Identity Providers
# Pragma Engine enables cross-play, cross-progression, and cross-platform experiences by supporting multiple identity providers with account linking. This allows players to start on one platform and link their account when switching to another platform.
Identity providers are linked to a Pragma Account and used for authentication and platform-specific social integration. These accounts are isolated from player and social data to enable seamless cross-platform experiences.
Test provider
# The Pragma Engine test provider uses the name Unsafe Provider to indicate that it’s only for internal and testing use cases and should not be enabled in production. It can also be used in load testing to allow the creation of millions of test accounts.
When run in development mode, the platform will populate the Test Provider with default accounts (test01 - test20). To disable the test provider, under social set the canAuthenticate service config setting to false.
social :
serviceConfigs :
UnsafeIdentityDaoConfig :
canAuthenticate : false
Pragma Engine is highly configurable. You can enable additional plugins and custom services via the config files located in the 5-ext/config directory. Add the relevant configuration code blocks to local-dev.yml (for testing) or common.yml (for production) under the social section.
Custom Identity Provider concepts page for more information.Steam configuration
value description appIdSteam numerical value used to identify a game on Steam steamWebAPIKeyauthorization key used to connect with the Steam Web API restrictByAppOwnershipoptional restrictByAccountBanoptional playerLoginEnabledoptional operatorLoginEnabledoptional accountLinkingEnabledoptional showPortalLoginButtonoptional visibleToOtherPlayersoptional
social :
pluginConfigs :
AccountService.identityProviderPlugins :
plugins :
Steam :
class : "pragma.account.SteamIdentityProviderPlugin"
config :
appId : "${steamAppId}"
steamWebAPIKey : "${steamWebApiKey}"
restrictByAppOwnership : false
restrictByAccountBan : false
playerLoginEnabled : true
operatorLoginEnabled : false
accountLinkingEnabled : true
showPortalLoginButton : false
visibleToOtherPlayers : true
Epic configuration
value description clientIdEpic ID that identifies developer’s Epic app while making authorization requests clientSecretencrypted OAuth secret for the Epic app referenced by the clientId property redirectUrioptional restrictByCatalogItemOwnershipoptional sandboxId and catalogItemId.sandboxIdID of the sandbox environment you’d like to validate against catalogItemIdID of the catalog item you’d like to validate against. Typically this will be the Game Item ID of your game. deploymentIdoptional Requesting an Access Token .playerLoginEnabledboolean determining whether to establish a player session with this identity provider operatorLoginEnabledoptional accountLinkingEnabledoptional showPortalLoginButtonoptional visibleToOtherPlayersoptional
social :
pluginConfigs :
AccountService.identityProviderPlugins :
plugins :
Epic :
class : "pragma.account.EpicIdentityProviderPlugin"
config :
clientId : "epic-client-id"
clientSecret : "encrypted-epic-client-secret"
redirectUri : "http://localhost:11200/v1/account/oauth-redirect/EPIC"
restrictByCatalogItemOwnership : true
deploymentId : "epic-deployment-id"
sandboxId : "epic-sandbox-id"
catalogItemId : "epic-catalog-item-id"
playerLoginEnabled : true
operatorLoginEnabled : false
accountLinkingEnabled : true
showPortalLoginButton : false
visibleToOtherPlayers : true
Discord configuration
value description clientIdDiscord OAuth ID that identifies developer’s Discord app while making authorization requests clientSecretencrypted OAuth secret for the Discord app referenced by the clientId property redirectUrioptional botTokenoptional guildIdoptional allowedRoleIdsoptional playerLoginEnabledoptional operatorLoginEnabledoptional accountLinkingEnabledoptional showPortalLoginButtonoptional visibleToOtherPlayersoptional
social :
pluginConfigs :
AccountService.identityProviderPlugins :
plugins :
Discord :
class : "pragma.account.DiscordIdentityProviderPlugin"
config :
clientId : "${discordClientId}"
clientSecret : "${discordClientSecret}"
redirectUri : "http://localhost:11000/v1/account/discord-redirect"
botToken : "${discordBotToken}"
guildId : "${guildId}"
allowedRoleIds :
1 : "${RoleId1}"
2 : "${RoleId2}"
playerLoginEnabled : true
operatorLoginEnabled : false
accountLinkingEnabled : true
showPortalLoginButton : false
visibleToOtherPlayers : false
Unreal and Unity Setup Guides for Discord implementation details.Google configuration
value description clientIdGoogle OAuth ID that identifies developer’s Google app while making authorization requests clientSecretencrypted OAuth secret for the Google app referenced by the clientId property redirectUrioptional allowedDomainsoptional playerLoginEnabledoptional operatorLoginEnabledoptional accountLinkingEnabledoptional showPortalLoginButtonoptional visibleToOtherPlayersoptional
social :
pluginConfigs :
AccountService.identityProviderPlugins :
plugins :
Google :
class : "pragma.account.GoogleIdentityProviderPlugin"
config :
allowedDomains :
1 : "${allowedDomain1}"
2 : "${allowedDomain2}"
clientId : "${googleClientId}"
clientSecret : "${googleClientSecret}"
redirectUri : "http://localhost:11000/v1/account/google-redirect"
playerLoginEnabled : true
operatorLoginEnabled : false
accountLinkingEnabled : true
showPortalLoginButton : false
visibleToOtherPlayers : false
creating access credentials .Google Workspace configuration
Google Workspace has been added as an identity provider to support the difference between a public google authentication and an internal one.
