Skip to main content

Set up AWS Cognito as an identity provider

Last updated on October 24, 2024

Overview

This guide helps verified Amazon Web Services (AWS) developers connect Amazon Cognito users to AccelByte Gaming Services (AGS). You may need to set up additional features within AWS services that we haven't listed here. For full information about setting up AWS services, we recommend contacting your AWS representative and reviewing AWS documentation.

Goals

Enable the Amazon Cognito authentication method for your publisher website with the AccelByte Player Portal.

Prerequisites

  • An AWS Account.
  • A Unity or Unreal game project with the latest version of the AccelByte Game SDK imported.
  • An AGS Admin Portal account to set up authentication and manage permissions.
  • A game namespace.
  • Familiarity with AGS Identity and Access Management (IAM) Clients.

Set up Amazon Cognito

Create an Amazon Cognito user pool

A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your game through Amazon Cognito. Follow the guide for creating a user pool to create a new user pool.

Under the Integrate your app section, you need to:

  • Set your initial app client type to public.
  • Add your BaseURL as Allowed callback URLs (BaseURL is your domain address, e.g., https://development.accelbyte.io).
  • Set ALLOW_USER_PASSWORD_AUTH on the Authentication flows.

Set up Amazon Cognito users

After creating a user pool, you have to manage your users in your user pool. For more details, refer to the guide for managing users in your user pool.

Set up Amazon Cognito login methods

Use the following steps to set up Amazon Cognito logins in your game. This will allow your players to sign in to your game using their Amazon Cognito accounts.

  1. In the AGS Admin portal, go to your publisher namespace.

  2. On the sidebar menu, go to Game Setup > 3rd Party Configuration > Auth & Account Linking.

  3. On the Auth & Account Linking page, click on the + Add New button.

    go to the Admin Portal Login Method menu click add new

  4. From the list of login method options, select AWS Cognito.

    click the AWS Cognito button

  5. Fill the AWS Cognito User Pool field with your User Pool ID and the AWS Cognito Region field with your Amazon Cognito region. configure Amazon Cognito login

  6. You will redirect to the details page. At this point, you just need to activate it and it can be used. Activate Amazon Cognito

Create IAM client

An IAM client is a representation of the game client that you want to release on your target platform.

If you already have an IAM Client for your game on a specific SDK Platform (e.g., Xbox, Steam, or Playstation), you don't have to create a new IAM Client. Since AWS Cognito is not a platform on which to build games, you can use an existing IAM Client. Learn more about IAM Clients by reading Manage access control for applications.

In-game login instructions

The setup for each game engine is different. Select your game engine from the available tabs.

In-game login integration (Unreal)

You can integrate your game to sign in with AccelByte SDK so that your players can log in to games using Amazon Cognito credentials and the implementation will use AWS SDK.

Preparation and configuration (Unreal)

Adding dependency (Unreal)

First you need to add public dependency modules called AccelByteUe4Sdk. This dependency is needed for integrating your project to use the AccelByte SDK Plugin within Unreal Engine.

public ABThirdPartyLogin(ReadOnlyTargetRules Target) : base(Target)
{
PCHUsage = PCHUsageMode.UseExplicitOrSharedPCHs;

PublicDependencyModuleNames.AddRange(new string[] { "Core", "CoreUObject", "Engine", "InputCore" , "AccelByteUe4Sdk", "Slate", "SlateCore" , "AWSCore"});

PrivateDependencyModuleNames.AddRange(new string[] { "Json", "HTTP" });

}

Add AccelByteUe4Sdk in <YourProject>.Target.cs and <YourProjectEditor>.Target.cs.

public ABThirdPartyLoginTarget( TargetInfo Target) : base(Target)
{
Type = TargetType.Game;
DefaultBuildSettings = BuildSettingsVersion.V2;
ExtraModuleNames.AddRange( new string[] { "ABThirdPartyLogin", "AccelByteUe4Sdk" } );
}
public ABThirdPartyLoginEditorTarget( TargetInfo Target) : base(Target)
{
Type = TargetType.Editor;
DefaultBuildSettings = BuildSettingsVersion.V2;
ExtraModuleNames.AddRange( new string[] { "ABThirdPartyLogin", "AccelByteUe4Sdk" } );
}

Project settings for Amazon Cognito login (Unreal)

Add your AccelByte credentials in your DefaultEngine.ini file.

