WebAuthenticationBroker / Web Authentication solution for standalone Unity

Twitter, Facebook, Google and really most authentication providers outside Steam and game centric ones use Web Authentication this is also true for smaller/lesser known backend services.

Point being Unity needs a means by which a standalone build can availale of these tools that is use web authentication to secure a connection with these web services. The typical approch in a traditional windows program is to use WebAuthenticationBroker but of course that isn't available to us in Unity. You can also use a WebView but of course again not an option in Unity short of trying to get chromium or similar working nicely. There are options like Firebase which may work ... haven't used it though as it has a cost and what would we be paying for really ... the ability to parse the authentication token off the redirect of a web call?

So has anyone found a solution to what seems like it should be a very simple thing to do that will work in Unity standalone builds and does not depend on 3rd party services e.g. Firebase?

 

Doing more research and the result is still the same as best I can tell there is no way to handle a service that uses web authentication from a Unity stand alone build short of trying to hamfist a browser into Unity and hope it doesn't break. If your on Windows you can wrap around WebAuthenticationBroker as you might other platform specific options but to my knowledge there isn't a solution for Linux and Mac.

 

That's basically been our experience. It's a real struggle since we're in the AEC space -- we have data in secure portals that we want to access, and there's not many easy ways to make oauth with a browser step work (as far as we can tell). A solution here would be valuable

 

It looks like they might have potential plans for an authentication solution.

https://blogs.unity3d.com/2019/09/19/support-for-apple-sign-in/

"Whether you maintain an in-house system or rely on third-party login services, we want to help make the player experience more seamless while providing flexibility for game developers. With that in mind, we also want to take this opportunity to share plans for our upcoming User Authentication solution, available later this year."

"
The upcoming User Authentication solution will consist of Unity hosted authentication and authorization APIs, a Unity package that implements login and key auth workflows independent of backend implementation, and a drop-in Prefab to address UX specific requirements such as those required by Sign in with Apple.

Our first release of User Authentication will provide support for authentication via email id/password and Sign in with Apple (including support on Android) as a federated identity provider. Additionally, this new solution will be extensible, enabling you to integrate any additional custom or third-party federated identity providers of your choice. User Authentication will allow you to configure identity providers across multiple platforms within the Unity Editor using a common, simplified API."

 

That's good news. I skipped that blog post, thinking it was primarily Sign In by Apple, but seems to be much more general. Thanks for the info!

 

You can do Application.OPENURL to execute the consent and then retrieve your token. So not as drastic as shoving a browser into your build, but yes it does require a backend to perform the auth code => token exchange for you.

 

How do you get the response with an application openurl?...you would need the tokenid from the response at the very least

 

For forms and more complex stuff you'd likely want to use UnityWebRequest instead:
https://docs.unity3d.com/ScriptReference/Networking.UnityWebRequest.html

 

the problem with forms is that you cant have the user consent to anything which is needed - google and etal will respond with a consent form which teh user must provide a response for hence why the openurl is necessary - if we can somehow post the data in the openurl and get the browser to send that initial REST data this should work. it would request converting the post and url to a url that can be loaded from the browser

 

(-_-)

....Also see WWWForm class.
https://docs.unity3d.com/ScriptReference/WWWForm.html

The thing about forms is that they require POST requires and not GET request. And that is why you cannot use openurl for them.

 

The best solution we have found available with the current tooling in Unity is
1) Start up a web server and listen on a free port, basically http://localhost:openPort is going to be your redirect
2) Create a temp HTML with a bit of script that runs on load that calls your POST or similar
3) Process Start with this HTML to launch the default browser to execute, this will call your POST which should include your redirect URL as noted above i.e. http://localhost:openPort

This works ... in at least most cases but is wonky as hell and very fragile. It apparently is what tools like Dropbox does and what Google recommends as well as sample code you can find here and there regarding the use of OAuth and similar on Windows for example.

Ultimately we have simply decided to avoid any service that requires a redirect solution for authentication which cuts a lot of options out but saves for a lot of issues.

What I would really like to see is a proper stable browser tool in Unity so we can handle this sort of thing inside the app and not need to kick off into IE, Chrome, etc. While there are several tools that claim to do this all we have looked into are heavy, bloated, work on a single platform or few platforms and in short are just not fit for purpose. This leaves the above noted solution as the best option at the moment unless of course your happy to use Firebase or similar 3rd party solutions to handle auth, etc. for you

Has anyone else come up with another / better option to any of the above?

 

I think spinning up your own service or using a BaaS like Firebase as you suggest is a better option. It is overhead but less fragile.

But agree either option is far from ideal.

 

I agree it is a better technical option but it does often add maintenance cost for your game to run. We often have projects where the base requirement is the game has a 0 operating cost, meaning that if the company that is maintaining it shutters, the users can still use it.

On a different note just saw some people are using
https://assetstore.unity.com/packag...ep-link-and-web-link-associati-125172#content
To handle redirects, I did see sort of option noted in some of Google's documentation e.g. custom URL scheme, not sure how stable of an option it would be but thought I would share.

 

Any update on this? I'm going through something similar

 

+1

 

Any updates?

 

None that I have found.

The best option we have at current is if your app can use a backend service to handle it
If like us you have a requirement of zero maintenance cost then you can ham fist a web server into your build but of course that will have some issues on some platforms.

Various platforms have a method to deal with it such as Windows Web Broker I think its called but that means you need to find the solution per-platform and code for each.