Skip to main content

Get started with entitlement revocation customization

Last updated on October 31, 2024

Overview

AccelByte Gaming Services (AGS) provides custom logic for handling the revocation of player assets using Extend.

This article walks you through how to set up a custom revocation for AGS. For this purpose, the Extend Override app template for entitlement revocation is used.

Prerequisites

  1. Windows 11 WSL2 or Linux Ubuntu 22.04 or macOS 14+ with the following tools installed:

    a. Bash

    • On Windows WSL2 or Linux Ubuntu:

      bash --version

      GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)
      ...
    • On macOS:

      bash --version

      GNU bash, version 3.2.57(1)-release (arm64-apple-darwin23)
      ...

    b. Make

    • On Windows WSL2 or Linux Ubuntu:

      To install from the Ubuntu repository, run sudo apt update && sudo apt install make.

      make --version

      GNU Make 4.3
      ...
    • On macOS:

      make --version

      GNU Make 3.81
      ...

    c. Docker (Docker Desktop 4.30+/Docker Engine v23.0+)

    • On Linux Ubuntu:

      1. To install from the Ubuntu repository, run sudo apt update && sudo apt install docker.io docker-buildx docker-compose-v2.
      2. Add your user to the docker group: sudo usermod -aG docker $USER.
      3. Log out and log back in to allow the changes to take effect.
    • On Windows or macOS:

      Follow Docker's documentation on installing the Docker Desktop on Windows or macOS.

      docker version

      ...
      Server: Docker Desktop
      Engine:
      Version: 24.0.5
      ...

    d. Python 3.10

    • On Linux Ubuntu:

      To install from the Ubuntu repository, run sudo apt update && sudo apt install python3 python3-venv.

    • On Windows or macOS:

      Use the available installer here.

      python3 --version

      Python 3.10.12

    e. Postman

    • Use the available binary from Postman.

    f. ngrok

    g. extend-helper-cli

  1. Access to the AGS Admin Portal environment.
    • Base URL: <your environment's domain URL>
      • Example for AGS Shared Cloud customer: https://spaceshooter.prod.gamingservices.accelbyte.io
      • Example for AGS Private Cloud customer: https://dev.customer.accelbyte.io
    • Create a game namespace if you don't have one yet. Take note of the namespace ID.
    • Create an OAuth Client with confidential client type. Keep the Client ID and Client Secret.

Clone the app template

git clone https://github.com/AccelByte/revocation-grpc-plugin-server-python.git

Set up, run, and test an Extend app

This section covers how to set up, build, run, and then test an Extend app.

Set up the Extend app

To be able to run this app, follow these setup steps:

  1. Create a docker compose .env file by copying the content of the .env.template file.

    note

    The host OS environment variables have higher precedence compared to the .env file variables. If the variables in the .env file do not seem to take effect properly, check if there are host OS environment variables with the same name. For more details, refer to Docker's documentation about the docker compose environment variables precedence.

  2. Fill in the required environment variables in the .env file as shown below.

    AB_BASE_URL=https://test.accelbyte.io     # Base URL of AGS environment
    AB_CLIENT_ID='xxxxxxxxxx' # Client ID from the Prerequisites section
    AB_CLIENT_SECRET='xxxxxxxxxx' # Client Secret from the Prerequisites section
    AB_NAMESPACE='xxxxxxxxxx' # Namespace ID from the Prerequisites section
    PLUGIN_GRPC_SERVER_AUTH_ENABLED=true # Enable or disable access token validation
    note

    In this app, PLUGIN_GRPC_SERVER_AUTH_ENABLED is true by default. If it is set to false, the gRPC server can be invoked without the AccelByte Gaming Services access token. This option is provided for development purposes only. It is recommended to enable gRPC server access token validation in the production environment.

Build the Extend app

To build this app, run the following command:

make build

Run the Extend app

To (build and) run this app in a container, run the following command:

docker compose up --build

Test the Extend app

You can test the Extend app in a local development environment or with AGS.

Test in a local development environment

important

Before testing, make sure PLUGIN_GRPC_SERVER_AUTH_ENABLED is set to false. Otherwise, the gRPC request will be rejected by the gRPC server.

The custom functions in this app can be tested locally using Postman. To test the Extend app using Postman, follow these steps:

  1. Run this app by using the following command:

    docker compose up --build
  2. In Postman, create a new gRPC request, then type in localhost:6565 as the server URL. For more information, see Postman's guide about supporting gRPC.

