Get started with entitlement revocation customization
Overview
AccelByte Gaming Services (AGS) provides custom logic for handling the revocation of player assets using Extend.
This article walks you through how to set up a custom revocation for AGS. For this purpose, the Extend Override app template for entitlement revocation is used.
Prerequisites
- Go
- C#
- Java
- Python
Windows 11 WSL2 or Linux Ubuntu 22.04 or macOS 14+ with the following tools installed:
a. Bash
On Windows WSL2 or Linux Ubuntu:
bash --version
GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)
...On macOS:
bash --version
GNU bash, version 3.2.57(1)-release (arm64-apple-darwin23)
...
b. Make
On Windows WSL2 or Linux Ubuntu:
To install from the Ubuntu repository, run
sudo apt update && sudo apt install make
.make --version
GNU Make 4.3
...On macOS:
make --version
GNU Make 3.81
...
c. Docker (Docker Desktop 4.30+/Docker Engine v23.0+)
On Linux Ubuntu:
- To install from the Ubuntu repository, run
sudo apt update && sudo apt install docker.io docker-buildx docker-compose-v2
. - Add your user to the
docker
group:sudo usermod -aG docker $USER
. - Log out and log back in to allow the changes to take effect.
- To install from the Ubuntu repository, run
On Windows or macOS:
Follow Docker's documentation on installing the Docker Desktop on Windows or macOS.
docker version
...
Server: Docker Desktop
Engine:
Version: 24.0.5
...
d. Go v1.19
Follow Go's installation guide.
go version
go version go1.19.0 ...
e. Postman
- Use the available binary from Postman.
f. ngrok
- Follow ngrok's installation guide.
- Use the available binary from extend-helper-cli.
Windows 11 WSL2 or Linux Ubuntu 22.04 or macOS 14+ with the following tools installed:
a. Bash
On Windows WSL2 or Linux Ubuntu:
bash --version
GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)
...On macOS:
bash --version
GNU bash, version 3.2.57(1)-release (arm64-apple-darwin23)
...
b. Make
On Windows WSL2 or Linux Ubuntu:
To install from the Ubuntu repository, run
sudo apt update && sudo apt install make
.make --version
GNU Make 4.3
...On macOS:
make --version
GNU Make 3.81
...
c. Docker (Docker Desktop 4.30+/Docker Engine v23.0+)
On Linux Ubuntu:
- To install from the Ubuntu repository, run
sudo apt update && sudo apt install docker.io docker-buildx docker-compose-v2
. - Add your user to the
docker
group:sudo usermod -aG docker $USER
. - Log out and log back in to allow the changes to take effect.
- To install from the Ubuntu repository, run
On Windows or macOS:
Follow Docker's documentation on installing the Docker Desktop on Windows or macOS.
docker version
...
Server: Docker Desktop
Engine:
Version: 24.0.5
...
d. .NET 6 SDK
On Linux Ubuntu:
To install from the Ubuntu repository, run
sudo apt-get update && sudo apt-get install -y dotnet-sdk-6.0
.On Windows or macOS:
Follow Microsoft's documentation for installing .NET on Windows or on macOS.
dotnet --version
6.0.128
e. Postman
- Use the available binary from Postman.
f. ngrok
- Follow ngrok's installation guide.
- Use the available binary from extend-helper-cli.
Windows 11 WSL2 or Linux Ubuntu 22.04 or macOS 14+ with the following tools installed:
a. Bash
On Windows WSL2 or Linux Ubuntu:
bash --version
GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)
...On macOS:
bash --version
GNU bash, version 3.2.57(1)-release (arm64-apple-darwin23)
...
b. Make
On Windows WSL2 or Linux Ubuntu:
To install from the Ubuntu repository, run
sudo apt update && sudo apt install make
.make --version
GNU Make 4.3
...On macOS:
make --version
GNU Make 3.81
...
c. Docker (Docker Desktop 4.30+/Docker Engine v23.0+)
On Linux Ubuntu:
- To install from the Ubuntu repository, run
sudo apt update && sudo apt install docker.io docker-buildx docker-compose-v2
. - Add your user to the
docker
group:sudo usermod -aG docker $USER
. - Log out and log back in to allow the changes to take effect.
- To install from the Ubuntu repository, run
On Windows or macOS:
Follow Docker's documentation on installing the Docker Desktop on Windows or macOS.
docker version
...
