Skip to content

Commit

Permalink
Split unreal authentication into different sections as we've done for… (
Browse files Browse the repository at this point in the history 
#313)

* Split unreal authentication into different sections as we've done for Unity and added missing auth methods (playfab + guest) and added federated auth section

* fixed broken link

---------

Co-authored-by: James Lawton <[email protected]>
  • Loading branch information
@BellringerQuinn @JamesLawton
BellringerQuinn and JamesLawton authored Oct 3, 2024
1 parent e93a5c2 commit 767f7af
Show file tree
Hide file tree
Showing 12 changed files with 195 additions and 54 deletions.
1 change: 1 addition & 0 deletions 404.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,7 @@ <h1>Page Not Found</h1>
{ oldPath: "/solutions/transactions-api/overview", targetPath: "/solutions/transaction-manager/overview"},
{ oldpath: "/sdk/unity/authentication", targetPath: "/sdk/unity/authentication/intro" },
{ oldpath: "/solutions/wallets/embedded-wallet/examples/validation", targetPath: "/solutions/wallets/embedded-wallet/examples/manage-sessions#session-management" },
{ oldpath: "/sdk/unreal/authentication", targetPath: "/sdk/unreal/authentication/intro" },
{ oldpath: "/guide/unity-guide", targetPath: "guide/jelly-forest-unity-guide"}

