Introduction

In this topic we are going to cover some of the more popular forms of 3rd party authentication. We will focus on replicating SignInWithAppleConnectRequest, GooglePlayConnectRequest and FacebookConnectRequest requests.

We assume that developers using these forms of authentication already have developer accounts and apps setup for each of these platforms, but we have added links on how to set those up where we can.

There are of course quite a number of other GameSparks authentication requests but we will focus on these 3 for this topic.

Some of these alternative platforms have their own versions of the above authentication requests and some of them have other options available out-of-the-box. For this topic we will also touch on those different options, but our focus will be on replicating the three requests mentioned above.

For GameSparks, the flow for authentication is as follows:

  1. We get the player/client token for the platform using the client SDK Like the Facebook Unity plugin which can get you a Facebook access token.
  2. We send that token or code to the correct GameSparks request
  3. Under-the-hood, GameSparks sends that token, along with other details configured in the Integrations section of the portal, to a validation endpoint associated with the platform.
  4. The platform API validates the token and returns any relevant information. The important information we need is some way to identify the player by Id from that token.
  5. When we have that identity, we can look for that player and authenticate them locally.

This is the flow we will try to replicate where possible. None of this is too complicated, we really just need to implement the right server-to-server calls to validate the token once we get it.

Note - You could do all this client-side, but this would expose your game’s apiKey, secret or other hidden credentials. This is why we always make this request server-to-server.

Beamable

Beamable provides support for all three authentication methods listed above, but there are no other out-of-the-box options available at the moment (for steam or switch for example).

Beamable allows you to automatically integrate your game with these authentication mechanisms through their built-in Account Management Flow UI. However, anyone transitioning from GameSparks to Beamable will already have their own UI fully developed and will likely have integrated this with their own 3rd party SDKs, so we won't cover this here.

Instead, we will more generally cover the set up needed to start logging your players in with these 3 different mechanisms in Beamable.

3rd Party Auth Flow

In all cases, the flow for authentication with a 3rd party in Beamable is simple. Once you have the access token/code/id or whatever it is referred to for the specific platform, you need to first register the player and then you can login using that code from that point on.

This is slightly different from what we discussed in the section on Authentication where we mentioned that the Beamable SDK is always logged in as it does an automatic device auth.

In this case we need to call the register function first...

beamableAPI.AuthService.RegisterThirdPartyCredentials(AuthThirdParty.Apple, authToken);

This will log the player in at the same time, but after this is initially called, we can call the login…

beamableAPI.AuthService.LoginThirdParty(AuthThirdParty.Apple, appleAuthToken, true);

In both cases the AuthThirdParty enum allows us to select which platform we are authenticating with; Apple, Google or Facebook.

SignInWithAppleConnectRequest

Beamable has a tutorial here on how to set things up to work with their Account Management Flow prefabs if you would like to take a look at that route.

In this tutorial we will look at what this process looks like using the Apple-Auth Unity plugin, which is commonly used by Unity developers for the Apple Sign-In authentication route. This package is available here.

Set Up Steps

Setting up your app for distribution with Apple is outside of the scope of this doc. However, of anyone new to the process there is a guide to Apple app-distribution with Unity here.

Once you have everything for your app set up all you need to do is build your app for iOS and open up the Xcode project that is generated. In Xcode, follow the steps shown in the Manual entitlements setup section of the plugin guide here. These are important to getting the auth popup to work in your app.

If everything is set up correctly you should see the Apple Sign-In popup when you click on your login button.

Registration & Login Once signed in, you will be able to get your Identity token from the callback. Something to note here is that this is the IdentityToken and not the AuthorizationCode. It is the token that is needed to authenticate with Beamable.