value description clientIdGoogle Workspace OAuth ID that identifies developer’s Google Workspace app while making authorization requests clientSecretencrypted OAuth secret for the Google Workspace app referenced by the clientId property redirectUrioptional allowedDomainsoptional playerLoginEnabledoptional operatorLoginEnabledoptional accountLinkingEnabledoptional showPortalLoginButtonoptional visibleToOtherPlayersoptional
social :
pluginConfigs :
AccountService.identityProviderPlugins :
plugins :
GoogleWorkspace :
class : "pragma.account.GoogleWorkspaceIdentityProviderPlugin"
config :
allowedDomains :
1 : "${allowedDomain1}"
2 : "${allowedDomain2}"
clientId : "${googleClientId}"
clientSecret : "${googleClientSecret}"
redirectUri : "http://localhost:11000/v1/account/google-redirect"
playerLoginEnabled : false
operatorLoginEnabled : true
accountLinkingEnabled : false
showPortalLoginButton : true
visibleToOtherPlayers : false
creating access credentials .Twitch configuration
value description clientIdTwitch OAuth ID that identifies developer’s Twitch app while making authorization requests clientSecretencrypted OAuth secret for the Twitch app referenced by the clientId property redirectUrioptional playerLoginEnabledoptional operatorLoginEnabledoptional accountLinkingEnabledoptional showPortalLoginButtonoptional visibleToOtherPlayersoptional
social :
pluginConfigs :
AccountService.identityProviderPlugins :
plugins :
Twitch :
class : "pragma.account.TwitchIdentityProviderPlugin"
config :
clientId : "${twitchClientId}"
clientSecret : "${twitchClientSecret}"
redirectUri : "http://localhost:11000/v1/account/twitch-redirect"
playerLoginEnabled : false
operatorLoginEnabled : false
accountLinkingEnabled : true
showPortalLoginButton : false
visibleToOtherPlayers : false
Okta configuration
value description clientIdOkta OAuth ID that identifies developer’s Okta app while making authorization requests clientSecretencrypted OAuth secret for the Okta app referenced by the clientId property authorizationUriURI the user will be sent to for authenticatication with Okta tokenUriURI to obtain an access token by sending an auth code userInfoUriURI to obtain information about the user redirectUrioptional requireEmailVerificationboolean determining whether email is required playerLoginEnabledoptional operatorLoginEnabledoptional accountLinkingEnabledoptional showPortalLoginButtonoptional visibleToOtherPlayersoptional
social :
pluginConfigs :
AccountService.identityProviderPlugins :
plugins :
Okta :
class : "pragma.account.OktaIdentityProviderPlugin"
config :
clientId : "${OktaClientId}"
clientSecret : "${OktaClientSecret}"
authorizationUri : "https://your-okta-subdomain.okta.com/oauth2/v1/authorize"
tokenUri : "https://your-okta-subdomain.okta.com/oauth2/v1/token"
userInfoUri : "https://your-okta-subdomain.okta.com/oauth2/v1/userinfo"
redirectUri : "http://localhost:11000/v1/account/Okta-redirect"
requireEmailVerification : true
playerLoginEnabled : false
operatorLoginEnabled : true
accountLinkingEnabled : false
showPortalLoginButton : true
visibleToOtherPlayers : false
Auth0 configuration
value description clientIdauth0 OAuth ID that identifies developer’s auth0 app while making authorization requests clientSecretencrypted OAuth secret for the auth0 app referenced by the clientId property authorizationUriURI the user will be sent to for authenticatication with Auth0 tokenUriURI to obtain an access token by sending an auth code userInfoUriURI to obtain information about the user redirectUrioptional requireEmailVerificationboolean determining whether email is required playerLoginEnabledoptional operatorLoginEnabledoptional accountLinkingEnabledoptional showPortalLoginButtonoptional visibleToOtherPlayersoptional
social :
pluginConfigs :
AccountService.identityProviderPlugins :
plugins :
Twitch :
class : "pragma.account.Auth0IdentityProviderPlugin"
config :
clientId : "auth0-client-id"
clientSecret : "auth0-client-secret"
