Skip to main content

3rd-party Login Integration

Last updated on

Overview

AccelByte Foundations provides 3rd-party login integration and Single Sign-On (SSO) to enable players to log into your game or platform with credentials from a third party. When a player uses 3rd-party credentials to sign into your game or platform for the first time without first creating an account, a headless account (an account without an email address) will be created for that player. You can offer players the option to upgrade their headless account to a full account in your game or on your platform. Players need to provide an email address and date of birth to create full login credentials.

After players create a headed account, they can then link their accounts from other third party platforms to it. This enables cross-progression, or the ability for players to access their game data and continue play from different platforms.

Supported Platforms

Here’s a table showing the platforms we support, and the features they offer:

3rd-party LoginIn-App PurchasesEntitlements
Device ID*YNN
AppleYYN
AWS CognitoYNN
Epic GamesYYY
GoogleYYN
Microsoft Azure**YNN
NetflixYNN
TwitchYYY
SnapchatYNY
DiscordYNN
NintendoYYY
PlayStation 4 + 5YYY
SteamYYY
Xbox LiveYYY
OpenID ConnectYNN
Device ID*

Device ID can refer to a computer’s serial number, the IMEI of a mobile device, or some other unique identifier. Device ID can be used both for testing and as an easy way for players to log into mobile games without an account.

3rd-party Login

**3rd-party login using Microsoft Azure credential is available only for the Admin Portal and is intended to give teams that already have Microsoft accounts a quick way to access the Admin Portal without needing an account.

Prerequisites

Before implementing 3rd-party logins, make sure you’ve set up the following:

Enabling Login with 3rd-party Platforms in the Admin Portal

To enable 3rd-party login, you must configure the logins from your chosen platform in the Admin Portal and then use our SDK to retrieve the Auth token for that platform to log players in with their 3rd-party credentials.

3rd-party logins can be configured in a game namespace. When you configure logins from a 3rd-party platform within a game namespace, only that game will be accessible using the credentials from the configured platform.

Follow the steps below to set up the 3rd-party Store configuration in the Admin Portal.

  1. First make sure you are in the namespace you want to configure. Go to the User Management section of the main menu and select Login Methods.

  2. Click Add New to add a new platform configuration.

    3rd-party-integration

  3. On the Login Platform Configuration page, select the platform you want to configure.

    3rd-party-integration

  4. The Create Configuration form will appear. Fill in the required fields below (these will differ for each third party:

    Device ID

    3rd-party-integration

    • In the Redirect URL field, input the URL where the user will be directed once the account authorization is successful. The default URL is http://127.0.0.1.

    Apple

    IMPORTANT

    Currently we only support login integration for your Apple Developer Portal website or web platform using these credentials. In-game login is not yet supported.

    3rd-party-integration

    Complete the fields using the settings from the Apple Developer Portal for your game.

    AWS Cognito

    3rd-party-integration

    • Input the User Pool ID that you created in the AWS Cognito console for your game in the User Pool ID field.
    • Input the desired AWS Cognito Region code in the Region field, e.g., us-west-1.

    Google

    IMPORTANT

    Currently we only support 3rd-party login integration for your website or web platform using these credentials. In-game login is supported but requires some additional steps.

    See Unity tutorial for more information. Unreal Engine tutorial will be coming soon!

    3rd-party-integration

    Complete the fields as follows:

    • Input the Client ID from your Google OAuth Client Google Developer Console account in the Client ID field.
    • Input the Secret from your Google OAuth Client Google Developer Console account in the Secret field.
    • Input the URI that the user will be directed to once the account authorization is successful in the Redirect URI field. The Redirect URI should direct the player back to your server after they successfully log in
    NOTE

    If you want to implement Google Play Games sign-in on Android, please read Integrate Unity Google Play Games Sign-in with Foundations.

    Epic Games

    3rd-party-integration

    • Input the App ID that you've set in the Epic Developer Portal for your game in the App ID field.
    • Input the Client ID that you set in the Epic Developer Portal for your game in the Client ID field.
    • Input the Client Secret that you set in the Epic Developer Portal for your game in the Secret field.
    • Input the URL where the user will be directed once the account authorization is successful in the Redirect URL field. The default URL for EOS is http://127.0.0.1.

    Microsoft Azure

    IMPORTANT

    In addition to the steps below, there are some tasks that must be performed in the Azure Portal to enable 3rd-party login using Microsoft Azure. Please contact AccelByte for further assistance.

