-
Notifications
You must be signed in to change notification settings - Fork 0
Nate River edited this page Jul 17, 2024
·
6 revisions
The asset provides Facebook sign-in with OAuth 2.0 for Android, iOS, Windows, Mac, Universal Windows Platform (UWP) and WebGL apps made with Unity. You can also get access tokens to make REST API calls to other Facebook services.
- Cross-platform user auth for cross-platform games and apps
- No plugins, no 3rd party libs, no dependencies
- No impact to build size
- Get access tokens to make Facebook API calls
- More security for client-server apps (get an access token on a client, get all user data on a server to avoid tampering)
- JSON Web Tokens (JWT) validation
- Facebook SDK for Unity (massive, Standalone and WebGL not supported)
- Please visit Terminology section
-
Generic workflow (for platforms that support deep linking):
- Your app navigates users to Google
Authorization Endpoint
using a default web browser (embedded webviews are not allowed) - Users perform sign-in using their login and password
- Google
Authorization Endpoint
redirects users toRedirect URI
(this can be a deep link when possible) and provides an authorizationcode
to the app (as URI parameters) - The app is activated and obtains
code
- The app exchanges
code
foraccess token
- The app requests user data with
access token
(ID, name, email and other data according access scope defined)
- Your app navigates users to Google
-
For Android, iOS, macOS, Windows and Universal Windows Platform (platforms that support deep linking):
-
Redirect URI
is a deep link which activates the app and providescode
in URI parameters
-
-
Loopback flow for Editor:
- This flow is optional for Windows (the generic workflow is used by default)
-
Redirect URI
ishttp://localhost:PORT/
with a random unused port - The app listens to localhost using
System.Net.HttpListener
- The app obtains
code
and asks a user to close the browser tab and to return to the app - Further workflow is the same (exchanging
code
foraccess token
, requesting user data)
-
Middleware flow for WebGL (the platform doesn't support deep linking and loopback):
-
OAuth Redirect
toAuthorization Middleware
is used to temporary savecode
- The app obtains
code
fromAuthorization Middleware
with a POST request - Further workflow is the same (exchanging
code
foraccess token
, requesting user data)
-
Authorization Middleware
is used to workaround 2 issues:
- Facebook doesn't allow deep links for
Valid OAuth Redirect URIs
(deep linking works for Android, iOS, macOS, UWP and ~Windows). - Standalone platforms (Windows and Mac) and WebGL don't support deep linking (direct
OAuth Redirect
is not possible in this case).Authorization Middleware
handlesOAuth Redirect
and temporarily savescode
that can be further requested by the app using POST.
Authorization Middleware
has the following URL https://hippogames.dev/api/oauth/ and contains 3 methods:
-
init
should be called before navigating to FacebookAuthorization Endpoint
withstate
andRedirect URI
parameters -
redirect
is called by FacebookAuthorization Endpoint
withstate
andcode
after users perform sign-in -
getcode
should be called from Standalone platforms (Windows and Mac) and WebGL to obtaincode
-
Authorization Middleware
can't exchangecode
foraccess token
without knowingcode verifier
. It's generated by your app and kept in secret. Only the app itself can exchangecode
foraccess token
. - It's recommended to deploy your own trusted
Authorization Middleware
to handle sensitive data. Please refer to Authorization Middleware article.
- Pick your
Custom URI scheme
(orProtocol
). In my example it issimple.auth
, but it can bejelly.bean
(note thatCustom URI scheme
is not the same as your actual package name or bundle id). - For Android, iOS, UWP: enable deep linking as described in Unity documentation or as described below.
- For Android: create
AndroidManifest.xml
insideAssets/Plugins/Android/
, SET yourCustom URI scheme
inside, like<data android:scheme="simple.auth" />
. You can useAndroidManifestExample.xml
from the asset as an example, just copy, rename and edit. AGAIN, DON'T FORGET TO REPLACEsimple.auth
with yourCustom URI scheme
! - For iOS and macOS: navigate to
Player Settings > Other > Configuration
and add yourCustom URI scheme
toSupported URL schemes
. In Xcode, make sure that the URL scheme is added (Register your URL scheme). - For Universal Windows Platform: navigate to
Player Settings > Publishing Settings
and setProtocol
(it MUST contain a period symbol, for examplesimple.auth
), then enableInternetClient
inCapabilities
. - For Windows: navigate to
Player Settings
and enableResolution and Presentation > Force Single Instance
and setOther Settings > Api Compatibility Level = .NET Framework
- Visit Meta for Developers
- Create a new app if needed (type:
Authenticate and request data from users with Facebook Login
) - Make sure that
Facebook Login
is addedUse cases > Customize
- Navigate to
Facebook Login > Settings > Valid OAuth Redirect URIs
and addhttps://hippogames.dev/api/oauth/redirect
- Copy
App ID
- Set
App Mode: Live
and prepare your app for review (optional) - Return to Unity and configure
Resources/FacebookAuthSettings.asset
- For Android, iOS, macOS, Windows and UWP: set
Client ID
(which isApp ID
) andCustom URI scheme
(orProtocol
) - For WebGL: set
Client ID
(which isApp ID
) only
- For Android, iOS, macOS, Windows and UWP: set
- Check our
Example
scene and C# code ofExample.cs
- Create a new instance of
FacebookAuth
- Call
FacebookAuth.SignIn
orFacebookAuth.GetAccessToken
(for further API calls) - Create
OnSignIn
orOnGetAccessToken
callbacks - Build and test
- Write a review on the Asset Store :)
- Call
FacebookAuth.SignIn
withcaching: true
to return cachedUserInfo
- Call
FacebookAuth.SignIn
withcaching: false
to requestUserInfo
from Facebook - Call
FacebookAuth.GetAccessToken
instead ofFacebookAuth.SignIn
if you need an access token only (and don't needUserInfo
) - You can use
FacebookAuth.SavedAuth
to getTokenResponse
orUserInfo
(don't forget to check all values for null) - Call
FacebookAuth.SignOut
when 'Sign out` button is pressed (optional) - Disable debug logs for production by setting
FacebookAuth.DebugLog = false
- You can add extra access scopes in
Resources/FacebookAuthSettings.asset
- If you have a backend (server), send
TokenResponse
to it (to avoid tapmering user data when sending from clients to your server) - Validate
JSON Web Token (JWT)
encoded inTokenResponse.IdToken
on your server (refer toJWT
class for parsing and signature validation example) - For Editor, you can modify
StandaloneTemplate.html
(used by the loopback flow) to edit the message "Success! Please close the browser tab and return to the app." - Consider deploying your own
Authorization Middleware
- Please refer to User data disclosure
- Don't use the default
App ID
andCustom URI scheme
that come with the asset in production, they are for test purposes only and can be disabled/blocked - Don't forget to send your Facebook app for review to remove limitations
- Don't forget to leave a review on the Asset Store
- Please visit Common issues section