  3. Continue by selecting Revocation/Revoke method and invoke it with the following sample message:

    {
    "revokeEntryType": "CURRENCY",
    "namespace": "test",
    "userId": "4423f033c38a40b9afdc8844e13647b7",
    "quantity": 1,
    "currency": {
    "namespace": "test",
    "currencyCode": "VCA",
    "balanceOrigin": "SYSTEM"
    }
    }

    If successful, you will receive responses similar to the following:

    {
    "status": "SUCCESS",
    "customRevocation": [
    {
    "key": "namespace",
    "value": "test"
    },
    {
    "key": "userId",
    "value": "4423f033c38a40b9afdc8844e13647b7"
    },
    {
    "key": "quantity",
    "value": "1"
    },
    {
    "key": "currencyNamespace",
    "value": "test"
    },
    {
    "key": "currencyCode",
    "value": "VCA"
    },
    {
    "key": "balanceOrigin",
    "value": "SYSTEM"
    }
    ]
    }

Test with AGS

For testing this app which is running locally with AccelByte Gaming Services, the gRPC server needs to be exposed to the internet. To do this without requiring public IP, we can use something like ngrok.

To test the app, which runs locally with AGS, the gRPC server needs to be connected to the internet. To do this without requiring public IP, you can use ngrok.

  1. Run this app by using the following command:

    docker compose up --build
  2. Sign in to ngrok and get your authtoken from the ngrok dashboard.

  3. In this app root directory, expose the gRPC server port in local development environment to the internet by running the following command:

    make ngrok NGROK_AUTHTOKEN=xxxxxxxxxxx

    Take note of the ngrok forwarding URL, e.g., http://0.tcp.ap.ngrok.io:xxxxx.

  4. In the Admin Portal, go to the correct namespace for the configuration and do the following:

    1. On the sidebar menu, go to Commerce > Customization > Revocation.
    2. Click Add Configuration if you have not added any.
    3. Select the option Locally hosted (for testing purpose). Put the ngrok forwarding URL from the previous step and click Create.
  5. Create an OAuth Client with confidential client type and containing the following permissions:

    • For AGS Private Cloud customers:
      • ADMIN:NAMESPACE:{namespace}:PLUGIN:REVOCATION [UPDATE,DELETE]
      • ADMIN:NAMESPACE:{namespace}:USER:*:WALLET [READ,UPDATE]
      • ADMIN:NAMESPACE:{namespace}:USER:*:REVOCATION [UPDATE]
      • ADMIN:NAMESPACE:{namespace}:USER:*:ORDER [CREATE]
      • ADMIN:NAMESPACE:{namespace}:STORE [CREATE,READ,UPDATE,DELETE]
      • ADMIN:NAMESPACE:{namespace}:CATEGORY [CREATE]
      • ADMIN:NAMESPACE:{namespace}:CURRENCY [CREATE,READ,DELETE]
      • ADMIN:NAMESPACE:{namespace}:ITEM [CREATE,READ,DELETE]
      • ADMIN:NAMESPACE:{namespace}:INFORMATION:USER:* [CREATE,DELETE]
      • NAMESPACE:{namespace}:WALLET [READ]
    • For AGS Shared Cloud customers:
      • Platform Store -> Service Plugin Config (Read, Update, Delete)
      • Platform Store -> Wallet (Read, Update)
      • Platform Store -> Revocation (Update, Delete)
      • Platform Store -> Order (Create)
      • Platform Store -> Store (Create, Read, Update, Delete)
      • Platform Store -> Category (Create)
      • Platform Store -> Currency (Create, Read, Delete)
      • Platform Store -> Item (Read, Create, Delete)
      • IAM -> User (Create, Delete)
    important
    • Keep a copy of the Client ID and Client Secret.
    • The Oauth Client created in this step is different from the one mentioned in the Prerequisites section. It is required by the CLI demo app for the next step.
  6. Run the demo CLI app.

    In the demo/cli folder, create an .env file by copying the content of .env.template file and set the required environment variables as shown below:

    AB_BASE_URL=https://test.accelbyte.io
    AB_CLIENT_ID=xxxxxxxxxx # Use Client ID from the previous step
    AB_CLIENT_SECRET=xxxxxxxxxx # Use Client secret from the previous step
    AB_NAMESPACE=xxxxxxxxxx # Use your Namespace ID
    GRPC_SERVER_URL=0.tcp.ap.ngrok.io:xxxxx # Use your ngrok forwarding URL without `https://`

    Then, run the following commands to execute the CLI demo app:

    cd demo/cli
    make setup
    make run
info

The ngrok free plan has some limitations, so you may want to use a paid plan if the traffic is high.

Deploy in AGS

Deploying an Extend app in AGS involves the following steps in the Admin Portal:

  1. Create the Extend app.
  2. Upload the Extend app.
  3. Configure the Extend app.
  4. Deploy the Extend app.
  5. Set AGS to use the Extend app.

