Set up Apple as an identity provider

Last updated on October 12, 2023

Overview

You can connect your verified Apple Developer account to AccelByte Gaming Services (AGS), then enable Apple Authentication method in:

  • Your game with the AGS SDK.
  • Your publisher website with the AGS Player Portal.
注記

You may need to set up additional features within Apple services that we haven't listed here. For more information about setting up Apple services, we recommend contacting your Apple representative and reviewing Apple documentation.

You can request confidential guide materials from your AccelByte Developer Partner Manager.

Prerequisites

Web login integration

To set up web login integration, you must have:

  • An Apple Developer account.
  • An AGS Admin Portal Account to set up authentication and manage permissions.
  • A publisher namespace for your Player Portal and Launcher.
  • A Player Portal.

In-game login integration

To set up in-game login integration, you must have:

  • An Apple Developer account.
  • A Unity or Unreal game project with the latest version of the AccelByte Game SDK imported.
  • For Unreal Engine, you need OnlineSubsystemApple (Apple OSS).
  • For Unity, you need Apple Unity Plugin from the Unity Asset Store.
  • An AGS Admin Portal account to set up authentication and manage permissions.
  • A game namespace.
  • Familiarity with AccelByte IAM Clients.

Set up Apple configuration

To enable Apple as an identity provider, you must follow these steps first in your Apple Developer account.

Create certificates

The certificates resource represents the digital certificates you use to sign in to your iOS or Mac, or web apps for development and distribution. You must create a Developer ID application Certificate. To do this, follow the steps on the Create Certificate guide in the Apple Developer Documentation.

注記

Only the appropriate account holder, manager, or admin can create certificates.

Create App IDs

An App ID identifies your app in a provisioning profile. It is a two-part string used to identify one or more apps from a single development team. You must create APP IDs with App Type. To do this, follow the steps on the Register an App ID guide in the Apple Developer Documentation.

注記

Only the appropriate account holder, admin, or other accounts with relevant permissions can create an app.

Create Service ID

For each website that uses (SIWA), it's necessary to register a services identifier (Services ID). Configure your domain and return URL, then create an associated private key. To do this, follow the steps on the Configure Sign in with Apple for the web guide in the Apple Developer Documentation.

Create key

Enable your apps to allow users to authenticate in your application with their Apple ID. To do this, follow the steps on the Create a private key to access a service guide in the Apple Developer Documentation.

IMPORTANT

The SIWA feature must be enabled to be able to create keys.

Set up Apple login method

Set up web login

To allow your players to sign in to your player portal using their Apple accounts, follow these steps:

  1. Log in to the AGS Admin Portal.

  2. Go to your publisher namespace, and click Login Method below the User Management sidebar. The Login Methods page appears.

  3. Click the + Add New button..

    Admin Portal Publisher

  4. From the list of available login platforms, select Apple.

    Login Method

  5. On the Create Configuration form, fill in the required information.

    Apple Config

    • Fill in the Client ID field with your Apple Service ID.
    • Fill in the Client Secret field with the base64 string of your Private Key. You need to convert or encode a .p8 file, which is downloaded once you created a key, to base64 string. You can use your own favor as a converter.
    • Fill in the Team ID field with your Apple Team ID. You can find it under your account name in the Apple Developer console.
    • Fill Key ID is what you have got by creating a Key in the Apple Developer console.

  6. After filling in the required information, click Create. The details page of the configuration appears.

  7. To enable the login method, click Activate and click Activate again on the pop-up message to confirm the action.

    Activate Apple

Test and verify

After activating the Apple web login method, you can test it out on your Player Portal. Follow these steps:

  1. Go to the login page of your player portal.

    Player Portal

  2. From the login options, select the Apple logo.

    Player Portal Login

  3. You will be redirected to the Apple Login page. User your Apple credentials to log in.

    Apple Login

    注記

    Currently, the system asks players to link their Apple account with an existing or new AccelByte account. AccelByte is working on the ability to enable players to log in to the Player Portal with a headless account.

