Midasbuy Mini Game Login SDK Protocol

Overview

The minigame-login SDK is a login authentication solution provided by MidasBuy for mini game developers. Through frontend SDK encapsulation, it simplifies game integration processes and reduces backend integration costs.

Overall

SDK Interface Specification

1. Initialization

1.1 Include SDK

<script src="https://cdn.midasbuy.com/js/minigame-login.stable.js"></script>

1.2 Initialize Configuration

MidasbuyLogin.init({
  appId: '146000xxx',           // Application ID assigned by MidasBuy
  environment: 'production',       // Environment: 'production' | 'sandbox'
  debug: false,                   // Enable debug mode
  timeout: 30000                  // Request timeout (milliseconds)
});

Parameter Description:

Parameter	Type	Required	Description
appId	String	Yes	Application ID assigned by MidasBuy
environment	String	No	Environment configuration, default 'production'
debug	Boolean	No	Debug mode, default false
timeout	Number	No	Timeout duration, default 30000ms

MidasbuyLogin.login({
  success: function(result) {
    // Login success callback
    console.log('Login successful:', result);
  },
  fail: function(error) {
    // Login failure callback
    console.log('Login failed:', error);
  }
});

Parameter Description:

Parameter	Type	Required	Description
success	Function	No	Login success callback function
fail	Function	No	Login failure callback function

Success Callback Parameters:

{
  code: 0,
  message: 'success',
  data: {
    jwtToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
    expiresIn: 3600,
    refreshToken: 'rt_xxxxxxxxxxxxxxxx'
  }
}

Failure Callback Parameters:

{
  code: -1,
  message: 'Error description',
  error: 'ERROR_CODE'
}

2.2 Promise-based Call

try {
  const result = await MidasbuyLogin.login();
  console.log('Login successful:', result);
} catch (error) {
  console.log('Login failed:', error);
}

3. Token Management

3.1 Get Current Token

const currentToken = MidasbuyLogin.getToken();
console.log('Current JWT Token:', currentToken);

3.2 Refresh Token

MidasbuyLogin.refreshToken({
  refreshToken: 'rt_xxxxxxxxxxxxxxxx',
  success: function(result) {
    console.log('Token refresh successful:', result);
  },
  fail: function(error) {
    console.log('Token refresh failed:', error);
  }
});

3.3 Clear Token

MidasbuyLogin.clearToken();

4. User Information

4.1 Get User Information

const userInfo = MidasbuyLogin.getUserInfo();
console.log('User information:', userInfo);

const isLoggedIn = MidasbuyLogin.isLoggedIn();
console.log('Is logged in:', isLoggedIn);

5. Event Listeners

MidasbuyLogin.on('loginStatusChanged', function(status) {
  console.log('Login status changed:', status);
  // status: 'logged_in' | 'logged_out' | 'token_expired'
});

5.2 Listen to Token Expiration

MidasbuyLogin.on('tokenExpired', function() {
  console.log('Token has expired, need to re-login');
  // Auto refresh or prompt user to re-login
});

5.3 Remove Event Listeners

MidasbuyLogin.off('loginStatusChanged');
MidasbuyLogin.off('tokenExpired');

Error Code Specification

Client Error Codes

Error Code	Error Message	Description
-1	UNKNOWN_ERROR	Unknown error
-2	INVALID_PARAMS	Invalid parameters
-3	NETWORK_ERROR	Network error
-4	TIMEOUT_ERROR	Request timeout
-5	TOKEN_INVALID	Invalid token
-6	TOKEN_EXPIRED	Token expired
-7	GAME_SERVER_ERROR	Game server error
-8	USER_CANCELLED	User cancelled operation

Server Error Codes

Error Code	Error Message	Description
1001	INVALID_GAME_TOKEN	Invalid GameToken
1002	GAME_TOKEN_EXPIRED	GameToken expired
1003	INVALID_OFFER_ID	Invalid app ID
1004	INVALID_GAME_SERVER_URL	Invalid game server URL
1005	JWT_GENERATION_FAILED	JWT generation failed
1006	RATE_LIMIT_EXCEEDED	Rate limit exceeded

Security Features

1. JWT Token Structure

// Header
{
  "alg": "HS256",
  "typ": "JWT"
}

// Payload
{
  "openid": "test_id_1",             // User OpenID
  "user_name": "test_1",             // User Name
  "avatar": "https://avatar.url",     // User Avatar
  "sub": "12345",                    // User ID
  "iss": "midasbuy",                 // Issuer
  "aud": "146000xxx",            // Audience (appId)
  "exp": 1642150800,                 // Expiration time
  "iat": 1642147200,                 // Issued at
  "jti": "unique-token-id",          // Unique token identifier
}

2. Security Measures

Token Validity: JWT Token is valid for 1 hour
Refresh Mechanism: Provides RefreshToken for seamless refresh
Domain Binding: Token is bound to specific appId
Anti-Replay: Each request includes timestamp and nonce
HTTPS Transport: All interfaces must use HTTPS

Important Notes

HTTPS Required: Production environment must use HTTPS
Token Security: Do not store sensitive information on client side
Error Handling: Comprehensive error handling and user prompts
Performance Optimization: Reasonable use of caching, avoid frequent requests
Compatibility: Support for mainstream browsers and mobile devices

Overview​

Overall​

SDK Interface Specification​

1. Initialization​

1.1 Include SDK​

1.2 Initialize Configuration​

2. Login Interface​

2.1 login Method​

2.2 Promise-based Call​

3. Token Management​

3.1 Get Current Token​

3.2 Refresh Token​

3.3 Clear Token​

4. User Information​

4.1 Get User Information​

4.2 Check Login Status​

5. Event Listeners​

5.1 Listen to Login Status Changes​

5.2 Listen to Token Expiration​

5.3 Remove Event Listeners​

Error Code Specification​

Client Error Codes​

Server Error Codes​

Security Features​

1. JWT Token Structure​

2. Security Measures​

Important Notes​