Last Updated: 9/24/2021, 12:41:47 AM

# 3rd Party Login Integration

# Overview

AccelByte provides 3rd Party Login Integration and Single Sign-On (SSO), to enable players to log into your game or platform with a credential from a 3rd party. When a player uses 3rd party credentials to sign into your game or platform for the first time without first creating an account, a headless account (an account without an email address) will be created for that player. You can offer players the option to upgrade their headless account to a full account in your game or on your platform. Players need to provide an email address and date of birth to create full login credentials.

After players create a headed account, they can then link their accounts from other 3rd party platforms to it. This enables cross-progression, or the ability for players to access their game data and continue play from different platforms.

# Supported Platforms

Here’s a table showing the platforms we support, and the features they offer:

Single Sign-On In-App Purchases Entitlements
Device ID* Y N N
Steam Y Y Y
Epic Online Services Y Y Y
PlayStation 4 + 5 Y Y Y
Xbox Live Y Y Y
Nintendo Y Y Y
Stadia Y Y Y
AWS Cognito Y N N
Microsoft Azure** Y N N

Device ID*

Device ID can refer to a computer’s serial number, the IMEI of a mobile device, or some other unique identifier. Device ID can be used both for testing and as an easy way for players to log into mobile games without an account.

Microsoft Azure**

3rd party login using Microsoft Azure credentials is only for the Admin Portal. It’s intended to give development or other teams that already have Microsoft accounts a quick way to access the Admin Portal without having to first have an account created for them.

# Prerequisites

Before implementing 3rd Party Login, make sure you’ve set up the following items:

# Permissions

Permissions are used to grant access to specific resources within our services. Make sure your account has the following permissions before you attempt to integrate 3rd Party Login in the Admin Portal. For a full list of permissions that impact identity access management, see the IAM tab of the permissions reference (opens new window).

Usage Permission Tag Action
Add SSO Platform Credential ADMIN:NAMESPACE:{namespace}:PLATFORM:{platformId}:SSO Create
Add Third Party Platform Credential ADMIN:NAMESPACE:{namespace}:PLATFORM:{platformId}:CLIENT Create

Permissions work slightly differently depending on whether they are assigned to IAM Clients or Roles assigned to users. For more information, read the Authentication and Authorization documentation.

# How it Works

# Logging in with 3rd Party Platform Credentials

When a player wants to log in to the game using a 3rd party platform, the game client sends the authorization request to the 3rd Party service, and the 3rd Party service will send a response containing the Platform Token. Then, the SDK will call the LoginWithOtherPlatform function using the 3rd party Platform Token to our IAM service. The IAM service will validate the token to the 3rd party service, meaning that it will check if the token is valid and came from a verified user. Once the 3rd party service validates the token, the IAM service will return the IAM token to the SDK.

3rd-party-integration

# Upgrading a Headless Account

When a player logs into your game or platform using 3rd party credentials, a headless account (an account without an associated email address) will be created for them. It’s possible for players to upgrade a headless account into a full account by providing an email address and password. When an upgrade is triggered, the SDK calls the upgrade function with the player’s email address and password. Then the IAM service will send a verification email to the player. The player can verify their email address using the code included in the email. After verification, the account will be usable.

3rd-party-integration

# Enabling Login with 3rd Party Platforms

Enabling 3rd party login consists of configuring login from your chosen platform in the Admin Portal, then using our SDK to retrieve the Auth token for that platform and log players in with their 3rd party credentials.

3rd party login can either be configured in a game namespace, or in the publisher namespace. When you configure login from a 3rd party platform within a game namespace, only that game will be accessible using the credentials from the configured platform. If you make these configurations in the publisher namespace instead, they will not only apply to all of your games, but also Player Portal or Launcher.

# Device ID

# Configuring Login with Device ID in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select Device, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

    • Input the URL where the user will be directed once the account authorization is successful in the Redirect URL field. The default URL for Device ID is http://127.0.0.1.
  4. When you’re done, click Create.

