Authentication and Authorization

Overview

User Account Management (UAM) is a secure, multi-layer security system that allows access to AccelByte backend services. With UAM, you can allow and deny access to some or all of our backend services with our customizable user roles, client roles, and permissions settings. These settings allow for precision in determining which users or clients have access to which backend services.

Things to Know

Basic Authentication

Before creating an access token for a client, you must first perform authentication using your Client ID and Client Secret.

  • Client ID is a unique, public ID.
  • Client Secret is your own password. Do not share your Client Secret or embed it anywhere.

Basic authentication is needed to define the verified client application that is going to be used for the login process.

Grant Type

OAuth has different grant types for different use cases. We use these two grant types to grant access to AccelByte services:

Grant TypeUtilizationFunction
authorization_codeGenerate an access token using this API ResponseAuthorize a user to access UAM services
refresh_tokenGenerate a refresh tokenAllow access to UAM after the initial access token has expired
client_credentialsGenerate a token by checking the provided client credentialsAuthorize a user to access UAM services that requires client credentials

For authentication and authorization, AccelByte uses the OAuth 2.0 protocol. To enable services such as 3rd party user authentication, we use OpenID Connect as our authentication method. There are two ways to authorize access to our services using UAM:

Direct Access Implementation

Direct access implementation uses authentication that includes client credentials (Client ID and Client Secret) in the authorization request header. You’ll receive the client’s credentials when you register that client in UAM Client Management. After registering the client, you can use those credentials in the authorization request header to create an access token (JSON Web Token format) for that client.

The access token is used to authorize every request made to UAM, to grant access to the related services or resources. The default expiration time of the token is four hours, which can be extended using the refresh token that is automatically created during a successful authentication request.

Step 1: Set Basic Authentication

To set the basic authentication, follow these steps:

  1. Click the Set Basic Auth button.
  2. Input the Client ID and Client Secret.
  3. Click Set Authorization Header.

After a successful request, the Authorization Header will be generated in the Authorization Header field.

Step 2: Generate an Access Token

To generate an access token you need to use the OAuth2.0: OAuth2 Access Token Generation - POST /iam/v3/oauth/token endpoint and follow these steps:

  1. Choose the Grant Type.
  2. Input the Authorization Code received from the authorization server in the Code field.
  3. Input the previously registered Client ID into the Client ID field.
  4. Input the registered client in the Redirect URI field.
  5. Click Try it out! to generate the access token.

Redirect URI is a unique set of authenticators that each client uses to identify itself. The redirect URI indicates where a client will be redirected to after successful authorization, so it must match the actual redirect URI from the client.

API Gateway Implementation

API gateway implementation offers greater security when authorizing access to backend services, by issuing a session ID to the client application instead of an access token. With this implementation, the access token and client secret are stored in the API gateway. The client must request access to the backend services by sending the session ID to the API gateway, and the API gateway will authorize the session ID and pass the access token to UAM.

Just like access tokens, a session ID expires after four hours and can be extended using a refresh ID, which is provided during the authentication request. The refresh will be performed automatically before the session ID expires.

Step 1: Login Challenge

Use the OAuth 2.0: OAuth2 Authorize API - GET /iam/v3/oauth/authorize endpoint and follow these steps to make the request:

  1. Input the previously registered Client ID.
  2. Input the Redirect URI from the registered client.
  3. Input the random value into the State field.
  4. Input the scope of the access request into the Scope field.
  5. Input the value generated by transforming the code verifier into the Code Challenge field.
  6. Select a Code Challenge Method. The default value is plain.
  7. Click Try it out!

Scope can be filled with multiple values, delimited with whitespace.

Code Challenge is mandatory for all public clients.

After a successful request, a 302 status code that provides a URL in the HTTP header field will be returned. The URL contains the login challenge code in the form of query parameters, which can be used for validation later.

Step 2: Login Challenge Code Validation

The login challenge code needs to be validated to ensure the client that sends it has authorized access. This can be done using the OAuth2.0 - Extension: Authentication API - POST /iam/v3/authenticate endpoint. Follow these steps to make the request:

  1. Input the account username into the Username field.
  2. Input the account password into the Password field.
  3. Input the valid request ID generated during the authorization process into the Request ID field.
  4. Click Try it out!

After a successful request, a 302 status code will be returned and successful requests will be redirected to the consent page.

