Skip to main content

Authentication and Authorization

Last updated on

Overview

Authorization and Authentication is a group of services that provide multi-layer security via the OAuth 2.0 specification. User accounts, OAuth clients, a robust permission system, and 3rd-party login integrations are some of the features provided in this service. In this document, we’ll cover the basics of each system and how they fit together to provide secure, reliable access to our platform.

NOTE

Please click the below links to read how to implement Authentication in Unity and Unreal Engine.

Components

Environment

An environment is the top-level container for applications and data of a single deployment of AccelByte’s platform. Applications in one environment cannot communicate with applications in other environments. Environments can also be used to isolate different builds of the platform from each other, such as when you use a “dev” environment for development, and a “prod” environment for live services.

Namespaces

Namespaces are an authorization and grouping mechanism used to provide discrete access to services for each one of the game studio’s games.

See our Namespaces documentation for more detailed information.

IAM Clients

IAM clients can be thought of as applications that access the platform, such as a game server or launcher. Any application that wants to interact with the AccelByte platform does so through an IAM client. IAM clients are defined in specific namespaces.

See our IAM Clients documentation for more detailed information.

User Accounts

User accounts are the nexus of all other entities in a platform. Accounts are defined at the game studio namespace level and contain information about every user that has registered with the platform. Accounts can contain personally identifiable information, so permission to access other users’ accounts should be closely controlled. User accounts contain ban information, session information, and credentials from any 3rd-party platforms the user has linked to their primary account.

See our User Accounts documentation for more detailed information.

Putting it all Together

uam

Each environment contains a single game studio namespace, and each game studio namespace can contain one or more game namespaces.

User accounts are defined at the game studio namespace level, while I AM Clients can only be created at the game namespace level. Accounts that have the game admin role can access the Admin Portal. You can also invite your colleagues to become an admin and they will be granted the same admin role and assigned to the same game studio namespace you’re currently assigned to. (Technically, you can also define user accounts at the game namespace level as well, but this is more of an advanced scenario outside the scope of this document. Please contact AccelByte support if you’d like to know more.)

You can create as many IAM clients as you’d like, but most developers only need a few such as game server, game client, dedicated server uploader, and launcher. More details about this can be found in the IAM Clients documentation.

The two most common types of accounts you need to know are admin and non-admin. As a game developer, you will always be logged in to the Admin Portal as an admin and granted a game admin role. Your players are non-admins and are granted the game player role.

  • Game admin This role is assigned to you (a developer) when you create an admin account in the Admin Portal. This role contains a set of permissions that allows you to manage all accesses related to your own games.
  • Game player This role is assigned to your players upon registration under your game namespace. This role doesn’t allow any access to the Admin Portal.

3rd-Party Platform Login

When you publish your game through 3rd-party platforms such as Steam, Epic, or PSN, you can enable players to log into your game or platform using 3rd-party credentials. This will create a headless account in your game or platform for that player, with a user ID tied to it. For more information about using 3rd-party Platform logins, see our 3rd-Party Platform Integration documentation.