    3rd-party-integration

    • Input the Entity ID from your Basic SAML Configuration in the App ID field.
    • Input the Reply URL from your Basic SAML Configuration in the ACS URL field.
    • Input the App Federation Metadata URL from the SAML Signing Certificate in the Federation Metadata URL field.

    Netflix

    3rd-party-integration

    Complete the fields as follows:

    • Select your environment type in the Environment field. You can choose from the following options:
    EnvironmentPurpose
    ProductionDevelopment
    Live ProductionQA
    • Upload the Root Certificate .pem file.
    • Upload the Public Certificate .pem file.
    • Upload the Encrypted Private Key .pem file.
    NOTE

    You can download the mTLS certificate on the mTLS tab in your Netflix Partner Account Manager.

    Nintendo

    3rd-party-integration

    • Input the Application ID for your application in the App ID field. You can find your Application ID in your product information in the Nintendo Developer Portal.
    • In the Redirect URL field, input http://127.0.0.1 for in-game login. Otherwise enter the desired destination on your website.

    PS4 SDK Login

    3rd-party-integration

    • Input the Client ID for your game in the PlayStation App Server in the App ID field.

    • Input the Client Secret for your game in the PlayStation App Server in the Secret field.

    • Select your environment type in the Environment field. You can choose from the below options:

      Environment
      EnvironmentPurpose
      sp-intDevelopment
      prod-qaQA
      npLive Environment
    • Input the URL where the user will be directed once the account authorization is successful in the Redirect URL field. For PS4, the default URL is orbis://games.

    PS5 SDK Login

    3rd-party-integration

    • Input the Client ID for your game in the PlayStation App Server in the App ID field.

    • Input the Client Secret for your game in the PlayStation App Server in the Secret field.

    • Select your environment type in the Environment field. You can choose from the below options:

      Environment
      EnvironmentPurpose
      sp-intDevelopment
      prod-qaQA
      npLive Environment
    • Input the URL where the user will be directed once the account authorization is successful in the Redirect URL field. For PS5, the default URL is orbis://games.

    Snapchat

    3rd-party-integration

    Complete the fields as follows:

    • Input the Client ID in the Client ID field.
    • Input the Client Secret in the Client Secret field.
    • Input the URI that the user will be directed to once the account authorization is successful in the Redirect URI field. This URI should direct the player back to your server after they successfully log in.

    Steam Web Login

    3rd-party-integration

    Complete the fields as follows:

    • Input your Publisher Web API Key in the Steam Web API Key field.
    • Input the URI that the user will be directed to once the account authorization is successful in the Redirect URI field. The default URI for Steam is http://127.0.0.1.

    Steam SDK Login

    3rd-party-integration

    • Input Steam’s App ID for your game in the App ID field. For testing purposes, you can also input 480 which is the ID for Steam’s test game.
    • Input your Publisher Web API Key in the Steam Web API Key field.
    • Input the URL where the user will be directed once the account authorization is successful in the Redirect URL field. For in-game login, use the default URL which is http://127.0.0.1.

    Twitch

    3rd-party-integration Complete the fields as follows:

    • Input the Client ID in the Client ID field.
    • Input the Client Secret in the Client Secret field.
    • Input the URI that the user will be directed to once the account authorization is successful in the Redirect URI field. The Redirect URI should direct the player back to your server after they successfully log in.

    Discord

    3rd-party-integration

    Complete the fields as follows:

    • Input the Client ID that you set in the Discord Developer Portal in the Client ID field.
    • Input the Client Secret that you set in the Discord Developer Portal in the Client Secret field.
    • Input the URI that the user will be directed to once the account authorization is successful in the Redirect URI field. For Discord, the default URI is http://127.0.0.1.

    Xbox SDK Login

    3rd-party-integration

    OpenID Connect

    1. In the Platform Identity Provider form, fill in the fields with the appropriate information.

    3rd-party-integration

    • Platform Name: Type the 3rd-party platform name.
    • Platform ID: Type the platform identity provider of your chosen 3rd-party platform.
    • JWKS URL: Type the 3rd-party JWKS.
    • Issuer: Type the authorization server's issuer identifier. This identifier is an URL that uses the https scheme and has no query or fragment components.
    • Client ID: Type your Client ID of your selected platform.
    NOTE

    The way in which you obtain your Client ID will differ across providers. Please check your provider's documentation for more information.

    Once completed, click Next.

