question

Matt avatar image
Matt asked

Basic Login Flow

Hey guys,

I just wanted to make sure I'm thinking about this correctly. When a new user first logs into my game, I'll be using LoginWithCustomID (using their device ID). If this account is newly created, I may display a welcome box letting them know they can link Facebook accounts...or letting them do it there. Haven't really designed all of that out yet.

In any case, so they've logged in with their UDID and we'll say they've also linked their facebook account from my options menu. If the player shuts down the app and later relaunches, I don't see a reason to use LogInWithFacebook...I mean, the UDID will get me exactly the same account records, right?

I want to offer the linking, of course, so if they play on a different device they can access the same account information. My actual question in all of this is: on a new device, wouldn't I still just be able to log them in with LogInCustomID because it'll always point to the same account (especially once they are linked via the Facebook ID).

It just makes things a lot easier if I always use the same exactly flow for logging in and simply query if they've linked or not to determine what to show inside my options menu (ie an Unlink Button).

Thanks for the help!

-Matt

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
brendan avatar image
brendan answered

Actually, if it's a Device ID, we would recommend using the appropriate Device ID login call (iOS/Android), so that you're able to accurately track on the user's device type in event reporting.

Getting the user to add another credential type, like Facebook, to the game should definitely be part of your overall user flow (giving the user some VC as a reward for linking is usually a good approach), since that gives them a way to get back to their account even if they change devices (though for iOS devices, saving their Device ID to the Keychain on the first login is another way to help ensure you can get them back - at least, within the scope of that platform type). And yes, once you use a Link... API call to add another login type to the account, logging the player in with it means logging into the same account.

But one other thing to know is that for some platforms, like Facebook and Steam, we also integrate with their friends systems. So, as long as you have a currently-valid token in our system, you can query for the player's friends, and have the friends from those services (who have also played your game) show up without the need to explicitly add them to the PlayFab friends list for the player. And since their tokens do expire after a few hours, it's important to use that login if you want to make use of that feature.

We created a doc talking about best practices for login, and discussing how some popular titles lead the user through that experience, in this post: https://playfab.com/first-impressions-count-best-practices-friction-free-player-authentication/

10 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Matt avatar image Matt commented ·

I was planning on awarding them an achievement or something for linking to Facebook and "backing up" their game. So having said that, I'll log the player in like you said, using the CustomID call with their device ID. They'll always be linked and always point to the same account.

I do definitely want to be able to get Friends Lists and such, and I know that needs the Access Token (which I already have). But...the call itself doesn't take the token, so how do I satisfy the "as long as you have a currently-valid token in our system" part? :)

I'll read through that link as well, I'm not worrying just yet about the actual final experience, I'm just working on the core system right now. If it means changing later then I can, it's all modularly handled.

0 Likes 0 ·
brendan avatar image brendan Matt commented ·

Well again, our recommendation is that if you're using a Device ID, you should use one of the Device ID login calls - not Custom ID. This is so that you have the additional information about the platform being used, for your own analytics.

For the token, when you pass a token to us to sign the player in (to Facebook or Steam), we're using that to get a token that we can store locally from those services.

0 Likes 0 ·
Matt avatar image Matt brendan commented ·

Ah sorry, I didn't notice those device specific Login calls. That makes a lot more sense now. I am still confused about something though...

1. I log in with UDID.

2. At some point I link my Facebook Account.

3. I shut down and log back in the next day, again, logging in with UDID.

4. Where exactly am I providing the token?

If I've already linked the Facebook account, and I've already signed into Playfab with the UDID, where do I pass the token into PlayFab so that future calls like GetFriends will include Facebook friends?

0 Likes 0 ·
Show more comments
Matt avatar image Matt commented ·

Ah right, ok. Yea I was hoping I could restrict the logging in to always use the UDID login. In this scenario, I need to know beforehand (ie saving locally to disk how the player last logged in) which login method to call.

I could be wrong, but I feel like it'd be very helpful to have a function I can call to refresh the token, so to speak. That way the player always logs in with the iOS/Android UDID login and I can safely just refresh the token when I get it via the Facebook SDK.

0 Likes 0 ·
brendan avatar image brendan Matt commented ·

You can actually call the Device ID sign in first, and then the Facebook sign in later - that's not an issue. But without ever calling the Facebook sign-in again, the token you gave us to start would eventually time out, and we wouldn't be able to query anything from Facebook on behalf of the player.

0 Likes 0 ·
Matt avatar image Matt brendan commented ·

Oh so basically use the Login function as my way of 'refreshing' the Facebook token. That makes sense. My first call with the UDID is where I'll get all of the title data, user data, inventory, virtual currencies, etc that I currently do...and then the 'refresh' Login call with the Facebook token can basically return nothing.

All I'll need to do then is track locally in my game whether or not I've sent a recent token so I know to call the Facebook Login before I call something that'd gather up friends.

0 Likes 0 ·
Show more comments
Matt avatar image Matt commented ·

Where in the chain of calls would Playfab typically return to me that a Facebook error occurred (so I can check for expired tokens and take it from there). For instance, I didn't notice inside GetFriends a way to see if internally the token had expired since you guys are using it not me.

0 Likes 0 ·
Matt avatar image Matt Matt commented ·

Nm, I realize that's not going to help because if the Facebook token expires, I need to log back into Facebook anyway (can't do that via CloudScript).

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.