We won't show all our example code for the Apple-Auth plugin because it is mostly available from the plugin guide, but here is what we are using…

We can now pass it into our registration or login code for Beamable.

public async void BeamableRegistration()
{
   Debug.Log("Starting Beamable Registration...");
   User newUser = await beamableAPI.AuthService.RegisterThirdPartyCredentials(AuthThirdParty.Apple, appleAuthToken);
   Debug.Log($"Email: {newUser.email}");
   Debug.Log($"PID: {newUser.id}");
}

public async void BeamableLogin()
{
   Debug.Log("Starting Beamable Login...");
   TokenResponse resp = await beamableAPI.AuthService.LoginThirdParty(AuthThirdParty.Apple, appleAuthToken, true);
   Debug.Log("access token: {resp.access_token}");
   Debug.Log($"Type: {resp.token_type}");
   Debug.Log($"Expires: {resp.expires_in}");
}

GooglePlayConnectRequest

GooglePlay authentication is very simple. Assuming that you already have the SDK setup and you have been using it up to this point, registration and login can be solved in a couple of lines of code. However, you can check out a guide here on how to set it up from scratch.

With your existing GameSparks integration you would be using the AuthCode in order to authenticate with GameSparks. For Beamable we use the RequestIdToken. Therefore you will have to change the permissions when you configure the client.

void Start()
{
  PlayGamesClientConfiguration config = new PlayGamesClientConfiguration.Builder()
    .RequestServerAuthCode(false)
    .RequestIdToken()
    .Build();
  PlayGamesPlatform.InitializeInstance(config);
  PlayGamesPlatform.DebugLogEnabled = true;
  PlayGamesPlatform.Activate();
}

Registration & Login

Beamable has two calls that can take this token as we already mentioned, LoginThirdParty() and RegisterThirdPartyCredentials(). The only thing to note here is that you can only register this player once. So you could create a check for your registered user or store the access token for future login checks.

public async void GooglePlayReg()
{
    User newUser = await beamableAPI.AuthService.RegisterThirdPartyCredentials(AuthThirdParty.Google, PlayGamesPlatform.Instance.GetIdToken());
    Debug.Log("Player Id: "+newUser.id);
}
public async void GooglePlayLogin()
{
    TokenResponse tokenResp = await beamableAPI.AuthService.LoginThirdParty(AuthThirdParty.Google, PlayGamesPlatform.Instance.GetIdToken());
    Debug.Log("Access Token: "+tokenResp.access_token);
}

FacebookConnectRequest

Setting up the Facebook Unity SDK is outside of the scope of this doc. However, you can check out a guide here on how to set it up from scratch.

We are using the AccessToken.CurrentAccessToken.TokenString value, as you would have used with your GameSparks implementation.

We won't cover all of that setup here but all you need to do is make sure the Facebook SDK has initialized and you have logged in your Facebook user. Once that is complete you can get the access token.

Beamable has two calls that can take this token as we already mentioned, LoginThirdParty() and RegisterThirdPartyCredentials(). The only thing to note here is that you can only register this player once. So you could create a check for your registered user or store the access token for future login checks.

User regUser = await beamableAPI.AuthService.RegisterThirdPartyCredentials(AuthThirdParty.Facebook, AccessToken.CurrentAccessToken.TokenString);
Debug.Log("Player Id: "+regUser.id);

TokenResponse tokenResp = await beamableAPI.AuthService.LoginThirdParty(AuthThirdParty.Facebook, AccessToken.CurrentAccessToken.TokenString);
Debug.Log("Access Token: "+tokenResp.access_token);

AccelByte

AccelByte has a number of different options for 3rd party authentication, however they do not have an option for GooglePlay or Apple Sign-in.

They do have options for IOS and Google Account login, but these are not the same as the ones used by GameSparks.

The set up and authentication flow for AccelByte and the Unity SDK is very different to GameSparks. There is no integration section of the AccelByte portal where you can fill out the 3rd party integration details. Instead this is done via REST (example before for Facebook authentication).

If you wish to explore this auth flow for yourself you can check out the Facebook example below. Each of the authentication routes provided by AccelByte follow the same with minor modifications to the setup parameters and tokens/secrets required for authentication.