Server: Docker Desktop
Engine:
Version: 24.0.5
...
d. JDK 17
On Linux Ubuntu:
To install from the Ubuntu repository, run:
sudo apt update && sudo apt install openjdk-17-jdk
.On Windows or macOS:
Follow Microsoft's documentation for installing the Microsoft Build for OpenJDK.
java --version
openjdk 17.0.10 2024-01-16
...
e. Postman
- Use the available binary from Postman.
f. ngrok
- Follow ngrok's installation guide.
- Use the available binary from extend-helper-cli.
Windows 11 WSL2 or Linux Ubuntu 22.04 or macOS 14+ with the following tools installed:
a. Bash
On Windows WSL2 or Linux Ubuntu:
bash --version
GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)
...On macOS:
bash --version
GNU bash, version 3.2.57(1)-release (arm64-apple-darwin23)
...
b. Make
On Windows WSL2 or Linux Ubuntu:
To install from the Ubuntu repository, run
sudo apt update && sudo apt install make
.make --version
GNU Make 4.3
...On macOS:
make --version
GNU Make 3.81
...
c. Docker (Docker Desktop 4.30+/Docker Engine v23.0+)
On Linux Ubuntu:
- To install from the Ubuntu repository, run
sudo apt update && sudo apt install docker.io docker-buildx docker-compose-v2
. - Add your user to the
docker
group:sudo usermod -aG docker $USER
. - Log out and log back in to allow the changes to take effect.
- To install from the Ubuntu repository, run
On Windows or macOS:
Follow Docker's documentation on installing the Docker Desktop on Windows or macOS.
docker version
...
Server: Docker Desktop
Engine:
Version: 24.0.5
...
d. Python 3.10
On Linux Ubuntu:
To install from the Ubuntu repository, run
sudo apt update && sudo apt install python3 python3-venv
.On Windows or macOS:
Use the available installer here.
python3 --version
Python 3.10.12
e. Postman
- Use the available binary from Postman.
f. ngrok
- Follow ngrok's installation guide.
- Use the available binary from extend-helper-cli.
- Access to the AGS Admin Portal environment.
- Base URL:
<your environment's domain URL>
- Example for AGS Shared Cloud customer:
https://spaceshooter.prod.gamingservices.accelbyte.io
- Example for AGS Private Cloud customer:
https://dev.customer.accelbyte.io
- Example for AGS Shared Cloud customer:
- Create a game namespace if you don't have one yet. Take note of the namespace ID.
- Create an OAuth Client with
confidential
client type. Keep theClient ID
andClient Secret
.
- Base URL:
Clone the app template
- Go
- C#
- Java
- Python
git clone https://github.com/AccelByte/revocation-grpc-plugin-server-go.git
git clone https://github.com/AccelByte/revocation-grpc-plugin-server-csharp.git
git clone https://github.com/AccelByte/revocation-grpc-plugin-server-java.git
git clone https://github.com/AccelByte/revocation-grpc-plugin-server-python.git
Set up, run, and test an Extend app
This section covers how to set up, build, run, and then test an Extend app.
Set up the Extend app
To be able to run this app, follow these setup steps:
Create a docker compose
.env
file by copying the content of the.env.template
file.noteThe host OS environment variables have higher precedence compared to the
.env
file variables. If the variables in the.env
file do not seem to take effect properly, check if there are host OS environment variables with the same name. For more details, refer to Docker's documentation about the docker compose environment variables precedence.Fill in the required environment variables in the
.env
file as shown below.AB_BASE_URL=https://test.accelbyte.io # Base URL of AGS environment
AB_CLIENT_ID='xxxxxxxxxx' # Client ID from the Prerequisites section
AB_CLIENT_SECRET='xxxxxxxxxx' # Client Secret from the Prerequisites section
AB_NAMESPACE='xxxxxxxxxx' # Namespace ID from the Prerequisites section
PLUGIN_GRPC_SERVER_AUTH_ENABLED=true # Enable or disable access token validationnoteIn this app,
PLUGIN_GRPC_SERVER_AUTH_ENABLED
istrue
by default. If it is set tofalse
, thegRPC server
can be invoked without theAccelByte Gaming Services
access token. This option is provided for development purposes only. It is recommended to enablegRPC server
access token validation in the production environment.
Build the Extend app
To build this app, run the following command:
make build
Run the Extend app
To (build and) run this app in a container, run the following command:
docker compose up --build
Test the Extend app
You can test the Extend app in a local development environment or with AGS.