Step 3: User Authentication

After the login has been validated, you can move to user authentication by using the OAuth2.0: Access Token Generation - POST /iam/v3/oauth/token endpoint and following these steps:

  1. Choose your desired Grant Type. The default value is authorization_code.
  2. Input the authorization code into the Code field.
  3. Input the code received from the authorization server into the Code Verifier field.
  4. If you chose authorization_code as the grant type, input the client ID into the Client ID field.
  5. If you chose authorization_code as the grant type, input the client’s redirect URI into the Redirect URI field.
  6. If you chose refresh_token as the grant type, input the refresh token into the Refresh Token field.
  7. Click Try it out!

After a successful request the access token will be exchanged for a session ID by the API gateway. After that, the access token will be passed back to the client application to authorize access through the API Gateway.

How It Works

Player Login with username and password

static string email = "johnDoe@example.com";
static string password = "Password1";
public static void OnLogin(Result result)
{
if (!result.IsError)
{
// show the login result
Debug.Log("Login successful");
}
else
{
Debug.Log("Login failed:" + result.IsError);
}
}
public static void Main(string[] args)
{
User user = AccelBytePlugin.GetUser();
user.LoginWithUserName(email, password, OnLogin);
}

Login with a Device ID

Use the OAuth2 access token generation specific to platform: POST /iam/v3/oauth/platforms/{platformId}/token endpoint. Follow these steps to make request;

  1. Input Platform ID with platform ID to login.
  2. Input the Platform Token with authentication code returned by the Platform.
  3. Input the previously registered Client ID into the Client ID field.
  4. Input the Device ID such as; Android Device ID or any unique string.

After a successful request, the access token will be retrieved.

Login with a Steam Account

There are two ways to login with Steam Account. It can be done via Steam OpenID and In-game services.

Login Via Steam Open ID

The Steam Open ID platform is a Steam's authentication service based on the Open ID protocol. The Steam Open ID platform usually used by the web client, e.g. Player Portal for implementing login with Steam. In order to login using Steam Open ID, please follow the below steps:

Setting up the Steam OpenID Platform Login

  1. Open UAM service apidocs.
  2. Do token grant as a user with this permission ADMIN:NAMESPACE:{namespace}:PLATFORM:{platformId}:CLIENT [CREATE].
  3. Use the bearer token to add third party platform credentials by invoking this endpoint POST /iam/v3/admin/namespaces/{namespace}/platforms/{platformId}/clients

For Steam OpenID platform:

  • Input the namespace: <publisher_namespace>
  • Input the platformId: steamopenid
  1. Fill the parameters:

    {
    "AppId": "<Steam game App ID. If you don't have any, use 480>",
    "ClientId": "", // Steam doesn't use clientID, so it's safe to leave it empty
    "IsActive": true,
    "RedirectUri": "http://127.0.0.1/", // Steam doesn't use redirectURI, so it's safe to leave it empty
    "Secret": "<Your Steam Web API Key>" // How to create Steam Web API key can be found here: https://steamcommunity.com/dev/apikey
    }
  2. Finally, your Steam Open ID platform login is ready to use.

Integrating with Client

The general flow of what client should do to integrate 3rd party login in UAM:

  1. Get authorization request id.

Client, player portal for example, should hit GET /iam/v3/oauth/authorize endpoint It will redirect to login page with request_id parameter, e.g. example.net/auth/?request_id=c586293b3add4af18486ef766e586328

Generate Steam Open ID login URL:

  • Client, player portal for example, should call GET /iam/v3/oauth/platforms/steamopenid/authorize endpoint.
  • The platformId should be steamopenid and the request_id should be obtained from the previous request.
  • It will redirect to Steam login URL.
  1. Generate UAM authorization code.
  1. Exchange the auth code to UAM token.
Getting the Steam Open ID platform token manually

UAM has already done this in /iam/v3/oauth/platforms/steamopenid/authorize endpoint. But, in case it's needed for debugging purposes, generating the URL manually can be done by running this code into your javascript console.

