Search Unity

Question OpenID Connect Firebase Authentication error

Discussion in 'Authentication' started by Seforius, Jan 23, 2023.

  1. Seforius

    Seforius

    Joined:
    Jun 25, 2022
    Posts:
    10
    Hello! I am a reasonably new developer attempting to sign into Unity Authentication with OpenID Connect in order to use other UGS like Cloud Save and Economy. After a bit of research, I managed to cobble together a flow that works something like this:

    0. Create a Firebase project, link it with Unity, and register Firebase as an OIDC provider in my Unity project. (WORKING, however, unsure if I have registered Firebase as an OIDC provider properly!)
    1. Use Firebase API to register and login users using email/password (WORKING)
    2. Use the TokenAsync() method on the resultant FirebaseUser object in order to get what I believe to be the id token of the user (WORKING)
    3. Use that token along with the oidc ID provider that I have registered Firebase with Unity as in order to successfully SignInWithOpenIdConnectAsync() (NOT WORKING).

    Essentially, when I try to sign in using the token that I am getting from the FirebaseUser using the TokenAsync method, I get the following error:

    [Authentication]: Request completed with error: {"title":"PERMISSION_DENIED","detail":"invalid audience","details":[],"status":401}

    Here is a screenshot of the ID provider I have registered with Unity in my project (I have ommitted some of the ID for privacy. I think this might be where the error is coming from?):
    upload_2023-1-23_1-52-40.png

    Any insight into the OpenID Connect process and its integration with UGS would be extremely valuable since the documentation and forum posts out there are few and far between.

    Thank you!
     

    Attached Files:

    Seforius, Jan 23, 2023
    #1

  2. Seforius

    Seforius

    Joined:
    Jun 25, 2022
    Posts:
    10
    Nailed it myself. For those interested:

    The issue was with the ID provider registration in Unity (project settings or dashboard). I had to find the correct client ID and issuer URL in order to get past this error.

    For those wondering how to do this for Firebase (or perhaps for other OIDC providers as well) this is what I did.

    For Firebase:

    client ID = project ID. Should probably look like "name-123456".

    issuer url: https://securetoken.google.com/projectId

    More general approach:

    Try to get an ID token from your OIDC provider (for Firebase, call TokenAsync() on a FirebaseUser object). Then, decode the token (I used jwt.io) and try to find the client id and issuer url in the token's payload. For me, the client ID was in the "aud" field and the issuer URL was in the "iss" field.

    Good luck.
     
    Seforius, Jan 24, 2023
    #2
    kmowers, Joel-Santos, wanis_here and 1 other person like this.

  3. TheOrDOOR

    TheOrDOOR

    Joined:
    Mar 16, 2014
    Posts:
    5
    I would pay you money to see how you did this from step 1. Ridiculously hard to find documentation/support on how to basically: authenticate user with email and pw and make it work with UGS.
     
    TheOrDOOR, Feb 15, 2023
    #3
    kendrick_unity likes this.

  4. kendrick_unity

    kendrick_unity

    Joined:
    Apr 14, 2021
    Posts:
    5
    Yes, tutorial for Step 0 please! @Seforius
     
    kendrick_unity, May 10, 2023
    #4