Create the Extend app

  1. In the AGS Admin Portal, go to the namespace where you wish to create your Extend Override app.
  2. On the sidebar menu, under ADD-ONS, go to Extend > Override.
  3. On the Overridable Feature page, click on the + Create New button.
  4. On the Create App form, provide a name and description (optional) for your Extend app.
  5. Click Create. Your new Extend app is added to the Overridable Feature app list.

Upload the Extend app

  1. Set up an OAuth Client for extend-helper-cli.Create an OAuth Client with confidential client type and containing the following permission:

    • For AGS Private Cloud customers:
      • ADMIN:NAMESPACE:{namespace}:EXTEND:REPOCREDENTIALS [READ]
      • ADMIN:NAMESPACE:{namespace}:EXTEND:APP [READ]
    • For AGS Shared Cloud customers:
      • Extend > Extend app image repository access (Read)
      • Extend > App (Read)

    Keep a copy of the Client ID and Client Secret.

  2. Copy the extend-helper-cli command to perform docker login on the Extend app details page under Repository Authentication Command.

    Repository authentication command in Admin Portal

  3. Export the required environment variables and perform docker login using extend-helper-cli. Run this command:

    # Your AGS environment base URL, e.g., https://spaceshooter.prod.gamingservices.accelbyte.io, https://dev.accelbyte.io, etc.
    export AB_BASE_URL='https://xxxxxxxxxx'
    # Client ID of OAuth Client for extend-helper-cli (from step 1)
    export AB_CLIENT_ID='xxxxxxxxxx'
    # Client Secret of OAuth Client for extend-helper-cli (from step 1)
    export AB_CLIENT_SECRET='xxxxxxxxxx'

    # The command to perform docker login (from step 2)
    ./extend-helper-cli-linux_amd64 dockerlogin --namespace <game namespace> --app <app name> --login
    important

    We recommend running the above commands in a separate terminal and in a different working directory than the Extend app project. This is to reduce the chances of the extend-helper-cli picking up the environment variables for the Extend app project instead.

    The output of a successful login looks similar to the following:

    INFO[0000] signing in to https://dev.accelbyte.io 
    INFO[0001] getting docker credentials...
    WARNING! Your password will be stored unencrypted in /home/xyz-abc/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store

    Login Succeeded
    important

    If you get the following error, refer to Troubleshooting: Docker login fails for troubleshooting steps .

    Error saving credentials: error storing credentials - err: exit status 1, out: `error storing credentials - err: exit status 1, out: `The stub received bad data.`
  4. Upload the Extend app container image to AGS using extend-helper-cli image-upload command. You can specify your extend app project by using -w parameter. For image tag, you can put v0.0.1. For example:

    ./extend-helper-cli-linux_amd64 image-upload -n <game namespace> -a <app name> -w <extend app source dir> -t <image tag>   
    info

    You can use the --login parameter to log in and upload the image simultaneously using a single command. Refer to the extend-helper-cli README text for more details.

    If your images are successfully uploaded, you will see an image with version v0.0.1 on the Image Version History page.

    Image shows the image history in AGS Admin Portal

Configure the Extend app

Before deploying the Extend app that you uploaded, you must configure the environment variables required by the Extend app. In the app's details page, set the following environment variables with the same values that you used to run and test the Extend app locally.

  • AB_CLIENT_ID
  • AB_CLIENT_SECRET
warning

If your Extend Override app is based on the template before release v2024.02.13, make sure to set PLUGIN_GRPC_SERVER_AUTH_ENABLED environment variable to true. Otherwise, the access token validation in the Extend app is disabled and your Extend app may be accessed without a valid access token.

Since release v2024.02.13**, PLUGIN_GRPC_SERVER_AUTH_ENABLED in Extend Override app template is set to true by default. The access token validation can only be disabled when PLUGIN_GRPC_SERVER_AUTH_ENABLED is explicitly set to false. To align with this, all new Extend apps created through the Admin Portal will not have PLUGIN_GRPC_SERVER_AUTH_ENABLED environment variable set by default. Previously, PLUGIN_GRPC_SERVER_AUTH_ENABLED=false is added on all new Extend apps created through the Admin Portal.

Deploy the Extend app

To deploy the Extend app, click Deploy Latest Image. Wait until the app status updates to RUNNING, which indicates that your Extend app is successfully deployed.

Set AGS to use the Extend app

In the Admin Portal, go to Commerce > Customization > Revocation. Click on the edit (pencil) button in the Overridden by section to edit the existing configuration.

click the overridden by revocation section

Select the AccelByte hosted option and choose the Extend app we have just deployed. Click Save to finish.

choosing an AccelByte extend app

Next step

Proceed to modify this template project and create your own Extend Override app for entitlement revocation. See Introduction to entitlement revocation.