I am a reasonably new developer attempting to sign into Unity Authentication with OpenID Connect in order to use other UGS like Cloud Save and Economy. After a bit of research, I managed to cobble together a flow that works something like this:
- Create a Firebase project, link it with Unity, and register Firebase as an OIDC provider in my Unity project. (WORKING, however, unsure if I have registered Firebase as an OIDC provider properly!)
Use Firebase API to register and login users using email/password (WORKING)
Use the TokenAsync() method on the resultant FirebaseUser object in order to get what I believe to be the id token of the user (WORKING)
Use that token along with the oidc ID provider that I have registered Firebase with Unity as in order to successfully SignInWithOpenIdConnectAsync() (NOT WORKING).
Essentially, when I try to sign in using the token that I am getting from the FirebaseUser using the TokenAsync method, I get the following error:
[Authentication]: Request completed with error: {"title":"PERMISSION_DENIED","detail":"invalid audience","details":[],"status":401}
Here is a screenshot of the ID provider I have registered with Unity in my project (I have ommitted some of the ID for privacy. I think this might be where the error is coming from?):
r/Unity3D - [Question] OpenID Connect Firebase Authentication error Any insight into the OpenID Connect process and its integration with UGS would be extremely valuable since the documentation and forum posts out there are few and far between.
Thank you!
CodePudding user response:
The issue was with the ID provider registration in Unity (project settings or dashboard). I had to find the correct client ID and issuer URL in order to solve this.
For Firebase:
client ID = project ID (should probably look like "name-123456".*.
issuer URL = https://securetoken.google.com/projectId
More general approach:
Try to get an ID token from your OIDC provider (for Firebase, call TokenAsync() on a FirebaseUser object). Then, decode the token (I used jwt.io) and try to find the client id and issuer URL in the token's payload.
For me, the client ID was in the aud field and the issuer URL was in the iss field.