Set up in-game login

To allow your players to sign in to your game using their Apple accounts, follow these steps:

  1. Log in to the AGS Admin Portal.

  2. Go to your game namespace, and click Login Method below the User Management sidebar. The Login Methods page appears.

  3. Click the + Add New button.

    Admin Portal Game

  4. From the list of available login platforms, select Apple.

    Login Method

  5. On the Create Configuration form, fill in the required information.

    Apple Config

    • Fill in the Client ID field with your Apple Service ID.
    • Fill in the Client Secret field with the base64 string of your Private Key. You need to convert or encode a .p8 file, which is downloaded once you created a key, to base64 string. You can use your own favor as a converter.
    • Fill in the Team ID field with your Apple Team ID. You can find it under your account name in the Apple Developer console.
    • Fill Key ID is what you have got by creating a Key in the Apple Developer console.

  6. After filling in the required information, click Create. The details page of the configuration appears.

  7. To enable the login method, click Activate and click Activate again on the pop-up message to confirm the action.

    Activate Apple

Create IAM clients

An IAM client represents the game client that you want to release on the Apple platform. With an IAM Client, your game client can request access to protected AGS resources using the appropriate permissions. To learn more, see Manage access control for applications.

  1. In the AGS Admin Portal, open the Platform Configurations menu. Then, under ACCOUNT, select IAM Clients. The IAM Clients page appears.

  2. On the IAM Clients page, click the + Create New button.

  3. On the Create New IAM Client appears, fill in the required information.

    Basic information

    • Client ID: The system automatically generates the Client ID. Save a copy of the client ID in your SDK Configuration so that you can use it for your game build later on.

    • Client Type: Select Confidential. We recommend that you use the Confidential type, since you might need to add some permissions later for accessing AGS. Adequate security is not available with the Public type.

    • Secret: You can type the secret yourself, or you can click Generate Client Secret to generate a secret key.

    Warning

    The client secret isn't visible after the creation step. Ensure you save a secure copy of it as you'll need it when you set up your game configuration.

    • Client Name: We recommend you use a name that will reflect the platform, for example, <game name> apple build.

    • Namespace: Select your game namespace from the dropdown.

    • Scopes: Keep the default values in this field.

    • Redirect URI: Type http://127.0.0.1 in this field, since it's for the Game Client Build.

    • Target Audience: Leave blank.

    • Base URI: Leave blank.

    • Description: Describe the IAM client. You can add a description of up to 256 characters.

    Client SDK Configuration

    • Platform: Select the Target Platform your game is built on. In this case, set it to Apple.

    • Advanced Configurations: This section consists of additional features such as two-factor authentication (2FA) and override expiration time. As this is for a Game Client build, you can leave these as default or disabled.

  4. After filling in the required information, click Create. The details page of the client.

  5. Go to the Permissions tab, then add the permissions that you need for the client. To learn more about IAM Client permissions, refer to the Permissions section in Manage access control for applications.

In-game login

The setup for each game engine is different. Follow the steps that are applicable to your game engine.

Unreal Engine In Game Login Integration

Unreal Project Setting preparation

  1. Set the Client ID and Secret in DefaultEngine.ini file 

    [/Script/AccelByteUe4Sdk.AccelByteSettings]
    ClientId=abcdefg12345
    ClientSecret=abcdefg12345
    Namespace=test
    PublisherNamespace=accelbyte
    BaseUrl="https://demo.accelbyte.io"
    QosPingTimeout=0.6

    [/Script/AccelByteUe4Sdk.AccelByteServerSettings]
    ClientId=defghi12345
    ClientSecret=defghi12345
    Namespace=test
    PublisherNamespace=accelbyte
    RedirectURI="http://127.0.0.1"
    BaseUrl="https://demo.accelbyte.io"
    QosPingTimeout=0.6

  2. Add AccelByteUe4Sdk plugin name in Build.cs file.

    PublicDependencyModuleNames.AddRange(new string[] {  "AccelByteUe4Sdk"  });

    PrivateDependencyModuleNames.Add("OnlineSubsystem");
    PrivateDependencyModuleNames.Add("OnlineSubsystemApple");

Build configuration

Set the Certificate and Provisioning

  1. Set the Bundle Identifier with your app's Bundle ID from apple developer portal, make sure the App ID already have SIWA capability.

