question

s5ltd avatar image
s5ltd asked

LoginWithXbox - Web Based

We are looking to make a web portal for our users to potentially merge accounts and we would like them to be able to authenticate via Xbox Live.

At the moment, we have the majority of the system setup but when trying to authenticate with an xsts token from the login flow it keeps returning InvalidXboxLiveToken.

The only difference to the way we are doing it on the actual xbox consoles is that we are getting the token through the xsts authorization endpoint. Is this method supported outside of GetTokenAndSignatureAsync and if so would the RelyingParty still be "https://playfabapi.com/" ? We have also tried "http://playfab.xboxlive.com/" to no avail.

We have tested various other xbox live calls and our xsts tokens are accepted there, so we are at a bit of a dead end as to why they might not be accepted.

apis
1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Seth Du avatar image Seth Du ♦ commented ·

Is the login flow using token provided by the Xbox Live SDK/XDK method GetTokenAndSignatureAsync("POST", "https://playfabapi.com/", "")?

0 Likes 0 ·

2 Answers

·
s5ltd avatar image
s5ltd answered

We aren't at the moment, but should be very soon. I can submit a ticket then to follow up

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

s5ltd avatar image
s5ltd answered

No, we are currently obtaining the xsts token via a php script that is calling the xsts.auth.xboxlive.com endpoint. From what I can see if we follow the login flow it should provide us a valid token as long as we are providing the correct RelyingParty?

1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Seth Du avatar image Seth Du ♦ commented ·

It seems to be not supported for now to request a PlayFab usable token apart from SDK/XDK. May I ask are you in a paid subscription plan? It is better to submit a support ticket to the team so that we can have collaboration with XBOX team.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.