Test in a local development environment
Before testing, make sure PLUGIN_GRPC_SERVER_AUTH_ENABLED
is set to false
. Otherwise, the gRPC request will be rejected by the gRPC server
.
The custom functions in this app can be tested locally using Postman. To test the Extend app using Postman, follow these steps:
Run this app by using the following command:
docker compose up --build
In Postman, create a new gRPC request, then type in
localhost:6565
as the server URL. For more information, see Postman's guide about supporting gRPC.Continue by selecting
Revocation/Revoke
method and invoke it with the following sample message:{
"revokeEntryType": "CURRENCY",
"namespace": "test",
"userId": "4423f033c38a40b9afdc8844e13647b7",
"quantity": 1,
"currency": {
"namespace": "test",
"currencyCode": "VCA",
"balanceOrigin": "SYSTEM"
}
}If successful, you will receive responses similar to the following:
{
"status": "SUCCESS",
"customRevocation": [
{
"key": "namespace",
"value": "test"
},
{
"key": "userId",
"value": "4423f033c38a40b9afdc8844e13647b7"
},
{
"key": "quantity",
"value": "1"
},
{
"key": "currencyNamespace",
"value": "test"
},
{
"key": "currencyCode",
"value": "VCA"
},
{
"key": "balanceOrigin",
"value": "SYSTEM"
}
]
}
Test with AGS
For testing this app which is running locally with AccelByte Gaming Services
,
the gRPC server
needs to be exposed to the internet. To do this without requiring public IP, we can use something like ngrok.
To test the app, which runs locally with AGS, the gRPC server
needs to be connected to the internet. To do this without requiring public IP, you can use ngrok.
Run this app by using the following command:
docker compose up --build
Sign in to ngrok and get your
authtoken
from the ngrok dashboard.In this app root directory, expose the
gRPC server
port in local development environment to the internet by running the following command:make ngrok NGROK_AUTHTOKEN=xxxxxxxxxxx
Take note of the
ngrok
forwarding URL, e.g.,http://0.tcp.ap.ngrok.io:xxxxx
.In the Admin Portal, go to the correct namespace for the configuration and do the following:
- On the sidebar menu, go to Commerce > Customization > Revocation.
- Click Add Configuration if you have not added any.
- Select the option Locally hosted (for testing purpose). Put the
ngrok
forwarding URL from the previous step and click Create.
Create an OAuth Client with
confidential
client type and containing the following permissions:- For AGS Private Cloud customers:
ADMIN:NAMESPACE:{namespace}:PLUGIN:REVOCATION [UPDATE,DELETE]
ADMIN:NAMESPACE:{namespace}:USER:*:WALLET [READ,UPDATE]
ADMIN:NAMESPACE:{namespace}:USER:*:REVOCATION [UPDATE]
ADMIN:NAMESPACE:{namespace}:USER:*:ORDER [CREATE]
ADMIN:NAMESPACE:{namespace}:STORE [CREATE,READ,UPDATE,DELETE]
ADMIN:NAMESPACE:{namespace}:CATEGORY [CREATE]
ADMIN:NAMESPACE:{namespace}:CURRENCY [CREATE,READ,DELETE]
ADMIN:NAMESPACE:{namespace}:ITEM [CREATE,READ,DELETE]
ADMIN:NAMESPACE:{namespace}:INFORMATION:USER:* [CREATE,DELETE]
NAMESPACE:{namespace}:WALLET [READ]
- For AGS Shared Cloud customers:
- Platform Store -> Service Plugin Config (Read, Update, Delete)
- Platform Store -> Wallet (Read, Update)
- Platform Store -> Revocation (Update, Delete)
- Platform Store -> Order (Create)
- Platform Store -> Store (Create, Read, Update, Delete)
- Platform Store -> Category (Create)
- Platform Store -> Currency (Create, Read, Delete)
- Platform Store -> Item (Read, Create, Delete)
- IAM -> User (Create, Delete)
important- Keep a copy of the
Client ID
andClient Secret
. - The Oauth Client created in this step is different from the one mentioned in the Prerequisites section. It is required by the CLI demo app for the next step.
- For AGS Private Cloud customers:
Run the demo CLI app.
