Authentication

This section describes the key methods for implementing basic authentication in your app. These methods are all you'll need if you:

• Just want to use anonymous authentication for all users
• Want to use a single authentication type (which is required) for all users – i.e. like forced Facebook or GameCenter
• Want to get authentication going quickly during development, and will flesh out more of the authentication details later

Consult the advanced (Identity) section if/when you want to get even more flexible with authentication (giving users more flexibility to choose their preferred authentication method, merging of profiles, etc.) When implementing brainCloud authentication, there are some key things to keep in mind:

brainCloud uses an anonymous installation ID (commonly referred to as the anonymous ID) to identify individual devices. This ID must be generated for first use, and saved by the client application. brainCloud provides a convenient method for generating the ID – or the developer can generate it themselves. brainCloud also requires the client to keep track of the most recent profile ID. This, together with the anonymous ID, provides additional security and allows brainCloud to better understand user intent during logins/reconnections. If the user has never connected before the profile ID should be null.

tip

The optional BrainCloudWrapper class will automatically persist your anonymousId and profileId as required. We highly recommend that you use it!

If you are using the API Explorer, the list of valid Platform IDs can be found here.

Handy tip: To log a user out of brainCloud, use the Logout method in Player State. Note that you don't absolutely need to log users out – their sessions will timeout on the server automatically anyway.

By default, the timeout length for authenticated users is 20 minutes. This timeout length can be lowered on the brainCloud Dashboard. [Core App Info | Advance Settings > Session Timeout]

caution

You must authenticate and ensure it succeeds before attempting to call any other APIs that require authentication! Calling other APIs before authenticate successfully returns can cause the authenticate operation to fail.

Version Enforcement

brainCloud's authentication mechanisms allow you to enforce minimum client version requirements – forcing users with obsolete versions of your client app to upgrade before continuing within your application. This is especially useful for scenarios where you've fixed critical client errors, made significant changes to the server-side data structures, or generally just want to ensure that your users all have the best possible experience.

The client app version (sometimes referred to as the gameVersion) is sent to the server during authentication. It is a string of format "X.X" or "X.X.X" – for example, "1.0.0". The app version is set via the Client or BrainCloudWrapper Initialize() methods.

The minimum versions that your app supports can be configured on the Core App Info | Platforms page of the design portal.

If the client app is older than the minimum version specified, authenticate will return a result similar to:

{ "status": 400, "reason_code": 40322, "upgradeAppId": "http://itunes.com/apps/myappname", "status_message": "Processing exception (message): App version 1.0.0 is obsolete." }

Recommended behavior of the client is to pop up a dialog inviting the user to upgrade the client, and then redirect them to the appropriate software update page. Note that an upgrade URL may be data-filled with the minimum version # in the server portal.

Disabled Apps

brainCloud allows you to easily control whether your app is enabled or disabled via the Core App Info | Advanced Settings page of the portal.

If for some reason you do decide to disable your app, you are able to configure a custom JSON object to be returned to apps that attempt to login. This JSON is set via the [Edit Disabled Reason] button on that same portal page.

{
    "message": "Apologies - we will be right back!"
}

Once disabled, your provided JSON-data will be returned within an element called disabledReason within the error response. For example:

{
    "reason_code": 40330,
    "status": 403,
    "status_message": "Processing exception (bundle): App is disabled.",
    "disabledReason": {
        "message": "Apologies - we will be right back!"
    },
    "severity": "ERROR"
}

System Disabled

If for some reason your app is System Disabled by brainCloud operations, your app will receive a disabledReason with two elements: sysDisabled: true and message.

{
    "reason_code": 40330,
    "status": 403,
    "status_message": "Processing exception (bundle): App is disabled.",
    "disabledReason": {
        "sysDisabled": true,
        "message": "This app has been system disabled. Please contact support."
    },
    "severity": "ERROR"
}

API Summary

Initialization

• Initialize
• GenerateAnonymousId

Authentication

• AuthenticateAnonymous
• AuthenticateApple
• AuthenticateEmailPassword
• AuthenticateExternal
• AuthenticateFacebook
• AuthenticateFacebookLimited
• AuthenticateGameCenter
• AuthenticateGoogle
• AuthenticateGoogleOpenId
• AuthenticateHandoff
• AuthenticateNintendo
• AuthenticateParse
• AuthenticatePlaystation5
• AuthenticatePlaystationNetwork
• AuthenticateOculus
• AuthenticateSettopHandoff
• AuthenticateSteam
• AuthenticateTwitter
• AuthenticateUltra
• AuthenticateUniversal

Utility

• ResetEmailPasswordWithExpiry
• ResetEmailPasswordAdvancedWithExpiry
• ResetUniversalIdPasswordWithExpiry
• ResetUniversalIdPasswordAdvancedWithExpiry
• ClearSavedProfileId

📄️ AuthenticateAdvanced

A generic Authenticate method that translates to the same as calling a specific one, except it takes an extraJson that will be passed along to pre- or post- hooks.