];
Expand Down
2 changes: 2 additions & 0 deletions docs/pages/sdk/unity/authentication/guest.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ SequenceLogin login = SequenceLogin.GetInstance();
login.GuestLogin();
```

Reminder: since guest login users have no persisting credentials, when the session ends, the user will be unable to access their embedded wallet again. Before ending the session, be sure to prompt the user to [federate their account](/sdk/unity/authentication/federated-accounts) and associate a login method + credentials with it for subsequent sessions!

:::tip
Don't forget to subscribe to the `SequenceWallet.OnWalletCreated` event to receive your newly created wallet!
:::
2 changes: 1 addition & 1 deletion docs/pages/sdk/unity/authentication/intro.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Authentication - Introduction

As a WaaS SDK, authentication is extremely important. Authentication works by establishing a session signing wallet through association with an [OIDC idToken](https://auth0.com/docs/secure/tokens/id-tokens/id-token-structure#sample-id-token). For more on how our Embedded Wallet works, please [see Embedded Wallet docs](/solutions/wallets/embedded-wallet/overview).
As an Embedded Wallet SDK, authentication is extremely important. Authentication works by establishing a session signing wallet through association with user credentials. For more on how our Embedded Wallet works, please [see Embedded Wallet docs](/solutions/wallets/embedded-wallet/overview).

To implement authentication, we recommend using our `LoginPanel` prefab. Locate this prefab under `SequenceExamples > Prefabs` and drag it under a [Canvas](https://docs.unity3d.com/2020.1/Documentation/Manual/UICanvas.html) in your scene.
We recommend having the `Canvas Scaler` component attached to your `Canvas` use the "Scale with Screen Size" UI Scale Mode. This will make it so that the LoginPanel (and any other UI elements under this Canvas) are scaled automatically when switching between build targets.
Expand Down
2 changes: 1 addition & 1 deletion docs/pages/sdk/unity/authentication/oidc.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Our SDK supports Social Sign In using [OIDC](https://openid.net/developers/how-c

Currently supported OIDC providers include:
- Google -> [Builder Setup](/solutions/builder/embedded-wallet/google-configuration)
- Apple -> [Builder Setup] (/solutions/builder/embedded-wallet/apple-configuration)
- Apple -> [Builder Setup](/solutions/builder/embedded-wallet/apple-configuration)

:::warning
Stop! Have you configured your OIDC providers in the Builder using the instructions linked above?
Expand Down
4 changes: 4 additions & 0 deletions docs/pages/sdk/unity/authentication/playfab.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,8 @@ where `email` is the email string used to login to PlayFab (or `""` if using Pla

:::tip
Don't forget to subscribe to the `SequenceWallet.OnWalletCreated` event to receive your newly created wallet!
:::

:::warning
Don't forget to [configure PlayFab in the Builder](/solutions/builder/embedded-wallet/playfab-configuration)!
:::
21 changes: 21 additions & 0 deletions docs/pages/sdk/unreal/authentication/email.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Email + OTP

Email sign in provides the user with a One-Time-Password (OTP) challenge - a 6 digit code emailed to the entered address for the user to enter on the next page.

First, you'll want to [enable email sign in for your project in the builder](/solutions/builder/embedded-wallet/index).

## Built-in UI

If you are using the built-in UI, email + OTP sign in is enabled by default. The user can enter their email and click "Continue" on the built-in UI to trigger this flow.

## Custom UI Integration

To start email based authentication you'll start it with this call `[EmailLogin(const FString& EmailIn)]`, supplying an email you've collected from the User in your GUI.

Next `[AuthRequiresCode]` will fire when the `[UAuthenticator]` is ready to receive the Code from your UI. Collect this code from your GUI and send it to the authenticator using `[EmailCode(CodeIn)]`.

Finally `[AuthSuccess]` will fire with a `Credentials_BE` struct as a parameter. You are done Email Based Auth.

:::tip
Don't forget to [bind to the delegates](/sdk/unreal/authentication/intro#binding-to-the-delegates) for **[AuthSuccess]**, **[AuthFailure]**, **[AuthRequiresCode]** prior to making any signin calls!
:::
38 changes: 38 additions & 0 deletions docs/pages/sdk/unreal/authentication/federated-accounts.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# Federated Accounts

Have you ever played a game and forgotten if you signed in with Google or using your Gmail email? This is where Federated Accounts comes in handy.

With Federated Accounts, you can associate multiple login methods with a single account and wallet. If your user has signed in with a [Guest login](/sdk/unreal/authentication/guest), you will definitely want to push them towards federating their account in order to have persistent credentials with which they can access their Sequence Embedded Wallet in subsequent sessions.

While a user is authenticated with the Sequence API, you can add an additional login method by using the appropriate federate account call:

- `UAuthenticator::FederateEmail` for email - make sure to bind to the `AuthRequiresCode` delegate and complete the auth flow using `UAuthenticator::EmailLoginCode`
- `UAuthenticator::FederateOIDCIdToken` or `UAuthenticator::InitiateMobileFederateOIDC` for OIDC
- `UAuthenticator::FederatePlayFabLogin` (existing account) or `UAuthenticator::FederatePlayFabNewAccount` (new account) for PlayFab

:::note
If you are using the built-in UI, the account federation logic is already built-in. Once you complete the initial login, you will be greeted with a page prompting you to add additional accounts.
:::

## EmailAlreadyInUse

By default, the Sequence API only allows one account per email. If a user attempts to login using a different method but the same email as before, they will receive an `EmailAlreadyInUse` error.

For example: if the user created their account using Google Sign In and then attemps to sign in with Email + OTP using the same method, they will receive this error.

