Authentication
The server has built-in authentication so clients can only send requests and connect if they have the server key. The default server key is defaultkey but it is very important to set a unique value. This value should be embedded within client code.
When authentication is successful a client can create a session as a user.
Every user account is created from one of the options used to authenticate. We call each of these options a “link” because it’s a way to access the user’s account. You can add more than one link to each account which is useful to enable users to login in multiple ways across different devices.
Authenticate
Before you interact with the server, you must obtain a session token by authenticating with the system. The authentication system is very flexible. You could register a user with an email address, link their Facebook account, and use it to login from another device.
By default the system will create a user automatically if the identifier used to authenticate did not previously exist in the system. This pattern is shown in the device section.
For full examples on the best way to handle registering and login in each of the clients have a look at their guides.
Device
A device identifier can be used as a way to unobtrusively register a user with the server. This offers a frictionless user experience but can be unreliable because device identifiers can sometimes change in device updates.
You can choose a custom username when creating the account. To do this, set username to a custom name. If you want to only authenticate without implicitly creating a user account, set create to false.
A device identifier must contain alphanumeric characters with dashes and be between 10 and 128 bytes.
In games it is often a better option to use Google or Game Center to unobtrusively register the user.
Email
Users can be registered with an email and password. The password is hashed before it’s stored in the database server and cannot be read or “recovered” by administrators. This protects a user’s privacy.
You can choose a custom username when creating the account. To do this, set username to a custom name. If you want to only authenticate without implicitly creating a user account, set create to false.
An email address must be valid as defined by RFC-5322 and passwords must be at least 8 characters.
Console
LayerG supports console authentication for all major platforms, including Nintendo Switch, Xbox One and Series X|S, and PlayStation 4/5.
Requesting Access
Console authentication is only available to developers verified by the respective console platform providers (Sony, Microsoft, Nintendo). To request access, please contact us.
The console authentication flow is similar to the device authentication flow, but requires a console identifier and a console user identifier.
Note that the examples below are only meant to be illustrative. Complete documentation can only be provided following your verification by the console platform provider(s).
Social providers
The server supports a lot of different social services with register and login. With each provider the user account will be fetched from the social service and used to setup the user. In some cases a user’s friends will also be fetched and added to their friends list.
To register or login as a user with any of the providers an OAuth or access token must be obtained from that social service.
Apple
Follow the Apple Developer documentation for integrating Sign in with Apple in your applications.
You can choose a custom username when creating the account. To do this, set username to a custom name. If you want to only authenticate without implicitly creating a user account, set create to false.
Facebook
With Facebook you’ll need to add the Facebook SDK to your project which can be downloaded online. Follow their guides on how to integrate the code. With a mobile project you’ll also need to complete instructions on how to configure iOS and Android.
You can choose a custom username when creating the account. To do this, set username to a custom name. If you want to only authenticate without implicitly creating a user account, set create to false.
When authenticating via Facebook, the following profile fields are fetched and stored in the user account:
- ID
- Name
- Photo
Additionally, you can optionally import Facebook friends into LayerG’s friend graph when authenticating. To do this, set import to true.
Facebook Instant
Ensure that you’ve configured your FB Instant App secret for LayerG and initialized the Facebook Instant Games SDK using FBInstant.initializeAsync().
Google
Similar to Facebook, for registration and login you should use one of Google’s client SDKs.
For Google Play Games Plugin v0.11.x or greater, you must use Server-Side Access to Google Play Games Services. To enable this behavior in LayerG you must obtain credentials that include scopes to access Players:get endpoint.
LayerG is configured by setting the flag google_auth.credentials_json.
You can choose a custom username when creating the account. To do this, set username to a custom name. If you want to only authenticate without implicitly creating a user account, set create to false.
Game Center
Apple devices have built-in authentication which can be done without user interaction through Game Center. The register or login process is a little complicated because of how Apple’s services work.
You can choose a custom username when creating the account. To do this, set username to a custom name. If you want to only authenticate without implicitly creating a user account, set create to false.
Steam
Steam requires you to configure the server before you can register a user. Have a look at the configuration section for what settings you need for the server.
You can choose a custom username when creating the account. To do this, set username to a custom name. If you want to only authenticate without implicitly creating a user account, set create to false.
You can optionally import Steam friends into LayerG’s friend graph when authenticating. To do this, set import to true.
Custom
A custom identifier can be used in a similar way to a device identifier to login or register a user. This option should be used if you have an external or custom user identity service which you want to use. For example EA’s Origin service handles accounts which have their own user IDs.
A custom identifier must contain alphanumeric characters with dashes and be between 6 and 128 bytes.
You can choose a custom username when creating the account. To do this, set username to a custom name. If you want to only authenticate without implicitly creating a user account, set create to false.
Session
When an authentication call succeeds, the server responds with a session object. The session object contains at least the following:
- The user ID
- The username
- A set of variables cached in the token
- The creation time
- The expiration time
Once the client obtains the session object, you can utilize LayerG’s real-time features such as multiplayer, notifications and status updates, passing stream data or real-time chat.
Link or unlink
You can link one or more other login option to the current user. This makes it easy to support multiple logins with each user and easily identify a user across devices.
You can only link device Ids, custom Ids, and social provider IDs which are not already in-use with another user account.
You can unlink any linked login options for the current user.
You can link or unlink many different account options.
| Link | Description |
|---|---|
| Apple | An Apple account. |
| Custom | A custom identifier from another identity service. |
| Device | A unique identifier for a device which belongs to the user. |
| An email and password set by the user. | |
| A Facebook social account. You can optionally import Facebook Friends upon linking. | |
| Game | Center An account from Apple’s Game Center service. |
| A Google account. | |
| Steam | An account from the Steam network. |