📄️ AuthenticateAnonymous

To authenticate anonymously you must have first called InitializeIdentity. You must supply an anonymous ID if you are creating a brand new profile or if you are logging into an already created profile you need to supply the anonymous ID AND the profile ID of the user.

📄️ AuthenticateApple

Authenticates the user using Sign in with Apple.

📄️ AuthenticateEmailPassword

Authenticate the user with a custom Email and Password.

📄️ AuthenticateExternal

Authenticate the user via cloud code (which in turn validates the supplied credentials against an external system).

📄️ AuthenticateFacebook

Authenticate the user with using their Facebook Credentials.

📄️ AuthenticateFacebookLimited

Authenticate the user with using their Facebook Credentials.

📄️ AuthenticateGameCenter

Authenticate the user using their Game Center ID.

📄️ AuthenticateGoogle

Authenticate the user using a google user ID (gXXX) and google authentication token.

📄️ AuthenticateGoogleOpenId

Authenticate the user using google's modern OpenId mechanism.

📄️ AuthenticateHandoff

Authenticate the user with a custom Authentication Handoff.

📄️ AuthenticateNintendo

Authenticate the user on Nintendo Switch.

📄️ AuthenticateOculus

Authenticate the user with using their Oculus Credentials.

📄️ AuthenticateParse

Authenticate the user using a Parse user ID and authentication token.

📄️ AuthenticatePlaystation5

Authenticate the user with using their Playstation5 Credentials.

📄️ AuthenticatePlaystationNetwork

Authenticate the user with using their PlaystationNetwork Credentials.

📄️ AuthenticateSettopHandoff

Authenticate the user with a custom Set-top Handoff Code - which is an short, easy-to-enter code suitable for use in devices with limited data entry capabilities (i.e. Set-top boxes, VR headsets, etc.) The hand-off code can be generated via the CreateSettopHandoffCode cloud-code call.

📄️ AuthenticateSteam

Authenticate the user using a steam userId and session ticket (without any validation on the userId).

📄️ AuthenticateTwitter

Authenticate the user using a Twitter user ID, authentication token, and secret from Twitter.

📄️ AuthenticateUltra

Authenticate the user for Ultra.

📄️ AuthenticateUniversal

Universal authentication allows the developer to pass in any user/password string combination. As with all authentication methods, if the create new profile flag is specified as false, the authentication will fail if the user/password combination does not match a user in the database.

📄️ ClearSavedProfileId

Used to clear the saved profile ID - to use in cases when the user is attempting to switch to a different game profile.

📄️ GenerateAnonymousId

Generates a GUID for use as an anonymous installation ID for . Normally only called once when the application starts for the first time.

📄️ GetServerVersion

Get server version.

📄️ Initialize

Initializes the authentication service with an anonymous installation ID and most recently used profile ID.

📄️ ResetEmailPassword

Reset email password.

📄️ ResetEmailPasswordAdvanced

Advanced reset email password using templates.

📄️ ResetEmailPasswordAdvancedWithExpiry

Advanced reset email password using templates. Allows the developer to specify how long the URL is valid for (in minutes).

📄️ ResetEmailPasswordWithExpiry

Sends a password reset email to the specified address. Allows the developer to specify how long the URL is valid for (in minutes).

📄️ ResetUniversalIdPassword

Reset Universal ID password.

📄️ ResetUniversalIdPasswordAdvanced

Advanced universalId password reset using templates.

📄️ ResetUniversalIdPasswordAdvancedWithExpiry

Advanced universalId password reset using templates. Allows the developer to specify how long the URL is valid for (in minutes).

📄️ ResetUniversalIdPasswordWithExpiry

Reset Universal ID password. Allows the developer to specify how long the URL is valid for (in minutes).