authorizationUri : "https://your-auth0-subdomain.us.auth0.com/authorize"
tokenUri : "https://your-auth0-subdomain.us.auth0.com/oauth/token"
userInfoUri : "https://your-auth0-subdomain.us.auth0.com/userinfo"
redirectUri : "https://localhost:11200/v1/oauth-redirect/auth0"
requireEmailVerification : true
playerLoginEnabled : false
operatorLoginEnabled : true
accountLinkingEnabled : false
showPortalLoginButton : true
visibleToOtherPlayers : false
Playstation configuration
Pragma Engine supports PlayStation Network integration. Contact us for details.
Xbox configuration
Pragma Engine supports Xbox integration. Contact us for details.
Add OAuth redirect URIs
# Any identity provider that uses OAuth requires a list of authorized redirect URIs to allow the Pragma Engine platform to generate an access code and authorization token. As an example, below are the URIs you will need to add to Discord’s developer console OAuth2 Redirects.
To enable authentication for the SDK or external clients, you must add:
http://localhost:11000/v1/account/discord-redirectTo enable Operator Portal authentication, you must add:
http://localhost:11200/redirect/SignInDiscordhttp://localhost:10200/redirect/SignInDiscordTo enable Player Portal authentication and account linking, you must add:
http://localhost:11000/redirect/SignInDiscordhttp://localhost:11000/redirect/LinkDiscordWhen used on a deployed shard environment, replace these links with your own Pragma Engine hostname.
Error types
# error type description AccountService_IdProviderMissingIdentity provider is not configured in Pragma Engine. AccountService_InvalidIdProviderIdentity provider enum type does not exist in IdProvider or ExtIdProvider enums. AccountService_IdProviderLinkingDisabledaccountLinkingEnabled config value is set to false for this identity provider.AccountService_IdProviderAlreadyAssociatedIdentity provider account is already linked to an existing Pragma Account. AccountService_AccountAlreadyBoundToProviderTypeA Pragma Account can not simultaneously be linked to the same identity provider type more than once. AccountService_CannotUnlinkOnlyIdProviderIdentity provider is the last one linked to Pragma Account. Every Pragma Account needs at least one identity provider associated with it to be reachable. AccountService_IdProviderAuthenticationDisabledplayerLoginEnabled or operatorLoginEnabled config value is set to false for this identity provider.AccountService_UnauthorizedUser does not meet authorization requirements for identity provider. AccountService_UnverifiedUser’s account has not been verified. AccountService_IdProviderUnexpectedResponsePragma Engine received a response from the identity provider’s API that was unexpected.
Manage identity providers in Operator Portal
# Identity providers can be viewed and managed within the Operator Portal.
From the Social Operator Portal, click Services , then click Accounts . Click on the relevant player name to view individual account information. View the player’s identity providers. Unlinking an identity provider
# Removing an identity provider from an account is a permanent action and cannot be undone.
From the Social Operator Portal, click Services , then click Accounts . Click on the relevant player name to view individual account information. View the player’s identity providers. Hover over the identity provider you’d like to remove and click unlink . Confirm you want to unlink the identity provider. Alternatively, the following endpoints can be used to unlink an identity provider:
AccountRpc.UnlinkIdentityProviderAccountPartnerV1RequestAccountRpc.UnlinkIdentityProviderAccountServiceV1RequestAccountRpc.UnlinkIdentityProviderAccountOperatorV1RequestFiltering by identity provider
# Accounts can be filtered in Operator Portal by identity provider. This includes identity providers that are no longer used or disabled. For example, even if login is disabled for Steam, accounts will still appear when you filter by Steam in Operator Portal.