function getSteamURL(){
const justiceApiUrl = "<your web client URL, e.g. https://example.net>";
const steamLoginWindowURL = new URL("https://steamcommunity.com/openid/login");
const urlParams = {
"openid.mode": "checkid_setup",
"openid.ns": "http://specs.openid.net/auth/2.0",
"openid.ns.sreg": "http://openid.net/extensions/sreg/1.1",
"openid.sreg.optional": "nickname,email,fullname,dob,gender,postcode,country,language,timezone",
"openid.ns.ax": "http://openid.net/srv/ax/1.0",
"openid.ax.mode": "fetch_request",
"openid.ax.type.fullname": "http://axschema.org/namePerson",
"openid.ax.type.firstname": "http://axschema.org/namePerson/first",
"openid.ax.type.lastname": "http://axschema.org/namePerson/last",
"openid.ax.type.email": "http://axschema.org/contact/email",
"openid.ax.required": "fullname,firstname,lastname,email",
"openid.identity": "http://specs.openid.net/auth/2.0/identifier_select",
"openid.claimed_id": "http://specs.openid.net/auth/2.0/identifier_select",
"openid.return_to": justiceApiUrl,
"openid.realm": justiceApiUrl
};
Object.keys(urlParams).forEach(key => steamLoginWindowURL.searchParams.set(key, urlParams[key]));
return steamLoginWindowURL.toString().
}

In-game Login

In-game using API Use the OAuth2 access token generation specific to platform: POST /iam/v3/oauth/platforms/{platformId}/token endpoint. Follow these steps to make request;

  1. Input Platform ID with platform ID to login.
  2. Input the Platform Token with authentication code returned by the Platform.
  3. Input the previously registered Client ID into the Client ID field.
  4. Input the Device ID such as; Android Device ID or any unique string.

After a successful request, the access token will be retrieved.

In-game using SDK

public static void OnLoginWithDeviceId(Result result)
{
// show the login with device id
Debug.Log(result.IsError);
}
public static void Main(string[] args)
{
User user = AccelBytePlugin.GetUser();
user.LoginWithDeviceId(OnLoginWithDeviceId);
}

Automatically in-game Login through Justice Launcher

Logging in With Launcher

When you are using the AccelByte Launcher to log in, the game will login into the same user as the user that login into the Launcher.

public static void OnLoginWithLauncher(Result result)
{
if (!result.IsError)
{
// show the login result
Debug.Log("Login successful");
}
else
{
Debug.Log("Login failed:" + result.IsError);
}
}

Login with a Discord Account

Login Via Oauth2 Discord

Discord OAuth 2.0 enables application developers to build applications that utilize authentication and data from the Discord API. Discord supports many types of authorization for example the authorization code grant, the implicit grant, client credentials, and some modified special-for-Discord flows for Bots and Webhooks. For more information, please read here: Discord More info about 3rd party login flow in UAM can be found in Login with 3rd Party Account Platform Setting up the Discord Platform Login:

  1. Open UAM service apidocs.
  2. Do token grant as an user with this permission ADMIN:NAMESPACE:{namespace}:PLATFORM:CLIENT [CREATE]
  3. Use the bearer token to add third party platform credentials by invoking this endpoint POST /iam/v3/admin/namespaces/{namespace}/platforms/{platformId}/clients For Discord Platform:
  • Input the namespace: <publisher_namespace>
  • Input the platformId: discord
  • Fill the parameters:
    {
    "AppId": " ”. <optional>",
    "ClientId": "<Discord client_id>", // How to create Discord client_id can be found here: https://discordapp.com/developers/docs/topics/oauth2
    "IsActive": true,
    "RedirectUri": "http://127.0.0.1/", // Discord doesn't use redirectURI, so it's safe to leave it empty
    "Secret": "<Discord client_secret>" // How to create Discord client_secret can be found here: https://discordapp.com/developers/docs/topics/oauth2
    }
  1. Finally, your Discord platform login is ready to use

Integrating with Client

For Discord platform, we just only need to get OAuth token from Discord OAuth and exchange the auth code to UAM token. Get Discord OAuth Token (Please use the appropriate token grant based on your client, e.g. confidential client to use the authorization code):

  1. Client, for instance player portal, should call POST /iam/v3/oauth/platforms/discord/token endpoint to exchange the Discord token into an UAM token. At the same time, if this is the first time login, the user will automatically be created. The request body is filled as the following:

    {
    "platform_token": "<token get from discord>"
    "client_id": "<client_id get from discord>"
    "device_id": // Discord platform didn’t use device_id
    }

This endpoint requires all requests to have Authorization header set with Basic access authentication constructed from client id and client secret.