Before the sign in attempt, make sure to bind to the `FederateSuccess`, `FederateFailure`, and `FederateOrForce` delegates. The `FederateOrForce` delegate will be triggered in the case where the SDK receives the `EmailAlreadyInUse` error from the API.

The `FederateOrForce` delegate will include `FFederationSupportData` which will contain the email used to sign in and a list of login methods associated with that email with the Sequence API.

With this information, you can present up to two options for the user to proceed:

1. Prompt the user to login with one of the login methods included in the `FFederationSupportData` object. Once the user successfully logs in with one of the prompted login methods, the SDK will automatically federate their account using the cached login attempt that failed. e.g. if you previously logged in with Google, then tried to login with email and receive the `EmailAlreadyInUse` error; after you login with Google again, your email will automatically be associated with your account. In subsequent sessions, you can now login with email + OTP to the same account.
2. Allow the user to force create a new account. This will give your user a separate account and wallet address. This can be done by calling `UAuthenticator::ForceOpenLastOpenSessionAttempt`. In general, we are hesitent to recommend this approach as having multiple accounts tied to the same email address may lead to a confusing end-user experience; however, we have enabled this behaviour should it be your preference.

:::note
If you are using the built-in UI, this behaviour is already built-in for you. Users will be automatically prompted with both options.
:::

:::tip
Recall, before making signin calls, you should be [binding to the delegates](/sdk/unreal/authentication/intro#binding-to-the-delegates) for **[AuthSuccess]**, **[AuthFailure]**, **[AuthRequiresCode]**, **[FederateSuccess]**, **[FederateFailure]**, and **[FederateOrForce]**.
:::
17 changes: 17 additions & 0 deletions docs/pages/sdk/unreal/authentication/guest.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Guest

For when you want to quickly get your users into your game to start playing, you can use our guest login.

Reminder: since guest login users have no persisting credentials, when the session ends, the user will be unable to access their embedded wallet again. Before ending the session, be sure to prompt the user to [federate their account](/sdk/unreal/authentication/federated-accounts) and associate a login method + credentials with it for subsequent sessions!

## Built-in UI

If you are using the built-in UI, Guest sign in is enabled by default. The user can click on the "Guest" sign in button on the built-in UI to trigger this flow.

## Custom UI Integration

Simply call `GuestLogin` on your `UAuthenticator` object to authenticate them with the Sequence API.

:::tip
Don't forget to [bind to the delegates](/sdk/unreal/authentication/intro#binding-to-the-delegates) for **[AuthSuccess]**, **[AuthFailure]**, **[AuthRequiresCode]** prior to making any signin calls!
:::
66 changes: 15 additions & 51 deletions docs/pages/sdk/unreal/authentication.mdx → ...pages/sdk/unreal/authentication/intro.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
---
title: Sequence - Web3 Gaming Platform - Unreal SDK Authentication
description: Documentation for Unreal SDK authentication for the Sequence infrastructure stack for web3 gaming.
---
# Authentication - Introduction

# Authentication
As an Embedded Wallet SDK, authentication is extremely important. Authentication works by establishing a session signing wallet through association with user credentials. For more on how our Embedded Wallet works, please [see Embedded Wallet docs](/solutions/wallets/embedded-wallet/overview).

## Built-In UI
To get up and running quickly, we recommend using our default UI. This UI will already have the authentication integrated; so, provided you've correctly [installed](/sdk/unreal/installation) and [setup](/sdk/unreal/setup) the plugin, the authentication should work automatically with the default UI.

### Before Starting:
This will give you access to authentication via:

- Email + OTP Sign In
- OIDC-based Social Sign In
- PlayFab Sign In
- Guest Sign In

## Built-in UI Setup

You can simply duplicate the `[BP_CustomSpectatorPawn]` but since it and its parent class reside within the realm of the plugin, during updates all modifications you make within the plugin could potentially be lost. These are here as a reference for how things should be done. We recommend you duplicate the `BP_CustomSpectatorPawn` out of the plugin folder, then update its parent class to a C++ class of your own making that also resides outside the plugins content folder.

Expand All @@ -25,7 +29,9 @@ Try running your project now! You should be able to log in using your social cre

In the folder located at *SequencePlugin Content/Core/Style* you'll find a struct `F_SequenceUIStyle`. In the default values section of this struct you'll be able to update the colours and images displayed throughout the UI. Currently we only read from `Sequence_Style_Dark_Mode`

## Custom UI
## Custom UI Integrations

To start you'll want to create a `[UAuthenticator]` UObject like so ```[UAuthenticator * Auth = NewObject<UAuthenticator>()]```, this UObject manages the authentication side of Sequence.

In a C++ **UObject** with a series of pass through `[UFUNCTIONS]` setup similarly to `[SequenceBackendManager.h/.cpp]`. Each of these calls are implemented in `[UAuthenticator]` you just need to pass through the data with **YOUR** UAuthenticator UObject

Expand Down Expand Up @@ -70,7 +76,7 @@ FStoredCredentials_BE GetStoredCredentials() const;
bool StoredCredentialsValid();
```
To start you'll want to create a `[UAuthenticator]` UObject like so ```[UAuthenticator * Auth = NewObject<UAuthenticator>()]```, this UObject manages the authentication side of Sequence.
### Binding to the Delegates
Be sure to bind to the Delegates for **[AuthSuccess]**, **[AuthFailure]**, **[AuthRequiresCode]** prior to making any signin calls You can bind to these delegates like so:
Expand Down Expand Up @@ -103,45 +109,3 @@ else
UE_LOG(LogTemp, Error, TEXT("**[Nothing bound to: ShowAuthSuccessDelegate]**"));
}
```
## Email based Authentication With CustomUI
To start email based authentication you'll start it with this call `[EmailLogin(const FString& EmailIn)]`, supplying an email you've collected from the User in your GUI.