    1. Fill the Token Claims Mapping form with the following information:

    3rd-party-integration

    • Field Name in ID Token: Type the name of the ID Token Claim’s field that contains the user’s name.
    • Field Email in ID Token: Type the email of the ID Token Claim’s field that contains the user’s email.
    • Field Profile Picture URL in ID: Type the profile picture URL of the ID Token Claim’s field that contains the user’s profile picture URL.
    TIP

    Read OpenID’s documentation for more information on token claims.

    Once completed, click Create.

Enabling Login with 3rd-party Platform Credentials Using the SDK

For a player to log into your game or platform with 3rd-party credentials, the game needs to pass the Auth token from the 3rd-party platform whose credentials the player is using to the game studio platform.

bool b3rdPtPlatformLoginSuccessful1 = false;
EAccelBytePlatformType Your3rdPtPlatformType = EAccelBytePlatformType::Steam;
FString Your3rdPtPlatformAuthCode;
FRegistry::User.LoginWithOtherPlatform(Your3rdPtPlatformType, Your3rdPtPlatformAuthCode,
FVoidHandler::CreateLambda([ & ]() {
UE_LOG(LogTemp, Log, TEXT("Success"));
b3rdPtPlatformLoginSuccessful1 = true;
}),
FErrorHandler::CreateLambda([](int32 ErrorCode,
const FString & ErrorMessage) {
UE_LOG(LogTemp, Fatal, TEXT("Error. Code: %d, Reason: %s"), ErrorCode, * ErrorMessage)
}));

Retrieve the Authentication Token Using the SDK

Device ID

The Device ID Auth token is whatever is retrieved by either Unity or Unreal Engine. To retrieve the Device ID Auth token, use the following function:

FString DeviceIdToken = FGenericPlatformMisc::GetDeviceId();

Apple

You can read how to integrate Unity Apple sign-in with Foundations services here.

FString AppleAuthCode = TEXT("auth code from apple");
FRegistry::User.LoginWithOtherPlatform(EAccelBytePlatformType::Apple, AppleAuthCode, FVoidHandler::CreateLambda([]()
{
UE_LOG(LogAccelByteUserTest, Log, TEXT(" Success"));
}),
FErrorHandler::CreateLambda([&bAppleLoginDone](int32 ErrorCode, const FString& ErrorMessage)
{
UE_LOG(LogAccelByteUserTest, Warning, TEXT(" Error. Code: %d, Reason: %s"), ErrorCode, *ErrorMessage);
}));

AWS

For Unity, you can get the Auth token by using the AWS SDK for .NET. For Unreal Engine you can use the AWS C++ SDK. Here is an example of how to get an AWS Cognito Auth token:

Aws::CognitoIdentityProvider::Model::InitiateAuthRequest initiateAuthRequest;
initiateAuthRequest.SetClientId(APP_CLIENT_ID);
initiateAuthRequest.SetAuthFlow(Aws::CognitoIdentityProvider::Model::AuthFlowType::USER_PASSWORD_AUTH);
map < string, string > authParameters {
{
"USERNAME",
username
}, {
"PASSWORD",
password
}
};
initiateAuthRequest.SetAuthParameters(authParameters);
Aws::CognitoIdentityProvider::Model::InitiateAuthOutcome initiateAuthOutcome {
s_AmazonCognitoClient - > InitiateAuth(initiateAuthRequest)
};
if (initiateAuthOutcome.IsSuccess()) {
Aws::CognitoIdentityProvider::Model::InitiateAuthResult initiateAuthResult {
initiateAuthOutcome.GetResult()
};
if (initiateAuthResult.GetChallengeName() == Aws::CognitoIdentityProvider::Model::ChallengeNameType::NOT_SET) {
// for this code sample, this is what we expect, there should be no further challenges
// there are more complex options, for example requiring the user to reset the password the first login
// or using a more secure password transfer mechanism which will be covered in later examples
Aws::CognitoIdentityProvider::Model::AuthenticationResultType authenticationResult = initiateAuthResult.GetAuthenticationResult();
s_AccessToken = authenticationResult.GetAccessToken();
}
}

You can also get an Auth token by making an HTTP Request, as seen in the example below.

