-on including OAuth2 compatibility.

The following third-party providers are supported out of the box:

  • Facebook

  • Google

  • Twitter