Addressables with a secure cloud storage

Hello.

I'm experienced with regular asset bundles and I want to switch the project to Addressables. I think I finished the beginner stage of my Addressables experience. I am able to build addressable groups, upload them to our Google Cloud storage bucket and load the scenes and assets from there with no problem.

The problem starts when the storage bucket is configured as secure meaning that, to be able to download anything, I need to provide a auth token in the web request.

By the company policy, our cloud storage must be secure. Before Addressbles, we were downloading the regular asset bundles via http web request by providing the auth token in the request.

Since Addressables system downloads the groups automatically when I call Addressables.LoadSceneAsync method, I don't have a control on its internal web request. For that reason, I get an "Unauthorized" error when trying to load the addressable assets from the secure cloud.

How can I inject the auth token to Addressables's internal web request so that it will be able to download the groups securely?

 

Bump...

 

This is definitely something that should be (more) straight forward to do.
Though, I haven't found solutions myself, and it is not something we need straight away for our project, I have seen people encrypting the addressable bundles by using a custom build script. Maybe this could be something you could implement.

 

Hmm. Encrypting the bundles is not an option for me. The company requires all server-client communication to be authenticated by an auth token. To be able to download the bundle files from the server, Addressables has to pass a token in the download request.

I need help from Unity Addressables team, seriously.

 

1) The requirement is similar to make Addressable work with a signed URL
https://forum.unity.com/threads/loading-content-with-signed-urls.719783/#post-6798464

The #14 floor introduces an easy way to replace URL before sending to a web request if all you need is to append an auth token in a query string.

2) If you need to modify the HTTP header, then you have to check out the #6 floor, to write a new AssetBundleProvider. https://forum.unity.com/threads/loading-content-with-signed-urls.719783/#post-4882328.

AssetBundleProvider is not designed for overriding, so you have to copy-paste it to start hacking.

Here's a more complicated example to modify Addressable to work with Firebase. Read the README will give you a better view of how to configure Addressabels after writing a new AssetBundleProvider.

https://gitlab.com/robinbird-studio...base-tools/-/tree/master/Storage/Addressables

3) To view the source code of Addressable, please check out the unofficial needle-mirror project:

https://github.com/needle-mirror/co...ResourceProviders/AssetBundleProvider.cs#L127

 

I'll give it a try but re-implementing the entire AssetBundleProvider along with all its dependencies is very ugly workaround.

I am surprised that Unity Addressables team didn't give us a real access to the outgoing bundle downloader web request.

 

Even thou it's very VERY ugly, re-implementing the entire AssetBundleProvider along with all its dependencies became a workaround solution for me.

I just needed to add this line into the custom CreateWebRequest method before returning the created web request object to be able to overcome the security check on the server side.

webRequest.SetRequestHeader("Authorization", $"Bearer {PhoenixHttpClient.AccessToken}");

 

You’re not alone: https://forum.unity.com/threads/ext...g-is-marked-as-internal.1081322/#post-6990431

 

@Favo-Yang Thank you for all your help.

 

Wow. That sounds like a very good information. Much better than having a custom AssetBundleProvider implementation. I'll give it a try. Thank you.

 

Did You succeed in finding a solution ?
we are also looking for a solution with addressable stored on secure server (specify an auth token in the request).
Thanks for your help.

 

Yes. WebRequestOverride worked perfectly.

We call this during our app initialization only once:

Addressables.WebRequestOverride = SetAccessTokenForAddressablesWebRequest;

And this is the event handler itself:

static void SetAccessTokenForAddressablesWebRequest(UnityWebRequest Request) => Request.SetRequestHeader("Authorization", $"Bearer {PhoenixHttpClient.AccessToken}");

You just need to replace PhoenixHttpClient.AccessToken with your own access token.

 

How do you manage to get access tokens from oauth2.0?

 

Sorry for not being able to answer your question fully but... accessing the token from oauth2.0 is not directly related to the topic of this forum post and it may be different for different project.

In our Unity project, we get the token from our server via a POST request. The server is handling the communication with the auth system before sending us the token. So... I don't exactly know what's being done on the server side.