  1. It will return an UAM token

Login with a Twitch Account

Login Via OAuth 2.0 Twitch Twitch OAuth 2.0 enables application developers to build applications that utilize authentication and data from the Twitch API. Twitch supports several types of tokens: ID tokens, User access tokens, App access tokens, etc. For more information, please read here: Twitch

More info about 3rd party login flow in UAM can be found in Login with 3rd Party Account Platform Setting up the Twitch Platform Login:

  1. Open UAM service apidocs.
  2. Do token grant as an user with this permission ADMIN:NAMESPACE:{namespace}:PLATFORM:CLIENT [CREATE]
  3. Use the bearer token to add third party platform credentials by invoking this endpoint POST /iam/v3/admin/namespaces/{namespace}/platforms/{platformId}/clients

For Twitch Platform:

  • Input the namespace: <publisher_namespace>
  • Input the platformId: twitch
  • Fill the parameters:
    {
    "AppId": " ”. <optional>",
    "ClientId": "<Twitch client_id>", // How to create Twitch client_id can be found here: https://dev.twitch.tv/docs/authentication#registration
    "IsActive": true,
    "RedirectUri": "http://127.0.0.1/", // twitch doesn't use redirectURI, so it's safe to leave it empty
    "Secret": "<Twitch client_secret>" // How to create Twitch client_secret can be found here: https://dev.twitch.tv/docs/authentication#registration
    }
  1. Finally, your Twitch platform login is ready to use
Integrating with Client

For Twitch platform, we just only need to get OAuth token from Twitch OAuth and exchange the auth code to UAM token. Get Twitch OAuth Token:

  1. Client, for instance player portal, should call [POST] /UAM/v3/oauth/platforms/twitch/token endpoint to exchange the Twitch token into an UAM token. At the same time, if this is the first time login, the user will automatically created.

    The request body is filled as the following:

    {
    "platform_token": "<token get from twitch>
    "client_id": "<client_id get from twitch>"
    "device_id": " // twitch platform didn’t use device_id
    }

    This endpoint requires all requests to have Authorization header set with Basic access authentication constructed from client id and client secret.

  2. It will return UAM token

Login with a Google Account

Login Via OAuth 2.0 Google

Google OAuth 2.0 enables application developers to build applications that utilize authentication and data from the Google API. Google's OAuth 2.0 APIs can be used for both authentication and authorization. For more information, please read here: Google More info about 3rd party login flow in UAM can be found in Login with 3rd Party Account Platform

Setting up the Google Platform Login:

  1. Open UAM service apidocs.
  2. Do token grant as an user with this permission ADMIN:NAMESPACE:{namespace}:PLATFORM:CLIENT [CREATE]
  3. Use the bearer token to add third party platform credentials by invoking this endpoint POST /iam/v3/admin/namespaces/{namespace}/platforms/{platformId}/clients

For Google Platform:

  • Input the namespace: <publisher_namespace>

  • Input the platformId: google

  • Fill the parameters:

    {
    "AppId": " ”. <optional>",
    "ClientId": "<Google client_id>", // How to create Google client_id can be found here: https://developers.google.com/identity/protocols/oauth2/openid-connect
    "IsActive": true,
    "RedirectUri": "http://127.0.0.1/", // Google redirectURI is optional, so it's safe to leave it empty
    "Secret": "<Google client_secret>" // How to create Google client_secret can be found here: https://developers.google.com/identity/protocols/oauth2/openid-connect
    }
  1. Finally, your Google platform login is ready to use
Integrating with Client

For Google platform, we just only need to get OAuth token from Google OAuth and exchange the auth code to UAM token. Get Google OAuth Token:

  1. Client, for instance player portal, should call [POST] /UAM/v3/oauth/platforms/google/token endpoint to exchange the Google token into an UAM token. At the same time, if this is the first time login, the user will automatically created.

    The request body is filled as the following:

    {
    "platform_token": <token get from Google>
    "client_id": <client_id get from Google>
    "device_id": "" // Google platform didn’t use device_id
    }

    This endpoint requires all requests to have Authorization header set with Basic access authentication constructed from client id and client secret.

  2. It will return UAM token

Login with a Facebook Account

Login Via OAuth 2.0 Facebook

Facebook OAuth 2.0 enables application developers to build applications that utilize authentication and data from the Facebook API. Facebook mostly does the request access and permissions via Facebook SDK but it will be handled by the developer to get the token.

