Facebook Login For Gaming

Feature Overview

Built with game developers in mind, the new Facebook Login for Gaming enables authentication and users’ ability to give access permissions. It gives players a fast, convenient way to log in to a game across multiple platforms and to use custom player names and avatars.

Facebook Login for Gaming is the foundational layer that unlocks new Facebook Gaming Services like the new Player Finder and Sharing for Gaming.

Facebook Login button in the game

Facebook Login for Gaming user experience

Optional step to customize player name

Optional step to choose an avatar

Prerequisites

Your application needs to enroll in Gaming Services to access features in this document. Follow the instructions to enroll your application.

NEW: Limited Login

Limited Login offers a login path that implements steps designed to prevent the fact that a person used Facebook to log in to your app from being used to target advertising or measure advertising effectiveness.

How it Works

Limited Login returns an AuthenticationToken that wraps an OpenID Connect token. The ID token cannot be used to request additional data using the Graph API, such as friends, photos, or pages. Doing so requires the use of classic Facebook Login.

A successful login populates a global AuthenticationToken instance. You can provide a nonce for the login attempt that will be reflected in the return token. In addition, Limited Login populates a shared profile instance that contains the basic information including ID, name, profile picture, and email (if granted by the user).

See Also

Technical Implementation

Using Facebook SDK

It’s highly recommended to use Facebook SDK to integrate with Facebook Login for Gaming, which supports the same SDK methods as Facebook Login. If this is the first time you're integrating the Facebook SDK into your App, refer to the configuration guide before proceeding.

Compatible Facebook SDK will also make graph API calls to the gaming graph domain (graph.fb.gg) based on token received. Read more about gaming graph domain. The minimal SDK requirement for different platform are as follows:

  • iOS: v6.4
  • Android: v6.4
  • Unity3D: v7.19.2

Manually Implement Facebook Login for Gaming

Developers can also manually implement the support for Facebook Login for Gaming and gaming graph domain, using following methodology:

  1. Manually Build a Login Flow
  2. Prepare your application for gaming graph domain

Requestable Permissions

Currently supported permissions for Facebook Login for Gaming are:

PermissionGranted AccessRequired/OptionalNeed App Review

gaming_profile

User's player name and avatar. This replaces public_profile to be the default permission for gaming graph domain.

Required

No

gaming_user_picture

User's first name and profile picture.

Optional

No

email

User's email address.

Optional

No

user_friends

User's Facebook friends who play the same game and granted this permission.

Optional

Yes

Any other permission requested will be ignored and returned as denied.

Requesting User's Profile Picture

To request user's profile picture, add gaming_user_picture into the list of permissions requested during login. This permission does not require App Review. When requesting this permission, Facebook Login for Gaming will provide two options for users to choose from:

When gaming_user_picture is being requested.

When gaming_user_picture is not being requested.

  • If user chooses the Facebook Profile option, both gaming_profile and gaming_user_picture permissions will be granted to application.
GET graph.fb.gg/v7.0/me/picture // return profile picture
  • If user chooses the gaming name and avatar option, only gaming_profile permission will be granted to application.
GET graph.fb.gg/v7.0/me/picture // return avatar

Sample Requests

After integrating Facebook Login for Gaming, your application will gain access to the user’s player name and avatar, or first name and profile picture depends on permission granted by user. You can access them through the FB SDK or directly via our graph API, by calling gaming graph domain (graph.fb.gg):

Query user's player name:

GET graph.fb.gg/v7.0/me?field=name

Query user's avatar or profile picture:

GET graph.fb.gg/v7.0/me/picture

Query user’s granted permissions:

GET graph.fb.gg/v7.0/me/permissions

Query user’s Facebook Friends who also play:

GET graph.fb.gg/v7.0/me/friends

For a full list of available endpoints on gaming graph domain, refer to this document.

App Scoped User ID

After users connected account with Facebook Login for Gaming, your application will receive app-scoped user IDs as identifier for each user. If your application has integrated with Facebook Login before enabling Facebook Login for Gaming, users' app-scoped user IDs will not change, to allow progress be carried over.

Configuration

After your app has been added to the allow list, visit the Facebook developer panel to configure Facebook Login for Gaming through your App’s developer dashboard:

https://developers.facebook.com/apps/<APP_ID>/game-addins/gaming-login/

If you can't access this page, your application might need to enroll in Gaming Services. Follow the instructions on enrolling your application.

There are several configuration options available for Facebook Login for Gaming:

  1. Enable Login for Web: Turn this on if you want to enable Login on desktop websites.
  2. Enable Login for Embedded Browser: Turn this on if you want to enable Login on embedded browser (in mobile applications).
  3. Valid OAuth Redirect URIs: Configure the URLs of your website or application for valid redirections from Login page. If you are using our FB SDK, there is no need to configure this. If you are not using our SDK and are manually building a login flow, refer to our Manual Login Flow guide.

Preparing a Test App

To start exploring the features without impacting your production builds, we recommend creating a Test App based on your production app. A new Test App can be added through developer site:

The newly created Test App will be loosely coupled with your main App, but with its own App ID. This allows you to test the Login feature safely without impacting your production builds. We require this App ID to be on the allow list together with the main App ID to be enabled for Facebook Login for Gaming.

Test Apps share the same app-scoped User ID namespace as your production app making it simpler to debug issues with app-scoped IDs, or in cases where you use a copy of your production database for development.

Migrating from Facebook Login

For existing users who have connected with Facebook Login before the application migrates to gaming graph domain, the follow user experience are expected to them:

  1. For users who have a valid token from Facebook Login before, they will remain logged in and those tokens will continue to be valid for calling graph APIs on graph.facebook.com. However, these tokens cannot be extended, and will expire at the end of its current expiration time.
  2. When token expires for existing users, they need to connect their account again using Facebook Login for Games, and receive a new token accessible to gaming graph domain. If application is integrated with Facebook SDK, this re-authentication will happen automatically. This token can be extended as long as user continue using the application.
  3. When users who have a valid token from Facebook Login (described in paragraph 1) query for friend's name or profile picture and that friend has logged in and received a token that accesses the gaming graph domain (described in paragraph 2) they will not get a return value for name and a gender-neutral silhouette as the picture. There are two new fields that can be queried in this case, gaming_name and gaming_picture that will return the player name and avatar of the friend. This will only occur when a user has an access token from before migration and tries to view a user that has logged in and gotten an access token after migration.
  4. For new users, they need to connect their account using Facebook Login for Games and receive a token accessible to gamin graph domain. This token can be extended as long as user continue using the application.