Xbox
This feature is only available in paid plans. To learn more, see our pricing page.
Available since version 1.28.0
This section explains how to add a Login with Xbox button to FusionAuth. Below is an example login page with the Xbox Identity Provider enabled.
Once you have completed this configuration you will be able to enable the Xbox login button for one or more FusionAuth Applications. Below is an example login page with the Xbox Identity Provider enabled.

Here's a diagram of the login flow between:
- the user
- your application
- FusionAuth and
- a remote identity provider
sequenceDiagram
participant User as User/Browser
participant App
participant FusionAuth
participant IdentityProvider as Provider
User ->> App : View Initial Page<br/>Click Login
App ->> User : Displays Login Page<br/>Including Link To 'Login With Provider'
User ->> App : Clicks On 'Login With Provider'
App ->> User : Redirect To Provider Authorization URL
User ->> IdentityProvider : Enters Credentials
IdentityProvider ->> IdentityProvider : Validate Credentials
IdentityProvider ->> User : Redirect to App With Authorization Code
User ->> App : Requests Page, Has Authorization Code
App ->> FusionAuth : Calls Complete Login<br/>With Code And Redirect URI
FusionAuth ->> IdentityProvider : Exchanges Code And<br/>Redirect URI For Provider Token
IdentityProvider ->> FusionAuth : Returns Provider Token
FusionAuth ->> FusionAuth : Stores Provivider Token, Calls Lambda, Creates User And Registrations (If Needed), Generates FusionAuth Tokens
FusionAuth ->> App : Return FusionAuth Tokens
App ->> App : Create Session Or<br/>Otherwise Log User In
Note over User, IdentityProvider: User Is Logged In And App Can Proceed<br/>Delivering Data And Functionality
Although this looks complex, the user only sees a few screens, such as the FusionAuth login screen, the provider login screen, and your application.
Create an Xbox Account#
Follow instructions for obtaining a Client id and Client secret from the Xbox documentation.
Create an Xbox Identity Provider#
To enable Xbox for an Application:
-
Navigate to Settings -> Identity Providers .
-
Click the Add provider dropdown and select Xbox . This will take you to the Add Xbox screen.
- Fill out the required fields; your identity provider can provide most of these values. For a detailed description of each field, see the documentation for Xbox.
-
In the Applications configuration section at the bottom of this panel, find your application name.
-
To dynamically create FusionAuth user accounts (with default roles) for all users who successfully authenticate using this provider, select Create registration . If you disable this option, only an administrator with registration permissions can create new users for this application with access via Sign in with Xbox.
- You should now see the Sign in with Xbox button on the login page for the Pied Piper application.
Form Fields
IdoptionalAvailable since 1.61.0An optional UUID. When this value is omitted a unique Id will be generated automatically.
TenantoptionalAvailable since 1.62.0The tenant to which this identity provider belongs. This field only displays when the user selects a specific tenant on the previous page. When Global identity provider is selected on the previous page, this field does not display.
NamerequiredAvailable since 1.61.0A unique name to identify the identity provider. This name is for display purposes only and it can be modified later if desired.
Client IdrequiredThe unique client identifier obtained from Xbox. See Xbox - Getting Started.
Client secretrequiredThe client secret obtained from Xbox and used to authenticate the request. See Xbox - Getting Started.
Button textoptionalThe text to be displayed in the button on the login form. This value is defaulted to Login with Xbox but it may be modified to your preference.
Linking strategyoptionalDefaults to Create a pending linkThe linking strategy for the Xbox provider. See Linking Strategies for more.
Reconcile lambdaoptionalA lambda maps custom claims returned from Xbox to the FusionAuth User or Registration. To create or configure a lambda, navigate to Customizations -> Lambdas . See the lambda documentation for more.
Debug enabledoptionalDefaults to falseEnable debug to create event log entries during the user login process. This will assist you in debugging integration issues.
Building Your Own Integration#
If you are building your own login experience, you'll want to start the identity provider flow yourself and then complete the login.
You might do this if you are using the Login API rather than using the hosted FusionAuth login pages. Here's a diagram illustrating this login flow:
sequenceDiagram
participant User as User/Browser
participant App
participant FusionAuth
participant IdentityProvider as Provider
User ->> App : View Initial Page<br/>Click Login
App ->> User : Displays Login Page<br/>Including Link To 'Login With Provider'
User ->> App : Clicks On 'Login With Provider'
App ->> User : Redirect To Provider Authorization URL
User ->> IdentityProvider : Enters Credentials
IdentityProvider ->> IdentityProvider : Validate Credentials
IdentityProvider ->> User : Redirect to App With Authorization Code
User ->> App : Requests Page, Has Authorization Code
App ->> FusionAuth : Calls Complete Login<br/>With Code And Redirect URI
FusionAuth ->> IdentityProvider : Exchanges Code And<br/>Redirect URI For Provider Token
IdentityProvider ->> FusionAuth : Returns Provider Token
FusionAuth ->> FusionAuth : Stores Provider Token, Calls Lambda, Creates User And Registrations (If Needed), Generates FusionAuth Tokens
FusionAuth ->> App : Return FusionAuth Tokens
App ->> App : Create Session Or<br/>Otherwise Log User In
Note over User, IdentityProvider: User Is Logged In And App Can Proceed<br/>Delivering Data And Functionality
If you require a refresh token after completing the login, ensure Enable JWT Refresh is true in the application configuration. This is found in the administrative user interface by navigating to Applications -> Your Application -> Security -> Login API settings .