You can choose which identity providers are visible to other players using the config value visibleToOtherPlayers.
Below is an example of how to hide the Steam identity provider from other players:
Steam :
class : "pragma.account.SteamIdentityProviderPlugin"
config :
appId : "1627080"
steamWebAPIKey : "3CD023D13769C48A24FDFCCB3398D68A"
visibleToOtherPlayers : false
Contents #
%22/%3E%3Cpath%20d=%22M82%20113.698c1.821%201.063%201.834%202.78.0%203.843l-13.084%207.687a7.17%207.17.0%2001-3.284.798%207.17%207.17.0%2001-3.284-.798l-13.16-7.687c-1.821-1.063-1.834-2.78.0-3.843l13.084-7.687a7.168%207.168.0%20016.568.0L82%20113.698z%22%20fill=%22url(%23b)%22/%3E%3Cpath%20d=%22M73.16%20114.658a.985.985.0%2001.487.368%201.037%201.037.0%20010%201.186.981.981.0%2001-.486.369l-6.383%203.846a3.438%203.438.0%2001-3.198.0l-6.42-3.846a.982.982.0%2001-.486-.369%201.035%201.035.0%20010-1.186.986.986.0%2001.486-.368l6.383-3.846a3.438%203.438.0%20013.198.0l6.42%203.846z%22%20fill=%22%23fff%22/%3E%3Cpath%20d=%22M111%2048c-1.455-.642-37.943-12.532-45.55-14.5-7.607%202.022-43.495%2016.358-44.95%2017l37.504%2065.718c.106.239.291.435.524.556l5.542%203.209a3.038%203.038.0%20002.76.0l5.51-3.209c.25-.123.441-.338.535-.599L111%2048z%22%20fill=%22url(%23c)%22/%3E%3Cpath%20fill-rule=%22evenodd%22%20clip-rule=%22evenodd%22%20d=%22M109.533%2040.686c-6.925%203.665-17.69%203.562-24.4-.311-6.892-3.98-6.892-10.431.0-14.41%201.422-.822%203.026-1.473%204.737-1.955-17.595-6.637-41.42-5.496-56.87%203.424-17.72%2010.23-17.72%2026.815.0%2037.044%2017.719%2010.23%2046.447%2010.23%2064.167.0%2011.194-6.462%2015.316-15.461%2012.366-23.792z%22%20fill=%22url(%23d)%22/%3E%3Cg%20opacity=%22.7%22%20filter=%22url(%23e)%22%3E%3Ccircle%20r=%2237.046%22%20transform=%22scale(1.22477%20.70706)%20rotate(45%20-55.303%2098.057)%22%20fill=%22url(%23f)%22/%3E%3C/g%3E%3Cpath%20fill-rule=%22evenodd%22%20clip-rule=%22evenodd%22%20d=%22M96.321%2027.615a8.615%208.615.0%2001-2.019-.824c-2.848-1.644-2.848-4.31.0-5.954%201.296-.748%202.958-1.156%204.653-1.223a41.764%2041.764.0%2000-1.788-1.092c-17.72-10.23-46.448-10.23-64.168.0-17.72%2010.23-17.72%2026.814.0%2037.044s46.448%2010.23%2064.168.0c8.025-4.633%2012.416-10.57%2013.172-16.63-4.598%201.417-10.442%201.007-14.318-1.23-4.746-2.74-4.746-7.183.0-9.923.099-.057.199-.113.3-.168zm9.666-1.923a2.064%202.064.0%2001-.068.076l.139.01c-.023-.03-.047-.058-.071-.086z%22%20fill=%22url(%23g)%22/%3E%3Ccircle%20r=%222%22%20transform=%22matrix(.86604%20.49997%20-.86604%20.49997%2062.464%2051)%22%20fill=%22%23121212%22/%3E%3Ccircle%20r=%222%22%20transform=%22matrix(.86604%20.49997%20-.86604%20.49997%2081.464%2045