Integration with Unity Authentication Service - hippogamesunity/SimpleSignIn GitHub Wiki

DISCLAIMER

I'm not a developer of Unity Authentication Service and can't provide support for it. Please consider this article as some experience sharing. Before you start, please refer to Unity Player Accounts.

I recommend swithing to Play ID as it has better support for Unity Authentication.

Google

Visit Tutorials > Google. We can use AuthenticationService.Instance.SignInWithGoogleAsync which accepts Id Token (JWT). Id Token is an encoded (RS256) string that contains all requested information about the user and is signed with a digital signature.

  1. Open Package Manager and import Authentication package (import Samples as well).
  2. Open GoogleAuthSettings SO (inside Resources) and copy Client Id Desktop (for testing in Editor) or Client Id Generic (for testing on Android/iOS/UWP).
  3. Go to Project Settings > Services > Authentication, add Google Identity Provider and set Client ID (refer to Limitations below).
  4. Refer to Example.cs > UnityAuthenticationWithIdToken().

Code example

var idToken = (await GoogleAuth.GetTokenResponseAsync()).IdToken;

await Unity.Services.Core.UnityServices.InitializeAsync();

var authService = Unity.Services.Authentication.AuthenticationService.Instance;

await authService.SignInWithGoogleAsync(idToken);

Limitations

We use different credentials for different platforms, and they have different Client ID. Unfortunately, Google Identity Provider accepts the only Client ID, so we can't make it work for all platforms. In fact, Unity Authentication Service just validates "aud" property of ID Token (JWT), and it's expected to be the same as that was used to obtaint the ID Token. If you're making a game for Android/iOS/macOS/UWP only, this is not an issue for you.

Notes

  • Use JWT.io to decode Google JWT. Switch to RS256 algorithm. Client ID set for Identity Provider should be exactly the same as aud field from JWT (Unity Authentication Service will validate this value only).
  • SignInWithGooglePlayGamesAsync does not work as it requires a server auth code (more info).

Google Id Token example

eyJhbGciOiJSUzI1NiIsImtpZCI6ImIyZjgwYzYzNDYwMGVkMTMwNzIxMDFhOGI0MjIwNDQzNDMzZGIyODIiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIyNzU3MzEyMzM0MzgtdjFhbmw2MTYxMW1tZXI2b2hxZXM5YTMxMG1rYzJkaTguYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIyNzU3MzEyMzM0MzgtdjFhbmw2MTYxMW1tZXI2b2hxZXM5YTMxMG1rYzJkaTguYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMTYwOTM5MzIzNjQzODc0MTExOTIiLCJlbWFpbCI6ImhpcHBvZ2FtZXN1bml0eUBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXRfaGFzaCI6IkFoRzFpcE1SZmtCZFBrWU5qTk1hTXciLCJuYW1lIjoiSGlwcG8gR2FtZXMiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDMuZ29vZ2xldXNlcmNvbnRlbnQuY29tL2EvQUNnOG9jSmphYUY0UlVHVy1TMTJzclRpX19qTjdDbkFRUXZwVHRLcU1wMTlSX3JhUWFyN3hMdlI9czk2LWMiLCJnaXZlbl9uYW1lIjoiSGlwcG8iLCJmYW1pbHlfbmFtZSI6IkdhbWVzIiwiaWF0IjoxNzI1MTExMDU2LCJleHAiOjE3MjUxMTQ2NTZ9.upVFl_deSbvT5PZwpTJGreb75xCI3HtJYW71x9xDBTpQ2iHliDVhtRhuNjuwfA0KsURc7gLy1stHZbLuTg8SV4g2Ve3eg_12lIiaZVkNylFpF_RwTBd9Pljhmx5pFaN6NVPzx4AiHrBDXPL9Sde0i0dBdYF7f-hytYB5ZP9qb2TqVDidqjfpDe20UWlwI6SDg0ngMMOL60-hvTOhsh0dotquj-sSIhd4018PYco2Ba4IpGNl12rUqN3GydNXGvSW5Q_ojh6y58n-ihgd_fXe1ha7iFg6nVCbKEpkGGV-MelzKzyo9Dmh7BgTSs4WwDYoj0dKc-dbVwDyFZckqwEgGw

Apple

Visit Tutorials > Apple. We can use AuthenticationService.Instance.SignInWithAppleAsync which accepts Id Token (JWT). Id Token is an encoded (RS256) string that contains all requested information about the user and is signed with a digital signature.

  1. Open Package Manager and import Authentication package (import Samples as well).
  2. Open AppleAuthSettings SO (inside Resources) and copy Client Id.
  3. Go to Project Settings > Services > Authentication, add Sign-in with Apple Identity Provider and set App ID (use the value from Step 2).
  4. Refer to Example.cs > UnityAuthentication().

Code example

var idToken = (await AppleAuth.GetTokenResponseAsync()).IdToken;

await Unity.Services.Core.UnityServices.InitializeAsync();

var authService = Unity.Services.Authentication.AuthenticationService.Instance;

await authService.SignInWithAppleAsync(idToken);

Notes

  • Use JWT.io to decode Apple JWT. Switch to RS256 algorithm. App ID from Identity Provider should be exactly the same as aud field from JWT (Unity Authentication Service will validate this value only).
  • Apple Id Token will contain user info only at the first sign-in. Subsequent sign-in attempts will result empty user name in JWT. It's a strange Apple's security limitation.

Apple Id Token example

eyJraWQiOiJUOHRJSjF6U3JPIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLmNvbXBhbnluYW1lLmF1dGhleGFtcGxlIiwiZXhwIjoxNzI1MzE4NDIwLCJpYXQiOjE3MjUyMzIwMjAsInN1YiI6IjAwMTExMi5lMDk0MDg5YjdkODU0MjQ3OGYyZDg2OWMzOWI4ZjUwOS4yMDQ5Iiwibm9uY2UiOiI0YzJhOGI4ZmE2Yzk0MzAzYmM1Nzk2YWYwMjVlZTBjNyIsImF0X2hhc2giOiJsdGZqVjN6MkcxTUp6VkNBVWNrTG9RIiwiZW1haWwiOiJoaXBwb2dhbWVzdW5pdHlAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF1dGhfdGltZSI6MTcyNTIzMjAxNiwibm9uY2Vfc3VwcG9ydGVkIjp0cnVlfQ.rRKKr8wkD1Cgyyfd29f2bOp0YDsiMI0mRJeeAk1POrMxRgKZ0xGU2eF99I6JsfLljm2GW8LWKo4tPpY9X16RLWtoDrlgFT6irQwCqGEwiH1i89OASjpasL3XJygh8vNFtvSd1Oz3YvriknoINnlPiIMnuZVQX3hdfv2psmwZotBCQDdxcB6syIEN7S4uBU_OaOF9oY52wBPAbeRcWLtEYZ9IEeEnyULtKqhFVAkNef78noZXyGO1gArN_4I1w9LI72-ai-wBILinNdrG5M8gggUMYozN9JFHXGuMykD5xwiFGoRR5pxPZH-irDicg3AebQ561hg9xCl-HxPyj4f7hQ

Other platforms

Integration with other platforms has not been tested yet. Please share your experience in our Discord channel.