Setting up the Facebook Platform Login:

  1. Open UAM service apidocs.
  2. Do token grant as an user with this permission ADMIN:NAMESPACE:{namespace}:PLATFORM:CLIENT [CREATE]
  3. Use the bearer token to add third party platform credentials by invoking this endpoint POST /iam/v3/admin/namespaces/{namespace}/platforms/{platformId}/clients For Facebook Platform:
  • Input the namespace: <publisher_namespace>

  • Input the platformId: facebook

  • Fill the parameters:

    {
    "AppId": " ”. <optional>",
    "ClientId": "<Facebook client_id>", // How to create Facebook client_id can be found here: https://developers.facebook.com/docs/facebook-login/access-tokens/#usertokens
    "IsActive": true,
    "RedirectUri": "http://127.0.0.1/", // Facebook redirectURI is optional, so it's safe to leave it empty
    "Secret": "<Facebook client_secret>" // How to create Facebook client_secret can be found here: https://developers.facebook.com/docs/facebook-login/access-tokens/#usertokens
    }
  1. Finally, your Facebook platform login is ready to use
Integrating with Client

Pre-requisites

  1. You need to set up your client ID and client secret.

For Facebook platform, we just only need to get OAuth token from Facebook OAuth and exchange the auth code to UAM token. Get Facebook OAuth Token:

  • Client, for instance player portal, should call POST /iam/v3/oauth/platforms/facebook/token endpoint to exchange the Facebook token into an UAM token. At the same time, if this is the first time login, the user will automatically be created. The request body is filled as the following:

    {
    "platform_token": <token get from facebook>
    "client_id": <client_id get from facebook>”
    "device_id": "" // Facebook platform didn’t use device_id
    }

    This endpoint requires all requests to have Authorization header set with Basic access authentication constructed from client id and client secret.

  1. It will return UAM token

Login with a Android

Login via Android has behaviour almost the same with login via device. For best practice, we encourage developers to use an unique identifier such as Android ID, UUID, or Unique Telephony Number such as IMEI, MEID, ESN, IMSI. More info about 3rd party login flow in UAM can be found in Login with 3rd Party Account Platform

Setting up the Android Platform Login:

  1. Open UAM service apidocs.

  2. Do token grant as an user with this permission ADMIN:NAMESPACE:{namespace}:PLATFORM:CLIENT [CREATE] Use the bearer token to add third party platform credentials by invoking this endpoint POST /iam/v3/admin/namespaces/{namespace}/platforms/{platformId}/clients

  3. For Android Platform:

    * Input the namespace: <publisher_namespace>
    * Input the platformId: android
    * Fill the parameters:
    ```json
    {
    "AppId": " ”. <optional>",
    "ClientId": "", //Android didn’t need clientId.
    "IsActive": true,
    "RedirectUri": "http://127.0.0.1/", // Android didn’t need redirectUri
    "Secret": "" //Android didn’t need clientSecret.
    }
    ```

    Finally, your Android platform login is ready to use

Integrating with Client

For Android platform, we just only need to specify the device_id and platformId then include it in the POST /iam/v3/oauth/platforms/android/token and it will return UAM token

The request body is filled as the following:

{
"platform_token": "" // Android platform didn’t need token
"client_id": " "Android platform didn’t need client_id
"device_id": "<Android_unique_device_id>" // Android platform unique device_id
}

This endpoint requires all requests to have Authorization header set with Basic access authentication constructed from client id and client secret.

Login with a IOS

Login via IOS has behaviour almost the same with login via device. There is no constraint for the device_id but for the best practice, we encourage developers to use an unique identifier that can differ from each device.

More info about 3rd party login flow in UAM can be found in Login with 3rd Party Account Platform

Setting up the IOS Platform Login:

  1. Open UAM service apidocs.

  2. Do token grant as an user with this permission ADMIN:NAMESPACE:{namespace}:PLATFORM:CLIENT [CREATE]

  3. Use the bearer token to add third party platform credentials by invoking this endpoint POST /iam/v3/admin/namespaces/{namespace}/platforms/{platformId}/clients

  4. For IOS Platform:

    • Input the namespace: <publisher_namespace>
    • Input the platformId: IOS
    • Fill the parameters:
      {
      "AppId": " ”. <optional>",
      "ClientId": "", //IOS didn’t need clientId.
      "IsActive": true,
      "RedirectUri": "http://127.0.0.1/", // IOS didn’t need redirectUri
      "Secret": "" //IOS didn’t need clientSecret.
      }
  5. Finally, your IOS platform login is ready to use

Integrating with Client

For IOS platform, we just only need to specify the device_id and platformId then include it in the POST /iam/v3/oauth/platforms/ios/token and it will return UAM token.

