7.5 Account “Linking”

Currently, the JWT that is returned from this auth flow is not actually used as an authentication token when making calls to the Gala Games. It is purely used to get the userId of the user that launched the game.

Given this, some game teams have opted for an account linking flow. The flow is as follows:

  • A user opens the game and logs in with a normal game authentication method. For android apps, this would be the Google Play services login method. At this point a user record is created in the game’s database. Currently there is no link between this user and gala.
  • At some point in the game, the user is asked to link their Gala Games account. The user goes through the above Gala Games mobile login flow, and a JWT token is sent to the game’s server to validate the token.
  • With a valid JWT, the token can be decoded and a userID can be retrieved. The Gala Games userId can be saved in the existing user’s database record creating a “link” between the game user and a gala user. This can be considered an indefinite link, and Gala auth is no longer needed
    • One caveat to note is that there should only be one gala account ever linked to a single game user. A user should not be able to link a gala account to any number of game user accounts.