Skip to main content
Implement Game Redirect Login to direct the player from the web store login page to the game for authentication. Once verified, the player is redirected back to the web store with a player code. This allows the game to handle secure login while giving players access to the store without separate credentials. To enable this authentication method, follow the instructions to set up Game Redirect Login.

Game Redirect Login flow

The following flow describes how the Game Redirect Login process works:
  1. A player opens your web store and chooses to log in with your game.
  2. Appcharge sends a request to your Initiate Game Auth Callback with the following properties to initiate an authentication session in your game:
    • The player’s device type (mobile or desktop).
    • The current date.
  3. Your server responds with:
    • A deeplink to redirect the player to your game.
    • An access token.
    • An option to automatically redirect players logging into the web store on desktop straight to your game. Set desktopAutoRedirect to true to enable it. When false or omitted, they see a QR code of the deeplink and must scan it with their phone to open the game.
    Appcharge redirects the player to the deeplink you provide without modification. If you’d like to pass any additional query params beyond those needed for authentication, include them in your deeplink.
  4. Appcharge saves this access token and redirects the player to your game for authentication. On mobile, the player is automatically redirected using the deeplink from the previous step. On desktop, Appcharge follows the redirect option configured in the previous step.
  5. Your game identifies the player via this deeplink and generates a unique 4- or 6-digit player code.
  6. The player returns to the web store. On mobile, and on desktop when automatic redirect is enabled, your game redirects the player back via a URL containing the player code and the same access token issued in step 3. For example: 
    https://your-web-store/login?proofKey=<value>&token=<value>
    • proofKey: The player code.
    • token: The same access token issued in step 3.
    The access token is passed again in case the player uses a different browser.
    On desktop, when automatic redirect isn’t enabled, your game displays the player code and instructs the player to return to the web store and enter it manually.
  7. Appcharge sends the player code and access token to your Authenticate Player Callback for validation.
  8. If the credentials are valid, your server responds with the player’s details. Appcharge then successfully logs the player in and completes the flow.