# Retrieving the Device ID Auth Token Using the SDK

The Device ID Auth token is whatever is retrieved by either Unity or UE4. To retrieve the Device ID Auth token, use the following function:

# Steam

# Configuring Login with Steam Web Login in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select Steam Web, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

    1. When you’re done, click Create.

# Configuring Login with Steam SDK Login in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select Steam SDK, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

    • Input Steam’s App ID for your game in the App ID field. For testing purposes, you can also input 480 which is the ID for Steam’s test game.
    • Input your Publisher Web API Key (opens new window) in the Steam Web API Key field.
    • Input the URL where the user will be directed once the account authorization is successful in the Redirect URL field. For in-game login, use the default URL which is http://127.0.0.1.
  4. When you’re done, click Create.

# Retrieving the Steam Auth Ticket Using the SDK

To get the Steam Auth ticket in Unity, use the tickets obtained from Steamworks.NET. For UE4, use the ticket obtained from Steamworks.

# Epic Online Services

# Configuring Login with EOS ID in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select Epic Games, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

  4. When you’re done, click Create.

# Retrieving the EOS Auth Token Using the SDK

For Unity, you can get the Auth token for EOS by using the EOS SDK (opens new window). For UE4 you can use the EOS C# SDK (opens new window). Here are the functions to retrieve the EOS Auth token:

# PlayStation 4

# Configuring Login with PSN Web Login in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select PSN Web, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

    • Input the Client ID for your game in the PlayStation App Server in the App ID field.
    • Input the Client ID for your game in the PlayStation App Server in the Client ID field.
    • Input the Client Secret for your game in the PlayStation App Server in the Secret field.
    • Select your environment type in the Environment field. You can choose from the below options:
    Environment Purpose
    sp-int Development
    prod-qa QA
    np Live Environment
    • Input the URL where the user will be directed once the account authorization is successful in the Redirect URL field. For PS4, the default URL is orbis://games.
  4. When you’re done, click Create.

# Configuring Login with PS4 SDK Login in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select PSN 4 SDK, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

    • Input the Client ID for your game in the PlayStation App Server in the App ID field.
    • Input the Client Secret for your game in the PlayStation App Server in the Secret field.
    • Select your environment type in the Environment field. You can choose from the below options:
    Environment Purpose
    sp-int Development
    prod-qa QA
    np Live Environment
    • Input the URL where the user will be directed once the account authorization is successful in the Redirect URL field. For PS4, the default URL is orbis://games.
  4. When you’re done, click Create.

IMPORTANT

This configuration can only be used for PS4 games, not PS4 Cross-Gen games. For PS4 Cross-Gen games, use PS5 as the platform.

# Retrieving the PS4 Auth Code Using the SDK

For Unity, you can get the Auth code by using NpToolkit (opens new window). For UE4, you can use OnlineSubsystemPS4 which is already included in UE4.

# PlayStation 5

# Configuring Login with PS5 SDK Login in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select PSN 5 SDK, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

    • Input the Client ID for your game in the PlayStation App Server in the App ID field.
    • Input the Client Secret for your game in the PlayStation App Server in the Secret field.
    • Select your environment type in the Environment field. You can choose from the below options:
    Environment Purpose
    sp-int Development
    prod-qa QA
    np Live Environment
    • Input the URL where the user will be directed once the account authorization is successful in the Redirect URL field. For PS5, the default URL is orbis://games.
  4. When you’re done, click Create.

TIP

This configuration can be used for both PS5 games and PS4 Cross-Gen games.

# Retrieving the PS5 Auth Code Using the SDK

For PS5, you can get the Auth code by using the function below. For now, only UE4 is supported.

# Xbox Live

# Configuring Login with Xbox Web Login in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select Xbox Web, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

  4. When you’re done, click Create.

# Configuring Login with Xbox SDK Login in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select Xbox, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

  4. When you’re done, click Create.

# Retrieving the Xbox Auth Token Using the SDK

For Xbox, you can get the Auth token by using the function below:

# Nintendo

# Configuring Login with Nintendo ID in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select Nintendo, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

    • Input the Application ID for your application in the App ID field. You can find your Application ID in your product information in the Nintendo Developer Portal.
    • In the Redirect URL field, input http://127.0.0.1 for in-game login. Otherwise enter the desired destination on your website.
  4. When you’re done, click Create.

# Retrieving the Nintendo Auth Token Using the SDK

You can enable login with Nintendo credentials by using the UE4 OSS. For now, only UE4 is supported.

UE4 (with OSS)

Prerequisites:

  • You must have the Nintendo Dev Kit for deployment.
  • You must have downloaded and set up Nintendo Online Subsystem into your UE4 environment.