The request body is filled as the following:

{
"platform_token": " " // IOS platform didn’t need token
"client_id": " "IOS platform didn’t need client_id
"device_id": "<IOS_unique_device_id>" // IOS platform unique device_id
}

This endpoint requires all requests to have Authorization header set with Basic access authentication constructed from client id and client secret.

Tutorials

For Publishers

Creating a Platform Admin Account in Admin Portal

As the Platform Admin Account you have the credentials to configure the platform such as configuring the virtual currency, payment setup and more other features. Follow these steps below to create a Platform Admin Account.

  1. Login to the Admin Portal with your valid credentials.
  2. Go to the Platform Configurations section, then click the Roles menu.

uam

  1. Click the Create New button.
  2. Input the Role Name such as in this case you can input with “Platform Admin”.
  3. Since this is an Admin Role, you need to choose the Role Manager.

uam

  1. Once you are done click the Add button and this page will appear. Go to User Permissions and click Add.

uam

  1. Input the needed information into the Resource field, with the appropriate format.
  • Input ADMIN:NAMESPACE:*:CURRENCY to add the Virtual Currency permission.
  • Input ADMIN:NAMESPACE:*:PAYMENT to add the Payment Setup permission.
  • Select the desired Action. You can select more than one.

Click the Confirm button when you're done.

uam

  1. Once it’s done, the new permission will be added to the list.

uam

Creating a Game Admin Account in Admin Portal

In the Game Admin Account credentials you have the privilege to configure various features in the game level such as Dedicated Server Manager, Matchmaking, and Global Statistics.

  1. Login to the Admin Portal with your valid credentials.
  2. Go to the Platform Configurations section, then click the Roles menu.
  3. Click the Create New button.

uam

  1. Input the Role Name such as in this case you can input with “Game Admin”.

uam

  1. Since this is an Admin Role, you need to choose the Role Manager.

uam

  1. Once you are done click the Add button and this page will appear. Go to User Permissions and click Add.

uam

  1. Input the needed information into the Resource field, with the appropriate format.
  • Input ADMIN:DSM to add the DSM permission.
  • Input ADMIN:NAMESPACE:*:MATCHMAKING:CHANNEL to add the Matchmaking permission.
  • Input ADMIN:NAMESPACE:*:STAT to add the Global Statistics permission.
  • Select the desired Action. You can select more than one.

Click the Confirm button when you're done.

uam

  1. Once it’s done, the new permission will be added to the list.

uam

Creating a Game Client

The game client is made for a game to access the AccelByte service so that users can log into the game.

  1. Login with your valid credentials.
  2. In the dashboard, go to the Platform Configuration section and click the Clients menu.

uam

  1. The list of existing clients appears. To create a game client, choose the Game Namespace.

uam

  1. Click Create New button
  • Fill in the fields required by your client type.
  • To create a game client, choose the Game Namespace and Confidential Client type.

When you’re finished, click Create. Your new client will be added to the client list.

uam

For Game Developers

Before starting this guide, make sure you are integrated with AccelByte SDK and also have Create Game Client Credentials.

User Register In-Game

To register a user account, the user needs to provide an Email Address and Password.

private static void OnRegister(Result<UserData> result)
{
if (result.IsError)
{
Debug.Log("Register failed:", result.Error.Message);
}
else
{
Debug.Log("Register successful.");
}
}
public static void Main(string[] args)
{
var user = AccelBytePlugin.GetUser();
string email = "useremail@example.com";
string password = "password";
string displayName = "displayed";
string country = "US";
string dateOfBirth = "1995-12-30";
user.Register(email, password, displayName, OnRegister, country, dateOfBirth);
}

User Verify Ongoing Registration

After an account has been registered, it needs to be verified before it can log in.