FHttpRequestPtr Request = FHttpModule::Get().CreateRequest();
Request - > SetURL(FString::Printf(TEXT("https://cognito-idp.%s.amazonaws.com/"), * AwsRegion));
Request - > SetVerb("POST");
Request - > SetHeader(TEXT("Content-Type"), "application/x-amz-json-1.1");
Request - > SetHeader(TEXT("Accept"), TEXT("/"));
Request - > SetHeader(TEXT("X-Amz-Target"), TEXT("AWSCognitoIdentityProviderService.InitiateAuth"));
Request - > SetContentAsString(
FString::Printf(TEXT(R "({"
AuthFlow ":"
USER_PASSWORD_AUTH ","
AuthParameters ": {"
PASSWORD ": " % s ","
USERNAME ": " % s "},"
ClientId ": " % s "})"), * Password, * Username, * AwsClientId)
);
Request - > ProcessRequest();

For more details about setting up platform authentication, refer to the AWS documentation.

Epic Games

For Unity, you can get the Auth token for EOS by using the EOS SDK. For Unreal Engine you can use the EOS C# SDK. Here are the functions to retrieve the EOS Auth token:

void LoginEpicGames() {
EOS_Auth_Credentials Credentials = {
0
};
Credentials.ApiVersion = EOS_AUTH_CREDENTIALS_API_LATEST;
Credentials.Type = EOS_ELoginCredentialType::EOS_LCT_AccountPortal;

EOS_Auth_LoginOptions LoginOptions = {
0
};
LoginOptions.ApiVersion = EOS_AUTH_LOGIN_API_LATEST;
LoginOptions.ScopeFlags = EOS_EAuthScopeFlags::EOS_AS_BasicProfile;
LoginOptions.Credentials = & Credentials;

EOS_Auth_Login(AuthHandle, & LoginOptions, NULL, OnLoginCallback);
}

void OnLoginCallback(const EOS_Auth_LoginCallbackInfo * Data) {
if (Data - > ResultCode == EOS_EResult::EOS_Success) {
EOS_Auth_Token * UserAuthToken;
EOS_Auth_CopyUserAuthTokenOptions CopyTokenOptions = {
0
};
CopyTokenOptions.ApiVersion = EOS_AUTH_COPYUSERAUTHTOKEN_API_LATEST;
if (EOS_Auth_CopyUserAuthToken(AuthHandle, & CopyTokenOptions, Data - > LocalUserId, & UserAuthToken) == EOS_EResult::EOS_Success) {
FString AuthToken = UserAuthToken - > AccessToken;
EOS_Auth_Token_Release(UserAuthToken);
}
}
}

Google

Unreal Engine

Prerequisites

Before setting up Google in-game login, make sure to:

Implementation

The Google Online Subsystem currently provided by Unreal Engine requires some changes before it can be used.

  1. Go to the Unreal Engine installation path and open GoogleLogin.java located in <code>Engine\Plugins\Online\OnlineSubsystemGoogle\Source\ThirdParty\Android\Java\. Make the following changes:

    • Go to public boolean init(String inClientId, String inServerClientId) and scroll down to uncomment .requestServerAuthCode(serverClientId).

      // Configure sign-in to request the user's ID, email address, and basic
      // profile. ID and basic profile are included in DEFAULT_SIGN_IN.
      GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
      .requestIdToken(serverClientId)
      .requestProfile()
      .requestServerAuthCode(serverClientId)
      .requestEmail()
      .build();

      // Build a GoogleSignInClient with the options specified by gso.
      mGoogleSignInClient = GoogleSignIn.getClient(activity. gso);
    • Go to private String getAuthTokenJsonStr(GoogleSignInAccount acct). Change access_token from "androidInternal" to acct.getServerAuthCode().

       private String getAuthTokenJsonStr(GoogleSignInAccount acct)
      {
      if (acct != null)
      {
      return "{\access_token\":\"" + acct.getServerAuthCode() + "\"," +
      "\"refresh_token\":\"androidInternal\"," +
      "\"id_token\":\""+ acct.getIdToken() + "\"}";
      }
      return "";
      }
  2. Go to the Unreal Engine installation path Engine\Plugins\Online\OnlineSubsystemGoogle\Source\ and find OnlineSubsystemGoogle.Build.cs. Make the following change:

    Go to the constructor and add bool bUsesRestfulImpl = false;.

     using ...

    public access OnlineSubsystemGoogle : ModuleRules
    {
    public OnlineSubsystemGoogle(ReadOnlyTargetRules Target) : base(Target)
    {
    bool bUsesRestfulImpl = false;
    PrivateDefinitions.Add(item: "ONLINESUBSYSTEMGOOGLE_PACKAGE=1");
    PCHUsage = ModuleRules.PCHUsageMode.UseExplicitOrSharedPCHs;

    PrivateIncludePaths.Add(Item: "Private");
  3. When you're finished, compile the C++ code again to make sure all the changes have been saved and will be included when packaging the Android build.

