Add permissions to an IAM client
Overview
AccelByte Gaming Services (AGS) uses identity and access management (IAM) clients to manage which game resources can be accessed and manipulated by applications. This How-to will walk you through adding permissions to an IAM client you created for your game using the AGS Admin Portal.
For more information about IAM clients and how they interact with AGS, see Manage access control for applications.
Prerequisites
To manage IAM clients, you will need an AGS account with Admin Portal administrator privileges to the game namespace you wish to create an IAM client for. If you don't have access, please reach out to your AccelByte account representative.
You will also need an IAM client created in your desired game namespace to add permissions to it.
Add permissions to an IAM client
- On the Admin Portal sidebar, select Game Setup > Games and Apps > IAM Clients.
- From the IAM Clients list, find the IAM client you want to edit and click on its ID to view its details.
- On the details page of the IAM Client, go to the Permissions tab and click on the + Add button. The Add Client Permission form appears.
- Fill in the required information on the form:
- Resource: A permission resource is a string containing multiple tokens that the system uses to grant access to specific resources. For more information, see permissions.
- Action: Select which actions this permission will be able to perform.
- Click Confirm to add the new permission to the IAM client.
Get application access token using AGS SDKs
A Credential client requires a valid access token for server-to-server (S2S) calls to AGS.
The code below generates a valid access token using AGS SDK for a credential client.
- Unreal
- Unity
- Go Extend SDK
- Python Extend SDK
- Java Extend SDK
- C# Extend SDK
bool bServerLoggedIn = false;
bool bServerLoginComplete = false;
FRegistry::ServerOauth2.LoginWithClientCredentials(FVoidHandler::CreateLambda([&bServerLoggedIn, &bServerLoginComplete]()
{
UE_LOG(LogAccelByteEcommerceTest, Log, TEXT("Server Login Success"));
bServerLoginComplete = bServerLoggedIn = true;
}), FErrorHandler::CreateLambda([&bServerLoggedIn, &bServerLoginComplete](int32 ErrCode, FString const& ErrMsg)
{
UE_LOG(LogAccelByteEcommerceTest, Error, TEXT("Server Login Success"));
bServerLoginComplete = true;
}));
WaitUntil(bServerLoginComplete, "Waiting for server logged in...");
DedicatedServer server = AccelByteServerPlugin.GetDedicatedServer();
Result loginServerResult = null;
server.LoginWithClientCredentials(result => loginServerResult = result);
yield return TestHelper.WaitForValue(() => loginServerResult);
err := oauth.LoginClient(&clientId, &clientSecret)
import accelbyte_py_sdk.services.auth as auth_service
from accelbyte_py_sdk.core import AccelByteSDK
from accelbyte_py_sdk.core import MyConfigRepository
sdk = AccelByteSDK()
sdk.initialize(
options={
"config": MyConfigRepository(
base_url="https://****.accelbyte.io",
client_id="********************************",
client_secret="********************************",
namespace="********",
)
}
)
result, error = auth_service.login_client(sdk=sdk)
if error:
exit(error)
DefaultConfigRepository configRepo = new DefaultConfigRepository();
final AccelByteSDK sdk1 =
new AccelByteSDK(
new AccelByteConfig(new OkhttpClient(), new DefaultTokenRepository(), configRepo));
boolean loggedIn = sdk1.loginClient();
assertTrue(loggedIn);
final String token = sdk1.getSdkConfiguration().getTokenRepository().getToken();
final AccessTokenPayload payload = sdk1.parseAccessToken(token, false);
assertNotNull(payload);
string accessToken = String.Empty;
bool isSuccess = sdk.LoginClient((tokenResp) =>
{
accessToken = tokenResp.AccessToken!;
});
if (isSuccess)
{
//do something with `accessToken`.
}