)%22%20fill=%22%23121212%22/%3E%3Ccircle%20r=%222%22%20transform=%22matrix(.86604%20.49997%20-.86604%20.49997%2043.642%2031)%22%20fill=%22%23121212%22/%3E%3Ccircle%20r=%222%22%20transform=%22matrix(.86604%20.49997%20-.86604%20.49997%2039.464%2045)%22%20fill=%22%23121212%22/%3E%3Ccircle%20r=%222%22%20transform=%22scale(1.22477%20.70706)%20rotate(45%20-12.95%2084.623)%22%20fill=%22%23121212%22/%3E%3Ccircle%20r=%222%22%20transform=%22matrix(.86604%20.49997%20-.86604%20.49997%2062.464%2035)%22%20fill=%22%23121212%22/%3E%3Cdefs%3E%3ClinearGradient%20id=%22a%22%20x1=%2265.415%22%20y1=%22133.384%22%20x2=%2262.707%22%20y2=%22116.141%22%20gradientUnits=%22userSpaceOnUse%22%3E%3Cstop%20stop-color=%22%23bebebe%22/%3E%3Cstop%20offset=%221%22%20stop-color=%22%23fff%22/%3E%3C/linearGradient%3E%3ClinearGradient%20id=%22b%22%20x1=%2265.415%22%20y1=%22126.531%22%20x2=%2257.672%22%20y2=%22104.287%22%20gradientUnits=%22userSpaceOnUse%22%3E%3Cstop%20stop-color=%22%23bebebe%22/%3E%3Cstop%20offset=%221%22%20stop-color=%22%23fff%22/%3E%3C/linearGradient%3E%3ClinearGradient%20id=%22c%22%20x1=%2265.409%22%20y1=%22107.427%22%20x2=%2265.409%22%20y2=%2274.173%22%20gradientUnits=%22userSpaceOnUse%22%3E%3Cstop%20stop-color=%22%23fff%22%20stop-opacity=%22.72%22/%3E%3Cstop%20offset=%221%22%20stop-color=%22%23fff%22%20stop-opacity=%220%22/%3E%3C/linearGradient%3E%3ClinearGradient%20id=%22d%22%20x1=%2265.007%22%20y1=%2270.496%22%20x2=%2261.493%22%20y2=%22.477%22%20gradientUnits=%22userSpaceOnUse%22%3E%3Cstop%20stop-color=%22%23edf2f9%22/%3E%3Cstop%20offset=%221%22%20stop-color=%22%23fff%22%20stop-opacity=%220%22/%3E%3C/linearGradient%3E%3ClinearGradient%20id=%22f%22%20x1=%2270.425%22%20y1=%2221.274%22%20x2=%22-.284%22%20y2=%2248.41%22%20gradientUnits=%22userSpaceOnUse%22%3E%3Cstop%20stop-color=%22%231efff1%22/%3E%3Cstop%20offset=%221%22%20stop-color=%22%231548ff%22/%3E%3C/linearGradient%3E%3ClinearGradient%20id=%22g%22%20x1=%2220.05%22%20y1=%2263.78%22%20x2=%2255.07%22%20y2=%22-9.969%22%20gradientUnits=%22userSpaceOnUse%22%3E%3Cstop%20offset=%22.156%22%20stop-color=%22%231efff1%22/%3E%3Cstop%20offset=%221%22%20stop-color=%22%231548ff%22/%3E%3C/linearGradient%3E%3Cfilter%20id=%22e%22%20x=%224.71%22%20y=%226.763%22%20width=%22120.747%22%20height=%2282.388%22%20filterUnits=%22userSpaceOnUse%22%20color-interpolation-filters=%22sRGB%22%3E%3CfeFlood%20flood-opacity=%220%22%20result=%22BackgroundImageFix%22/%3E%3CfeBlend%20in=%22SourceGraphic%22%20in2=%22BackgroundImageFix%22%20result=%22shape%22/%3E%3CfeGaussianBlur%20stdDeviation=%227.5%22%20result=%22effect1_foregroundBlur%22/%3E%3C/filter%3E%3C/defs%3E%3C/svg%3E)