//Let's assume that user has inputted verification code somehow after receiving email with verification code
private static void OnVerifyClicked(object sender, string verificationCode)
{
var user = AccelBytePlugin.GetUser();
user.Verify(verificationCode, OnVerify);
}
private static void OnVerify(Result result)
{
if (result.IsError)
{
Debug.Log("Verify failed:", result.Error.Message);
}
else
{
Debug.Log("Verify successful. User verified");
}
}

Player: Upgrade Headless Account with Verification Code

Upgrade a headless account by linking the headless account with the email address and password, after a successful request the account will automatically verify the email address.

static string email = "johnDoe@example.com";
static string password = "Password1";
public static void OnUpgradeAccount(Result result)
{
if (!result.IsError)
{
// show the login result
Debug.Log("Upgrade Account successful");
}
else
{
Debug.Log("Upgrade Account failed:" + result.IsError);
}
}
public static void Main(string[] args)
{
User user = AccelBytePlugin.GetUser();
user.Upgrade(email, password, OnUpgradeAccount);
}

User Login with Username and Password

This shows you how to login using Username and Password in Player Portal.

static string email = "johnDoe@example.com";
static string password = "Password1";
public static void OnLogin(Result result)
{
if (!result.IsError)
{
// show the login result
Debug.Log("Login successful");
}
else
{
Debug.Log("Login failed:" + result.IsError);
}
}
public static void Main(string[] args)
{
User user = AccelBytePlugin.GetUser();
user.LoginWithUserName(email, password, OnLogin);
}

User Login with 3rd Party - Steam

The login process for players using a 3rd party platform requires PlatformType and PlatformToken as the parameters. The registering process will be performed automatically on the first login attempt from a 3rd party platform. This way, the created account will be a headless account, because it won’t have its own username and password. Thus, it relies only on the third party platform token to login.

public static void OnLoginWithOtherPlatform(Result result)
{
if (!result.IsError)
{
// show the login result
Debug.Log("Login successful");
}
else
{
Debug.Log("Login failed:" + result.IsError);
}
}
public static void Main(string[] args)
{
User user = AccelBytePlugin.GetUser();
//Example login with steam
if (SteamManager.Initialized)
{
var ticket = new byte[1024];
uint actualTicketLength;
HAuthTicket ret = SteamUser.GetAuthSessionTicket(ticket, ticket.Length, out actualTicketLength);
Array.Resize(ref ticket, (int) actualTicketLength);
var sb = new StringBuilder();
foreach (byte b in ticket)
{
sb.AppendFormat("{0:x2}", b);
}
user.LoginWithOtherPlatform(PlatformType.Steam, sb.ToString(), OnLoginWithOtherPlatform);
}
}

User Login with AB Launcher

When you are using the AccelByte Launcher to log in, the game will login into the same user as the user that login into the Launcher.

//Attempts to login with launcher
public void LoginWithLauncher()
{
// Check if auth code is available from launcher
string authCode = Environment.GetEnvironmentVariable(AUTHORIZATION_CODE_ENVIRONMENT_VARIABLE);
if (authCode != null)
{
abUser.LoginWithLauncher(OnLogin);
// Toggle loading animation
uiHandler.FadeLoading();
}
else
{
Debug.Log("LoginWithLauncher authCode is null");
}
}
//Handles User Login, on Success it will get the User's account details
private void OnLogin(Result result)
{
if (result.IsError)
{
uiHandler.FadeLoading();
Debug.Log("Login failed:" + result.Error.Message);
Debug.Log("Login Response Code: " + result.Error.Code);
//Show Error Message
}
else
{
Debug.Log("Login successful. Getting User Data");
//Show Login Successful
//Show "Getting User Details"
GetUserDetails();
}
}

User Login Anonymously / Device ID

Just like when players log in with another platform, the account created by this process will be a headless account.

public static void OnLoginWithDeviceId(Result result)
{
if (!result.IsError)
{
// show the login result
Debug.Log("Login successful");
}
else
{
Debug.Log("Login failed:" + result.IsError);
}
}
public static void Main(string[] args)
{
User user = AccelBytePlugin.GetUser();
user.LoginWithDeviceId(OnLoginWithDeviceId);
}

User GetUserData Extracting user data and using it on the game

Getting user data retrieves all of the personal data for a specific player.

public static void OnGetUserData(Result<UserData> result)
{
if (result.IsError)
{
Debug.Log("Get data failed:", result.Error.Message);
}
else
{
Debug.Log("Get data successful.");
}
}
public static void Main(string[] args)
{
var user = AccelBytePlugin.GetUser();
user.GetData(OnGetUserData);
}

What’s Next?

  • For more information about Authentication and Authorization you can access the API references.