Facebook Login For Gaming
Feature Overview
Built with game developers in mind, the new Facebook Login for Gaming enables authentication and users’ ability to give access permissions. It gives players a fast, convenient way to log in to a game across multiple platforms and to use custom player names and avatars.
Facebook Login for Gaming is the foundational layer that unlocks new Facebook Gaming Services like the new Player Finder and Sharing for Gaming.
 |  |
Facebook Login button in the game | Facebook Login for Gaming user experience |
 |  |
Optional step to customize player name | Optional step to choose an avatar |
Prerequisites
Your application needs to enroll in Gaming Services to access features in this document. Follow the instructions to enroll your application.
NEW: Limited Login
Limited Login offers a login path that implements steps designed to prevent the fact that a person used Facebook to log in to your app from being used to target advertising or measure advertising effectiveness.
How it Works
Limited Login returns an AuthenticationToken that wraps an OpenID Connect token. The ID token cannot be used to request additional data using the Graph API, such as friends, photos, or pages. Doing so requires the use of classic Facebook Login.
A successful login populates a global AuthenticationToken instance. You can provide a nonce for the login attempt that will be reflected in the return token. In addition, Limited Login populates a shared profile instance that contains the basic information including ID, name, profile picture, and email (if granted by the user).
See Also
Technical Implementation
Using Facebook SDK
It’s highly recommended to use Facebook SDK to integrate with Facebook Login for Gaming, which supports the same SDK methods as Facebook Login. If this is the first time you're integrating the Facebook SDK into your App, refer to the configuration guide before proceeding.
Compatible Facebook SDK will also make graph API calls to the gaming graph domain (graph.fb.gg) based on token received. Read more about gaming graph domain. The minimal SDK requirement for different platform are as follows:
- iOS: v6.4
- Android: v6.4
- Unity3D: v7.19.2
Manually Implement Facebook Login for Gaming
Developers can also manually implement the support for Facebook Login for Gaming and gaming graph domain, using following methodology:
Requestable Permissions
Currently supported permissions for Facebook Login for Gaming are:
| Permission | Granted Access | Required/Optional | Need App Review |
|---|---|---|---|
| User's player name and avatar. This replaces | Required | No |
| User's first name and profile picture. | Optional | No |
| User's email address. | Optional | No |
| User's Facebook friends who play the same game and granted this permission. | Optional | Yes |
Any other permission requested will be ignored and returned as denied.
Requesting User's Profile Picture
To request user's profile picture, add gaming_user_picture into the list of permissions requested during login. This permission does not require App Review. When requesting this permission, Facebook Login for Gaming will provide two options for users to choose from:
 | |
When | When |
- If user chooses the Facebook Profile option, both
gaming_profileandgaming_user_picturepermissions will be granted to application.
GET graph.fb.gg/v7.0/me/picture // return profile picture
- If user chooses the gaming name and avatar option, only
gaming_profilepermission will be granted to application.
GET graph.fb.gg/v7.0/me/picture // return avatar
Sample Requests
After integrating Facebook Login for Gaming, your application will gain access to the user’s player name and avatar, or first name and profile picture depends on permission granted by user. You can access them through the FB SDK or directly via our graph API, by calling gaming graph domain (graph.fb.gg):
Query user's player name:
GET graph.fb.gg/v7.0/me?field=name
Query user's avatar or profile picture:
GET graph.fb.gg/v7.0/me/picture
Query user’s granted permissions:
GET graph.fb.gg/v7.0/me/permissions
Query user’s Facebook Friends who also play:
GET graph.fb.gg/v7.0/me/friends
For a full list of available endpoints on gaming graph domain, refer to this document.
App Scoped User ID
After users connected account with Facebook Login for Gaming, your application will receive app-scoped user IDs as identifier for each user. If your application has integrated with Facebook Login before enabling Facebook Login for Gaming, users' app-scoped user IDs will not change, to allow progress be carried over.
Configuration
After your app has been added to the allow list, visit the Facebook developer panel to configure Facebook Login for Gaming through your App’s developer dashboard:
https://developers.facebook.com/apps/<APP_ID>/game-addins/gaming-login/
If you can't access this page, your application might need to enroll in Gaming Services. Follow the instructions on enrolling your application.
There are several configuration options available for Facebook Login for Gaming:
- Enable Login for Web: Turn this on if you want to enable Login on desktop websites.
- Enable Login for Embedded Browser: Turn this on if you want to enable Login on embedded browser (in mobile applications).
- Valid OAuth Redirect URIs: Configure the URLs of your website or application for valid redirections from Login page. If you are using our FB SDK, there is no need to configure this. If you are not using our SDK and are manually building a login flow, refer to our Manual Login Flow guide.
Preparing a Test App
To start exploring the features without impacting your production builds, we recommend creating a Test App based on your production app. A new Test App can be added through developer site:
The newly created Test App will be loosely coupled with your main App, but with its own App ID. This allows you to test the Login feature safely without impacting your production builds. We require this App ID to be on the allow list together with the main App ID to be enabled for Facebook Login for Gaming.
Test Apps share the same app-scoped User ID namespace as your production app making it simpler to debug issues with app-scoped IDs, or in cases where you use a copy of your production database for development.
Migrating from Facebook Login
For existing users who have connected with Facebook Login before the application migrates to gaming graph domain, the follow user experience are expected to them:
- For users who have a valid token from Facebook Login before, they will remain logged in and those tokens will continue to be valid for calling graph APIs on graph.facebook.com. However, these tokens cannot be extended, and will expire at the end of its current expiration time.
- When token expires for existing users, they need to connect their account again using Facebook Login for Games, and receive a new token accessible to gaming graph domain. If application is integrated with Facebook SDK, this re-authentication will happen automatically. This token can be extended as long as user continue using the application.
- When users who have a valid token from Facebook Login (described in paragraph 1) query for friend's name or profile picture and that friend has logged in and received a token that accesses the gaming graph domain (described in paragraph 2) they will not get a return value for name and a gender-neutral silhouette as the picture. There are two new fields that can be queried in this case, gaming_name and gaming_picture that will return the player name and avatar of the friend. This will only occur when a user has an access token from before migration and tries to view a user that has logged in and gotten an access token after migration.
- For new users, they need to connect their account using Facebook Login for Games and receive a token accessible to gamin graph domain. This token can be extended as long as user continue using the application.