- Go
- C#
- Java
- Python
In the
demo/cli
folder, create an.env
file by copying the content of.env.template
file and set the required environment variables as shown below:AB_BASE_URL=https://test.accelbyte.io
AB_CLIENT_ID=xxxxxxxxxx # Use Client ID from the previous step
AB_CLIENT_SECRET=xxxxxxxxxx # Use Client secret from the previous step
AB_NAMESPACE=xxxxxxxxxx # Use your Namespace ID\
GRPC_SERVER_URL=0.tcp.ap.ngrok.io:xxxxx # Use your ngrok forwarding URL without `https://`Then, run the following commands to execute the CLI demo app:
cd demo/cli
make run ENV_FILE_PATH=.envRun the the following commands command to execute the CLI demo app:
export AB_BASE_URL='https://test.accelbyte.io'
export AB_CLIENT_ID='xxxxxxxxxx' # Use Client ID from the previous step
export AB_CLIENT_SECRET='xxxxxxxxxx' # Use Client secret from the previous step
export AB_NAMESPACE='xxxxxxxxxx' # Use your Namespace ID
export GRPC_SERVER_URL=0.tcp.ap.ngrok.io:xxxxx # Use your ngrok forwarding URL without `https://`
cd src/AccelByte.PluginArch.Revocation.Demo.Client
dotnet run -- --grpc-target "$GRPC_SERVER_URL"In the
demo/cli
folder, create an.env
file by copying the content of.env.template
file and set the required environment variables as shown below:AB_BASE_URL=https://test.accelbyte.io
AB_CLIENT_ID=xxxxxxxxxx # Use Client ID from the previous step
AB_CLIENT_SECRET=xxxxxxxxxx # Use Client secret from the previous step
AB_NAMESPACE=xxxxxxxxxx # Use your Namespace ID
GRPC_SERVER_URL=0.tcp.ap.ngrok.io:xxxxx # Use your ngrok forwarding URL without `https://`Then, run the following commands to execute the CLI demo app:
cd demo/cli
make build
make run-only ENV_FILE_PATH=.envIn the
demo/cli
folder, create an.env
file by copying the content of.env.template
file and set the required environment variables as shown below:AB_BASE_URL=https://test.accelbyte.io
AB_CLIENT_ID=xxxxxxxxxx # Use Client ID from the previous step
AB_CLIENT_SECRET=xxxxxxxxxx # Use Client secret from the previous step
AB_NAMESPACE=xxxxxxxxxx # Use your Namespace ID
GRPC_SERVER_URL=0.tcp.ap.ngrok.io:xxxxx # Use your ngrok forwarding URL without `https://`Then, run the following commands to execute the CLI demo app:
cd demo/cli
make setup
make run
The ngrok free plan has some limitations, so you may want to use a paid plan if the traffic is high.
Deploy in AGS
Deploying an Extend app in AGS involves the following steps in the Admin Portal:
- Create the Extend app.
- Upload the Extend app.
- Configure the Extend app.
- Deploy the Extend app.
- Set AGS to use the Extend app.
Create the Extend app
- In the AGS Admin Portal, go to the namespace where you wish to create your Extend Override app.
- On the sidebar menu, under ADD-ONS, go to Extend > Override.
- On the Overridable Feature page, click on the + Create New button.
- On the Create App form, provide a name and description (optional) for your Extend app.
- Click Create. Your new Extend app is added to the Overridable Feature app list.
Upload the Extend app
Set up an OAuth Client for extend-helper-cli.Create an OAuth Client with
confidential
client type and containing the following permission:- For AGS Private Cloud customers:
ADMIN:NAMESPACE:{namespace}:EXTEND:REPOCREDENTIALS
[READ]ADMIN:NAMESPACE:{namespace}:EXTEND:APP
[READ]
- For AGS Shared Cloud customers:
- Extend > Extend app image repository access (Read)
- Extend > App (Read)
Keep a copy of the
Client ID
andClient Secret
.- For AGS Private Cloud customers:
Copy the extend-helper-cli command to perform docker login on the Extend app details page under Repository Authentication Command.
Export the required environment variables and perform docker login using extend-helper-cli. Run this command:
- Linux
- Windows (WSL2)
- macOS
# Your AGS environment base URL, e.g., https://spaceshooter.prod.gamingservices.accelbyte.io, https://dev.accelbyte.io, etc.
export AB_BASE_URL='https://xxxxxxxxxx'
# Client ID of OAuth Client for extend-helper-cli (from step 1)
export AB_CLIENT_ID='xxxxxxxxxx'
# Client Secret of OAuth Client for extend-helper-cli (from step 1)
export AB_CLIENT_SECRET='xxxxxxxxxx'
# The command to perform docker login (from step 2)
./extend-helper-cli-linux_amd64 dockerlogin --namespace <game namespace> --app <app name> --login# Your AGS environment base URL, e.g., https://spaceshooter.prod.gamingservices.accelbyte.io, https://dev.accelbyte.io, etc.