  2. Set the correct certificate and provisioning file. This requires .mobileprovision and cert.SingningRequest files.

Enable SIWA on Unreal Engine

UE4 only passes the identity token, which cannot be used to authorize Apple users in AGS Access Service. We need to change it so that it passes authorization code instead. Follow these steps:

  1. Locate and open the following file.

    <EngineDir>\Plugins\Online\OnlineSubsystemApple\Source\Private\OnlineExternalUIInterfaceApple.cpp

  2. Inside the file, locate this line.

    signInWithAppleBridge->SignInResultCallback([AuthAppleID user], [AuthAppleID identityToken], [AuthAppleID email], [AuthAppleID fullName], nullptr);

  3. Change the line as follows.

    signInWithAppleBridge->SignInResultCallback([AuthAppleID user], [AuthAppleID authorizationCode], [AuthAppleID email], [AuthAppleID fullName], nullptr);

Sample code implementation

  1. Header declaration

    #include <OnlineSubsystem.h>
    #include "Interfaces/OnlineIdentityInterface.h"
    #include "Interfaces/OnlineLeaderboardInterface.h"
    #include "Core/AccelByteMultiRegistry.h"
    #include "Core/AccelByteError.h"

  2. Log in to Apple Service, then get the Platform Token.

    const IOnlineSubsystem* OnlineSubsystem = IOnlineSubsystem::Get(TEXT("Apple"));
        if (OnlineSubsystem == nullptr)
        {
        FString Message = TEXT("Cannot login with no online subsystem set!");
        UE_LOG(LogTemp, Warning, TEXT("%s"), *Message); 
        return;
        } 

        const IOnlineIdentityPtr OnlineIdentity = OnlineSubsystem->GetIdentityInterface();
        if (!OnlineIdentity.IsValid())
        {
        FString Message = TEXT("Could not retrieve identity interface from native subsystem.");
        UE_LOG(LogTemp, Warning, TEXT("%s"), *Message); 
        return;
        }

        int32 TempLocalUserNum = 0;
        OnlineIdentity->AddOnLoginCompleteDelegate_Handle(TempLocalUserNum,
            FOnLoginCompleteDelegate::CreateLambda([=]
            (int32 LocalUserNum, bool bWasSuccessful, const FUniqueNetId& UserId, const FString& Error)
                {
                    if (bWasSuccessful)
                    {
                        UE_LOG(LogTemp, Warning, TEXT("Success Apple Login"));  
                        PlatformToken = OnlineIdentity->GetAuthToken(TempLocalUserNum);  
                        UE_LOG(LogTemp, Warning, TEXT("Apple PlatformToken : %s"), *PlatformToken);    
                    }
                    else
                    {
                        UE_LOG(LogTemp, Warning, TEXT("Error Login: %s"), *Error); 
                    }
                })
        );
        // login native
        FOnlineAccountCredentials Creds{};
        OnlineIdentity->Login(TempLocalUserNum, Creds); // Apple Login

  3. Log in to AGS.

    // Log in to AGS 
    FRegistry::User.LoginWithOtherPlatform(EAccelBytePlatformType::Apple
        , PlatformToken
        , FVoidHandler::CreateLambda([=]()
            {
                UE_LOG(LogTemp, Log, TEXT("    Success AB Login "));   
            })
        , FOAuthErrorHandler::CreateLambda([=](int32, const FString&, const FErrorOAuthInfo& Result)
            { 
                UE_LOG(LogTemp, Warning, TEXT("    Error. Code: %s, Reason: %s"), *Result.Error, *Result.Error_description); 
    }));

Sample code testing

In this example, we tested the code on an iPhone 11 device. The following image shows that the code works and a user is able to log in using Apple with the sample code.

Unreal Engine Code Testing

最終更新

On this page