Facebook Authentication

Accelbyte does not offer the same form of authentication as GameSparks does using the FacebookConnectRequest and the Facebook access-token taken from the FB SDK. Instead, authentication is done through a browser redirect in order to get an access code from AccelByte and log your player in. Below will go through this process in brief so you can get a better understanding about the flow.

Setup Platform Integration

With GameSparks, you can set the details of your 3rd party platform directly through the Admin portal. With AccelByte you can also do this for some platforms, but not Facebook unfortunately. Instead, this is done through a REST API.

We will explain the flow of adding a third-party platform to AccelByte. This is not specific to Facebook. The same flow applies to other platforms with minor variations:

  1. First we need an Admin Access-Token. We can get this using the TokenGrant endpoint. We have already covered this topic in here

  2. Using this Access-Token, we need to create a Bearer-Token. We need to call the ThirdPartyPlatformCredential endpoint with this Bearer-Token.

We also need to supply additional platform details for Facebook such as ClientId, App Id, and Secret.

Once the platform details have been set you can make use of Facebook authentication with AccelByte.

The following flow requires you to reach out to AccelByte over REST from the client. It will also require you to set up an in-app browser call in order to get a valid auth-code from AccelByte for your user.

  1. Open a new browser with the following URL. https://www.facebook.com/v11.0/dialog/oauth?client_id=$YourFacebookClientID&redirect_uri=https://dev.accelbyte.io/
  2. You will be redirected to the portal
  3. This URL will contain a code, which you will need to copy. The URL should look something like https://dev.accelbyte.io/?code=AQBiuaUU7GSUgX.....
  4. Get a Grant-Token using the endpoint here.
    platform Id = “facebook”
    platform Token = The code from the redirect URL
    client_id = Facebook client id
    device_id = any unique id of your preference

  5. Once this request have been executed you can log-in through the client using the platform token you got from the redirect URL

Your user is now logged into the backend and you can log them into the client using the following code…

public void LoginUser()
{
    abUser.LoginWithOtherPlatform(PlatformType.Facebook, platformToken, LoginCallback);
}

Other Authentication Mechanisms

There are a number of overlaps with GameSparks authentication mechanisms for AccelByte.

AccelByte for example has Twitch, PSN, Xbox, Discord and Twitter authentication, as does GameSparks. Since we are only focusing on Apple, GooglePlay and Facebook for this topic we aren't going to cover them, but you can see them listed here. The auth setup and flow is the same as above in the Facebook example.

Nakama

Nakama provides social authentication for the three methods listed in the introduction in addition to Steam and GameCenter authentication. There is also the option to integrate a custom authentication route if you need to transition other options.

We will describe the Apple, GooglePlay and Facebook authentication routes below.

Server Configuration

The Nakama SDK has simple APIs for authentication but there are also some settings that need to be applied to your runtime environment in order for social authentication to work.

These settings are similar to the integration settings you needed to apply to your GameSparks instance but they are not always the same fields that GameSparks required so, in some cases you will have to acquire these parameters from your Google and Apple developer consoles.

Let's first take a look at the simple way we can apply these settings through the Heroic Labs portal.

First, select your project from the Heroic Cloud Developer Console.

Next you need to click on the Configuration tab. Here you will see a section with a large list of configuration settings. These are the settings we will be updating to get our social authentication working.

Once you have changed one of these settings make sure to save them using the button at the bottom of the list. Updating any of these settings will trigger your cluster to redeploy so you may lose access to your Developer Console temporarily.

Although this is simple, it does require you to be registered with the Heroic Cloud and have an instance deployed with them so let us take a look at how to do this with a custom deployment.

To do this we need to modify the runtime enviroment’s config.yaml file directly. We will be following the guide here on how to do this but remember this example is only applicable to the local instance of the server. If you want to test this in a prod environment you will have to remember to set this up for your prod server too.