export AB_BASE_URL='https://xxxxxxxxxx'
# Client ID of OAuth Client for extend-helper-cli (from step 1)
export AB_CLIENT_ID='xxxxxxxxxx'
# Client Secret of OAuth Client for extend-helper-cli (from step 1)
export AB_CLIENT_SECRET='xxxxxxxxxx'
# The command to perform docker login (from step 2)
./extend-helper-cli-linux_amd64 dockerlogin --namespace <game namespace> --app <app name> --login# Your AGS environment base URL, e.g., https://spaceshooter.prod.gamingservices.accelbyte.io, https://dev.accelbyte.io, etc.
export AB_BASE_URL='https://xxxxxxxxxx'
# Client ID of OAuth Client for extend-helper-cli (from step 1)
export AB_CLIENT_ID='xxxxxxxxxx'
# Client Secret of OAuth Client for extend-helper-cli (from step 1)
export AB_CLIENT_SECRET='xxxxxxxxxx'
# The command to perform docker login (from step 2)
./extend-helper-cli-darwin_amd64 dockerlogin --namespace <game namespace> --app <app name> --loginimportantWe recommend running the above commands in a separate terminal and in a different working directory than the Extend app project. This is to reduce the chances of the extend-helper-cli picking up the environment variables for the Extend app project instead.
The output of a successful login looks similar to the following:
INFO[0000] signing in to https://dev.accelbyte.io
INFO[0001] getting docker credentials...
WARNING! Your password will be stored unencrypted in /home/xyz-abc/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login SucceededimportantIf you get the following error, refer to Troubleshooting: Docker login fails for troubleshooting steps .
Error saving credentials: error storing credentials - err: exit status 1, out: `error storing credentials - err: exit status 1, out: `The stub received bad data.`
Upload the Extend app container image to AGS using
extend-helper-cli image-upload
command. You can specify your extend app project by using-w
parameter. For image tag, you can put v0.0.1. For example:- Linux
- Windows (WSL2)
- macOS
./extend-helper-cli-linux_amd64 image-upload -n <game namespace> -a <app name> -w <extend app source dir> -t <image tag>
./extend-helper-cli-linux_amd64 image-upload -n <game namespace> -a <app name> -w <extend app source dir> -t <image tag>
./extend-helper-cli-darwin_amd64 image-upload -n <game namespace> -a <app name> -w <extend app source dir> -t <image tag>
infoYou can use the
--login
parameter to log in and upload the image simultaneously using a single command. Refer to the extend-helper-cli README text for more details.If your images are successfully uploaded, you will see an image with version v0.0.1 on the Image Version History page.
Configure the Extend app
Before deploying the Extend app that you uploaded, you must configure the environment variables required by the Extend app. In the app's details page, set the following environment variables with the same values that you used to run and test the Extend app locally.
AB_CLIENT_ID
AB_CLIENT_SECRET
If your Extend Override app is based on the template before release v2024.02.13, make sure to set PLUGIN_GRPC_SERVER_AUTH_ENABLED
environment variable to true
. Otherwise, the access token validation in the Extend app is disabled and your Extend app may be accessed without a valid access token.
Since release v2024.02.13**, PLUGIN_GRPC_SERVER_AUTH_ENABLED
in Extend Override app template is set to true
by default. The access token validation can only be disabled when PLUGIN_GRPC_SERVER_AUTH_ENABLED
is explicitly set to false
. To align with this, all new Extend apps created through the Admin Portal will not have PLUGIN_GRPC_SERVER_AUTH_ENABLED
environment variable set by default. Previously, PLUGIN_GRPC_SERVER_AUTH_ENABLED=false
is added on all new Extend apps created through the Admin Portal.
Deploy the Extend app
To deploy the Extend app, click Deploy Latest Image. Wait until the app status updates to RUNNING, which indicates that your Extend app is successfully deployed.
Set AGS to use the Extend app
In the Admin Portal, go to Commerce > Customization > Revocation. Click on the edit (pencil) button in the Overridden by section to edit the existing configuration.
Select the AccelByte hosted option and choose the Extend app we have just deployed. Click Save to finish.
Next step
Proceed to modify this template project and create your own Extend Override app for entitlement revocation. See Introduction to entitlement revocation.