Nintendo

This feature is only available in paid plans. To learn more, see our pricing page.

Available since version 1.36.0

This section explains how to add a Login with Nintendo button to FusionAuth. Below is an example login page with the Nintendo Identity Provider enabled.

Once you have completed this configuration you will be able to enable the Nintendo login button for one or more FusionAuth Applications. Below is an example login page with the Nintendo Identity Provider enabled.

Here's a diagram of the login flow between:

the user
your application
FusionAuth and
a remote identity provider

sequenceDiagram
    participant User as User/Browser
    participant App
    participant FusionAuth
    participant IdentityProvider as Provider

    User ->> App : View Initial Page<br/>Click Login
    App ->> User : Displays Login Page<br/>Including Link To 'Login With Provider'
    User ->> App : Clicks On 'Login With Provider'
    App ->> User : Redirect To Provider Authorization URL
    User ->> IdentityProvider : Enters Credentials
    IdentityProvider ->> IdentityProvider : Validate Credentials
    IdentityProvider ->> User : Redirect to App With Authorization Code
    User ->> App : Requests Page, Has Authorization Code
    App ->> FusionAuth : Calls Complete Login<br/>With Code And Redirect URI
    FusionAuth ->> IdentityProvider : Exchanges Code And<br/>Redirect URI For Provider Token
    IdentityProvider ->> FusionAuth : Returns Provider Token
    FusionAuth ->> FusionAuth : Stores Provivider Token, Calls Lambda, Creates User And Registrations (If Needed), Generates FusionAuth Tokens
    FusionAuth ->> App : Return FusionAuth Tokens
    App ->> App : Create Session Or<br/>Otherwise Log User In
    Note over User, IdentityProvider: User Is Logged In And App Can Proceed<br/>Delivering Data And Functionality

Although this looks complex, the user only sees a few screens, such as the FusionAuth login screen, the provider login screen, and your application.

Nintendo Developer Account#

Create a new Nintendo developer account or log into the Nintendo Developer Portal with an existing account. Retrieve an existing Client Id and Client secret or follow Nintendo documentation to request them. Contact Nintendo Developer support for additional information.

Create a Nintendo Identity Provider#

To enable Nintendo for an Application:

Navigate to Settings -> Identity Providers .
Click the Add provider dropdown and select Nintendo . This will take you to the Add Nintendo screen.
Fill out the required fields; your identity provider can provide most of these values. For a detailed description of each field, see the documentation for Nintendo.
In the Applications configuration section at the bottom of this panel, find your application name.
To dynamically create FusionAuth user accounts (with default roles) for all users who successfully authenticate using this provider, select Create registration . If you disable this option, only an administrator with registration permissions can create new users for this application with access via Sign in with Nintendo.
You should now see the Sign in with Nintendo button on the login page for the Pied Piper application.

Form Fields

IdAvailable since 1.61.0

An optional UUID. When this value is omitted a unique Id will be generated automatically.

TenantAvailable since 1.62.0

The tenant to which this identity provider belongs. This field only displays when the user selects a specific tenant on the previous page. When Global identity provider is selected on the previous page, this field does not display.

NamerequiredAvailable since 1.61.0

A unique name to identify the identity provider. This name is for display purposes only and it can be modified later if desired.

Client Idrequired

The unique client identifier obtained from Nintendo. See Nintendo Developer Portal.

Client secretrequired

The client secret obtained from Nintendo and used to authenticate the request. See Nintendo Developer Portal.

Button text

The text to be displayed in the button on the login form. This value is defaulted to Login with Nintendo but it may be modified to your preference.

Scope

The optional scope parameter used by Nintendo to request details about the user.

Linking strategyDefaults to Create a pending link

The linking strategy for the Nintendo provider. See Linking Strategies for more.

Reconcile lambda

A lambda maps custom claims returned from Nintendo to the FusionAuth User or Registration. To create or configure a lambda, navigate to Customizations -> Lambdas . See the lambda documentation for more.

Debug enabledDefaults to false

Enable debug to create event log entries during the user login process. This will assist you in debugging integration issues.

Options#

Form Fields#

Unique Id claimDefaults to id

The name of the claim that contains the immutable unique Id of the user.

Email claimDefaults to email

The name of the claim that will contain an email address.

Username claimDefaults to preferred_username

The name of the claim that will contain the user's username.

Building Your Own Integration#

If you are building your own login experience, you'll want to start the identity provider flow yourself and then complete the login.

You might do this if you are using the Login API rather than using the hosted FusionAuth login pages. Here's a diagram illustrating this login flow:

sequenceDiagram
    participant User as User/Browser
    participant App
    participant FusionAuth
    participant IdentityProvider as Provider

    User ->> App : View Initial Page<br/>Click Login
    App ->> User : Displays Login Page<br/>Including Link To 'Login With Provider'
    User ->> App : Clicks On 'Login With Provider'
    App ->> User : Redirect To Provider Authorization URL
    User ->> IdentityProvider : Enters Credentials
    IdentityProvider ->> IdentityProvider : Validate Credentials
    IdentityProvider ->> User : Redirect to App With Authorization Code
    User ->> App : Requests Page, Has Authorization Code
    App ->> FusionAuth : Calls Complete Login<br/>With Code And Redirect URI
    FusionAuth ->> IdentityProvider : Exchanges Code And<br/>Redirect URI For Provider Token
    IdentityProvider ->> FusionAuth : Returns Provider Token
    FusionAuth ->> FusionAuth : Stores Provider Token, Calls Lambda, Creates User And Registrations (If Needed), Generates FusionAuth Tokens
    FusionAuth ->> App : Return FusionAuth Tokens
    App ->> App : Create Session Or<br/>Otherwise Log User In
    Note over User, IdentityProvider: User Is Logged In And App Can Proceed<br/>Delivering Data And Functionality

If you require a refresh token after completing the login, ensure Enable JWT Refresh is true in the application configuration. This is found in the administrative user interface by navigating to Applications -> Your Application -> Security -> Login API settings .