UI Implementation

The example below utilizes blueprints to implement all the Login functionalities. To create a widget for Google login, use the following steps in Unreal Editor to create a login flow.

  1. Show External Login UI from the Online Subsystem GooglePlay.

  2. Login with Native Platform from the Online Subsystem Google.

  3. Retrieve the Server Auth Code to Login with AccelByte.

    3rd-party-integration

    TIP

    If you have already connected your Android device with your PC/laptop, you can simply run Install_AccelByteUe4SdkDemo-Android-Shipping-arm64.bat (for x64)/Install_AccelByteUe4SdkDemo-Android-Shipping-armv7.bat (for x86). This file will automatically run the installation on your device.

Unity

You can see how to implement Google Sign-in on Android with Unity in here.

Nintendo

You can enable login with Nintendo credentials by using the Unreal Engine OSS. For now, only Unreal Engine is supported.

Unreal Engine (with OSS)

Prerequisites:

  • You must have the Nintendo Dev Kit for deployment.
  • Download and set up Nintendo Online Subsystem into your Unreal Engine environment.

Configuration steps:

3rd-party-integration

  1. Under Engine/Platforms/Switch/Config, go to BaseSwitchEngine.ini and set StartupAccountMode to Required.
  2. You can now call Nintendo login using the OSS by using IOnlineSubsystem::Get()->GetIdentityInterface()->Login()

Netflix

Use the following function to retrieve the Netflix GamerAccessToken:

String GamerAccessToken = "your-netflix-gamer-access-token-value";
User user = AccelBytePlugin.GetUser();
user.LoginWithOtherPlatform(
PlatformType.Netflix,
GamerAccessToken ,
result => { result => Debug.Log("Login successfully"); });

PS4

IMPORTANT

This configuration can only be used for PS4 games, not PS4 Cross-Gen games. For PS4 Cross-Gen games, use PS5 as the platform.

For Unity, you can get the Auth code by using NpToolkit. For Unreal Engine, you can use OnlineSubsystemPS4 which is already included in Unreal Engine.

FString PS4AuthCode = IOnlineSubsystem::Get(PS4_SUBSYSTEM)->GetAuthToken(0);

PS5

For PS5, you can get the Auth code by using the function below. For now, only Unreal Engine is supported.

FString PS5AuthCode = IOnlineSubsystem::Get(PS5_SUBSYSTEM)->GetAuthToken(0);

Snapchat

When Snapchat Auth is complete, the page will be redirected to <redirec_uri>?code=<logincode>. If the URL value contains BaseUrl, the login code should be available. Check every URL to ensure they have changed correctly.

void UAccelByteAuth::AccelByteLoginWithSnapChat(const FText & NewUrl) {
FString Url = NewUrl.ToString();
FString RedirectUri = FRegistry::Settings.BaseUrl;
FString LoginCode = TEXT("");

if (Url.Contains(RedirectUri)) {
LoginCode = FGenericPlatformHttp::GetUrlParameter(Url, TEXT("code")).GetValue();
}

if (!LoginCode.IsEmpty()) {
FRegistry::User.LoginWithOtherPlatform(EAccelBytePlatformType::SnapChat, LoginCode, FVoidHandler::CreateWeakLambda(this, [this]() {
// Handle Success Login
}),

FCustomErrorHandler::CreateWeakLambda(this, [](int32 ErrorCode,
const FString & ErrorMessage,
const FJsonObject & ErrorJson) {
// Handle Error Login
}));
// Close Login Page (Hide WebBrowser)
}
}

Steam

To get the Steam Auth ticket in Unity, use the tickets obtained from Steamworks.NET. For Unreal Engine, use the ticket obtained from Steamworks.

FString SteamAuthTicket = OnlineInterface->GetIdentityInterface()->GetAuthToken(0);

Twitch

For Twitch, you can get the Authentication token by using the function below:

```cpp FString TwitchAuthCode = OnlineInterface->GetIdentityInterface()->GetAuthToken(0); ```

Xbox

For Xbox, you can get the Auth token by using the function below:

FString XSTSToken = IOnlineSubsystem::Get(LIVE_SUBSYSTEM)->GetAuthToken(0);
FString PlatformToken = FGenericPlatformHttp::UrlEncode(XSTSToken);