Using the bare-minimum configuration our new config file looks something like this.

name: nakama-node-1
data_dir: "./data/"

logger:
    stdout: false
    level: "warn"
    file: "/logfile.log"

console:
    port: 7351
    username: "user"
    password: "password1"

social:
  facebook_limited_login:
    app_id: '<app-id-here>'
  apple:
    bundle_id: ‘com.supernimbus.aws-transition-game’

Now you will need to restart your runtime server in order for your server to be updated from your config file. You can check that the change has been applied by going to your Developer Console and clicking on the Configuration tab.

SignInWithAppleConnectRequest

The configuration setting you need to apply for this is the social.bundle_id setting.

This can be found by selecting your app-identifier from the Apple Developer Portal.

For this example we are going to use the Apple-Auth Unity plugin, which is commonly used by Unity developers for the Apple Sign-In authentication route. This package is available here

What we need here is the Identity Token as you can see from the example provided with the plugin documentation.

Once you have this token you can pass it into the AuthenticateAppleAsync() method to log your player in.

/// <summary>
/// Logs a player into Nakama using AppleSignIn Identity Token
/// </summary>
/// <param name="idToken"></param>
private async void NakamaAppleLogin(string idToken)
{
   Debug.Log($"Attempting Nakama Apple Login...");
   currSession = await nakamaClient.AuthenticateAppleAsync(idToken);
   // Now we can log out the session details //
   Debug.Log($"UserId: {currSession.UserId}");
   Debug.Log($"AuthToken: {currSession.AuthToken}");
}

If you check your player’s account using the Developer Console you will see that their AppleID has been assigned to their account.

FacebookConnectRequest

The configuration setting you need to apply for this is the social.facebook_limited_login.app_id setting.

This is the app-id of your Facebook app, the same as the one you used previously in GameSparks.

You can find this in the Facebook Developer Portal.

Facebook authentication is very easy to transition. Assuming that you already have the SDK set up and you have been using it up to this point, registration and login can be solved with a couple of lines of code.

We are using the AccessToken.CurrentAccessToken.TokenString value, as you would have used with your previous GameSparks implementation.

We won't cover all of that setup here but all you need to do is make sure the Facebook SDK has initialized and you have logged in your Facebook user. Once that is complete you can get the access token.

Once you have the access token, authentication is just one line of code, very similar to regular device or email authentication.

/// <summary>
/// Uses the Fb auth token to log in your Nakama player
/// </summary>
/// <param name="accessToken"> Fb auth token [AccessToken.CurrentAccessToken.TokenString]</param>
private async void NakamaFacebookAuth(string accessToken)
{
   ISession session = await nakamaClient.AuthenticateFacebookAsync(accessToken);
   // Now we can log out the session details //
   Debug.Log($"UserId: {session.UserId}");
   Debug.Log($"AuthToken: {session.AuthToken}");
}

GooglePlayConnectRequest

GooglePlay does not require any configuration settings in order to work so we can go straight to the Unity example.

GooglePlay authentication is very simple. Assuming that you already have the SDK setup and you have been using it up to this point, registration and login can be solved in a couple of lines of code.

We need the GooglePlay Auth-Token for Nakama so it should be much the same as your existing GameSparks code.

/// <summary>
/// Logs a player into Nakama using Google Auth Token
/// </summary>
/// <param name="googleToken"></param>
private async void NakamGoogleAuth(string googleToken)
{
   Debug.Log("Logging in Nakama with GooglePlay...");
   ISession session = await nakamaClient.AuthenticateGoogleAsync(googleToken);
   // Now we can log out the session details //
   Debug.Log($"UserId: {session.UserId}");
   Debug.Log($"AuthToken: {session.AuthToken}");
}

And that's it for Facebook, Google and Apple. As you can see, the SDK code is very simple but there are some extra steps needed in order to set your configuration settings.