[/Script/AccelByteUe4Sdk.AccelByteSettings]
ClientId=<Your Client_Id>
ClientSecret=<Your Client_Secret>
Namespace=<Your Namespace>
PublisherNamespace=<Your Publisher Namespace>
RedirectURI="http://127.0.0.1"
BaseUrl="https://prod.gamingservices.accelbyte.io"
IamServerUrl="https://prod.gamingservices.accelbyte.io/iam"
PlatformServerUrl="https://prod.gamingservices.accelbyte.io/platform"

Sample code implementation (Unreal)

Here's how you can include the AWS SDK for C++ in your Unreal Engine project:

  1. Open your Unreal Engine project.
  2. Create a new folder in your project's "Source" directory. You can name it something like "AWS".
  3. Copy the aws-cpp-sdk-core folder from the extracted AWS SDK source code to the newly created "AWS" folder in your Unreal Engine project.
  4. In your Unreal Engine project's source code, locate the <YourProjectName>.Build.cs file. It is usually located in the Source directory and has the same name as your project.
  5. Open the <YourProjectName>.Build.cs file in a text editor.
  6. Inside the <YourProjectName>.Build.cs file, add the "AWSCore" following lines to the PublicDependencyModuleNames section
  7. Save the changes and close the file.
  8. Build your Unreal Engine project. The AWS SDK for C++ code will be compiled along with your project.

After completing these steps, you should be able to include the necessary AWS SDK headers and use the AWS SDK classes and functions in your Unreal Engine project and Get Access Token to able login into AccelByte. Below is a sample that you can implement into your code.

// Set up AWS credentials
Aws::Auth::AWSCredentials credentials("YOUR_ACCESS_KEY_ID", "YOUR_SECRET_ACCESS_KEY");

// Create an Amazon Cognito Identity Provider client object
Aws::CognitoIdentityProvider::CognitoIdentityProviderClient cognitoClient(credentials);

// Construct the authentication request
Aws::CognitoIdentityProvider::Model::InitiateAuthRequest initiateAuthRequest;
initiateAuthRequest.SetAuthFlow(Aws::CognitoIdentityProvider::Model::AuthFlowType::USER_PASSWORD_AUTH);
initiateAuthRequest.SetClientId("YOUR_USER_POOL_CLIENT_ID");
initiateAuthRequest.SetAuthParameters({
{"USERNAME", "YOUR_USERNAME"},
{"PASSWORD", "YOUR_PASSWORD"}
});

// Send the authentication request to Amazon Cognito
auto initiateAuthOutcome = cognitoClient.InitiateAuth(initiateAuthRequest);

if (initiateAuthOutcome.IsSuccess())
{
// Retrieve the access token from the authentication response
const auto& challengeResponse = initiateAuthOutcome.GetResult().GetChallengeParameters();
const auto& accessToken = challengeResponse["ACCESS_TOKEN"];

// Use the access token for AWS SDK calls
// Create an S3 client object
Aws::S3::S3Client s3Client(credentials);

// Example API call: List S3 buckets
Aws::S3::Model::ListBucketsRequest listBucketsRequest;
auto listBucketsOutcome = s3Client.ListBuckets(listBucketsRequest);

if (listBucketsOutcome.IsSuccess())
{
// Handle successful response
FString Message = TEXT("Successfully listed S3 buckets!");
UE_LOG(LogTemp, Warning, TEXT("%s"), *Message);
OnActionInfoUpdated.Broadcast(Message);
const FString PlatformToken = accessToken;
UE_LOG(LogTemp, Warning, TEXT("PlatformToken : %s"), *PlatformToken);
OnActionInfoUpdated.Broadcast(FString::Printf(TEXT("PlatformToken : %s"), *PlatformToken));

FRegistry::User.LoginWithOtherPlatform(EAccelBytePlatformType::AWSCognito, PlatformToken, OnLoginSuccessDelegate, OnLoginErrorDelegate);
UE_LOG(LogTemp, Warning, TEXT("Request LoginWithOtherPlatform"));
OnActionInfoUpdated.Broadcast(TEXT("Request LoginWithOtherPlatform"));
}
else
{
// Handle error
FString Message = FString::Printf(TEXT("Error listing S3 buckets: %s"), *listBucketsOutcome.GetError().GetMessage().c_str());
UE_LOG(LogTemp, Warning, TEXT("%s"), *Message);
OnActionInfoUpdated.Broadcast(Message);
}
}
else
{
// Handle authentication error
FString Message = FString::Printf(TEXT("Authentication error: %s"), *initiateAuthOutcome.GetError().GetMessage().c_str());
UE_LOG(LogTemp, Warning, TEXT("%s"), *Message);
OnActionInfoUpdated.Broadcast(Message);
}
note

platform_token for Amazon Cognito authentication is the Access Token.

After adding this sample code to your project, compile your project, then build and run it. That's it!

Sample code testing (Unreal)

The screenshot below demonstrates that the code works and we are able to log in using Amazon Cognito with the sample code.
Successful sample code testing in Unreal