Next `[AuthRequiresCode]` will fire when the `[UAuthenticator]` is ready to receive the Code from your UI. Collect this code from your GUI and send it to the authenticator using `[EmailCode(CodeIn)]`.
Finally `[AuthSuccess]` will fire with a `Credentials_BE` struct as a parameter. You are done Email Based Auth.
## Social Signin based Authentication on Desktop With CustomUI
To start **SSO based authentication** with desktop you will need to navigate to a browser in order to get the necessary id_token.
To get the URL to navigate to you can use the UAuthenticator supplied call `[FString GetSigninURL(const ESocialSigninType& Type)]` where Type is the social login type you wish to use
With whatever implementation you chose you can forward the collected id_token to the UAuthenticator object with `[SocialLogin(const FString& IDTokenIn)]`, after which `[AuthSuccess]` will fire and you're done desktop based SSO.
## Social Signin based Authentication on Mobile With CustomUI
To start mobile SSO you will need to make use of the `[UAuthenticator::InitiateMobileSSO(const ESocialSigninType& Type)]` where type is the Type of SSO you want to use. IE) Google or Apple, for the time being Discord & Facebook aren't supported. This function call is all that's required for Mobile SSO
### Android SSO Requirements
**Google:** :In order to be able to properly use Google Auth, create and place the Keystore file by following [these instructions](https://dev.epicgames.com/documentation/en-us/unreal-engine/signing-android-projects-for-release-on-the-google-play-store-with-unreal-engine?application_version=5.1).
You will also need to generate an [Android client ID] and a [Web Application client ID] for your application. And place the [Web Application client ID] in the `[YourProject/Config/SequenceConfig.ini]`, [GoogleClientID] field.
Refer to [these docs](https://developers.google.com/identity/one-tap/android/get-started#api-console) to generate [Android client ID] and [Web Application client ID].
[This guide](https://https://developers.google.com/android/guides/client-auth?hl=es-419) helps explain how to collect SHA-1 key fingerprints for the [Android client ID].
**Apple:** Please ensure you have a proper [AppleClientID] set in `[YourProject/Config/SequenceConfig.ini]`
### IOS SSO Requirements
**Google**: Please ensure you have a proper [GoogleClientID] set in `[YourProject/Config/SequenceConfig.ini]`
**Apple**: Please ensure you have a proper [AppleClientID] set in `[YourProject/Config/SequenceConfig.ini]`, be sure you register and set your bundle identifier properly for your app
*Apple Specific SSO Requirements*
For Apple SSO to work please be sure to register the [RedirectUrl] in [YourProject/Config/SequenceConfig.ini] appropriately for your app.
57 changes: 57 additions & 0 deletions docs/pages/sdk/unreal/authentication/oidc.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
# OIDC - Social Sign In

Our SDK supports Social Sign In using [OIDC](https://openid.net/developers/how-connect-works/) with the [implicit flow](https://auth0.com/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-implicit-flow).

Currently supported OIDC providers include:
- Google -> [Builder Setup](/solutions/builder/embedded-wallet/google-configuration)
- Apple -> [Builder Setup](/solutions/builder/embedded-wallet/apple-configuration)

:::warning
Stop! Have you configured your OIDC providers in the Builder using the instructions linked above?

Have you added your client id(s) to the `SequenceConfig.ini` file in `[YourProjectDirectory]/Config`? If not, see [Setup](/sdk/unreal/setup#create-a-config-file).
:::

## Built-in UI

If you are using the built-in UI, OIDC sign in is enabled by default. The user can click on the "Google" or "Apple" sign in buttons on the built-in UI to trigger this flow.

## Android Requirements

**Google:** In order to be able to properly use Google Auth, create and place the Keystore file by following [these instructions](https://dev.epicgames.com/documentation/en-us/unreal-engine/signing-android-projects-for-release-on-the-google-play-store-with-unreal-engine?application_version=5.1).

You will also need to generate an [Android client ID] and a [Web Application client ID] for your application. And place the [Web Application client ID] in the `[YourProject/Config/SequenceConfig.ini]`, [GoogleClientID] field.

Refer to [these docs](https://developers.google.com/identity/one-tap/android/get-started#api-console) to generate [Android client ID] and [Web Application client ID].

[This guide](https://https://developers.google.com/android/guides/client-auth?hl=es-419) helps explain how to collect SHA-1 key fingerprints for the [Android client ID].

**Apple:** Please ensure you have a proper [AppleClientID] set in `[YourProject/Config/SequenceConfig.ini]`

## iOS Requirements

**Google**: Please ensure you have a proper [GoogleClientID] set in `[YourProject/Config/SequenceConfig.ini]`

**Apple**: Please ensure you have a proper [AppleClientID] set in `[YourProject/Config/SequenceConfig.ini]`, be sure you register and set your bundle identifier properly for your app

*Apple Specific Requirements*

For Apple sign in to work please be sure to register the [RedirectUrl] in [YourProject/Config/SequenceConfig.ini] appropriately for your app.

## Custom UI Integration

### Desktop

To start **SSO based authentication** with desktop you will need to navigate to a browser in order to get the necessary id_token.

To get the URL to navigate to you can use the UAuthenticator supplied call `[FString GetSigninURL(const ESocialSigninType& Type)]` where Type is the social login type you wish to use

With whatever implementation you chose you can forward the collected id_token to the UAuthenticator object with `[SocialLogin(const FString& IDTokenIn)]`, after which `[AuthSuccess]` will fire and you're done desktop based SSO.

### Mobile

To start mobile SSO you will need to make use of the `[UAuthenticator::InitiateMobileSSO(const ESocialSigninType& Type)]` where type is the Type of SSO you want to use. IE) Google or Apple, for the time being Discord & Facebook aren't supported. This function call is all that's required for Mobile SSO

:::tip
Don't forget to [bind to the delegates](/sdk/unreal/authentication/intro#binding-to-the-delegates) for **[AuthSuccess]**, **[AuthFailure]**, **[AuthRequiresCode]** prior to making any signin calls!
:::
Loading

0 comments on commit 767f7af

Please sign in to comment.