Configuration steps:

3rd-party-integration

  1. In BaseSwitchEngine.ini under Engine/Platforms/Switch/Config, set StartupAccountMode to Required
  2. You can now call Nintendo login using the OSS by using IOnlineSubsystem::Get()->GetIdentityInterface()->Login()

# Stadia

# Configuring Login with Stadia ID in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select Stadia, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

    • Input your game’s Stadia Account ID in the Client ID field.
    • Input your game’s secret in the Secret field.
    • Input the URL where the user will be directed once the account authorization is successful in the Redirect URL field. For Stadia, the default URL is http://127.0.0.1.
  4. When you’re done, click Create.

# Retrieving the Stadia Auth Code Using the SDK

For Stadia, you can get the Auth code by requesting a user's JWT token, or you can use the Stadia Platform Support package (opens new window). For now, only Unity is supported.

# AWS Cognito

# Configuring Login with Amazon ID in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select AWS Cognito, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

  4. When you’re done, click Create.

# Retrieving the AWS Auth Token Using the SDK

For Unity, you can get the Auth token by using the AWS SDK for .NET (opens new window). For UE4 you can use the AWS C++ SDK (opens new window). Here is an example of how to get an AWS Cognito Auth token:

You can also get an Auth token by making a HTTP Request (opens new window), as seen in the example below.

For more details about setting up platform authentication, refer to the AWS documentation (opens new window).

# Microsoft Azure

You can enable 3rd party login using Microsoft Azure credentials for the Admin Portal. This gives teams that use Microsoft accounts an easy way to access the Admin Portal without having to have an account created for them.

IMPORTANT

In addition to the steps below, there are some tasks that must be performed in the Azure Portal to enable 3rd party login using Microsoft Azure. Please contact AccelByte if you need assistance.

# Configuring Login with Microsoft ID in the Admin Portal

  1. Go to the Admin Portal and open the desired namespace. From there, click the Login Methods menu.

    3rd-party-integration

  2. In the Platform list on the Login Configurations page select Microsoft, then click Configure Now.

    3rd-party-integration

  3. The Create Configuration form appears. Fill in the required fields below:

    3rd-party-integration

    • Input the Entity ID from your Basic SAML Configuration in the App ID field.
    • Input the Reply URL from your Basic SAML Configuration in the ACS URL field.
    • Input the App Federation Metadata URL from the SAML Signing Certificate in the Federation Metadata URL field.
  4. When you’re done, click Create.

# Enabling Login with 3rd Party Platform Credentials Using the SDK

For a player to log into your game or platform with 3rd party credentials, the game needs to pass the Auth token from the 3rd party platform whose credentials the player is using to the publisher platform.

# Upgrade a Headless Account Using the SDK

Players can upgrade a headless account by linking the headless account to their email address and creating a password.

# Upgrade an Account

Use this function to initiate an account upgrade:

# Verify the Player After an Account Upgrade

Verifying the player after they upgrade their account is done in two steps. First, the game will send the verification code to the player’s email. Then the verification code will be sent back to the IAM service for verification.

# Send Verification Code to Email

Use this function to send the verification code to a player’s email address.

# Send Verification Code from Email to IAM Service

Use this function to send the verification code from the player’s email back to the IAM Service.

# SSO Configurations

Single Sign-On (SSO) enables players to log in with a single credential to access several independent services. To enable SSO we use Discourse (opens new window), which is an open-source discussion platform that can be used as a mailing list.

# Create a New SSO Configuration

  1. Go to the Admin Portal, and click on the SSO Configurations menu.

    3rd-party-integration

  2. Click the Configure Now button to add a new configuration.

    3rd-party-integration

  3. The Add Discourse Configuration appears. Fill in the required information:

    3rd-party-integration

    • Input the URL to which players will be redirected in the SSO URL field.
    • Input the Secret Key from Discourse in the Secret Key field.
    • Input the API Key (opens new window) from Discourse in the API Key field
  4. When you’re done, click Submit.

  5. After creating the configuration, it will be accessible from the Discourse SSO Configuration panel on the SSO Configurations page.

    3rd-party-integration

  • In addition to distributing your game on 3rd party platforms, you can build your own platform with our Player Portal and Launcher services.
  • Learn more about managing accounts in the User Accounts documentation.
  • In addition to login, AccelByte also offers Entitlement and In-App Purchase integration with several platforms.