-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Split unreal authentication into different sections as we've done for… (
#313) * Split unreal authentication into different sections as we've done for Unity and added missing auth methods (playfab + guest) and added federated auth section * fixed broken link --------- Co-authored-by: James Lawton <[email protected]>
- Loading branch information
1 parent
e93a5c2
commit 767f7af
Showing
12 changed files
with
195 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Email + OTP | ||
|
||
Email sign in provides the user with a One-Time-Password (OTP) challenge - a 6 digit code emailed to the entered address for the user to enter on the next page. | ||
|
||
First, you'll want to [enable email sign in for your project in the builder](/solutions/builder/embedded-wallet/index). | ||
|
||
## Built-in UI | ||
|
||
If you are using the built-in UI, email + OTP sign in is enabled by default. The user can enter their email and click "Continue" on the built-in UI to trigger this flow. | ||
|
||
## Custom UI Integration | ||
|
||
To start email based authentication you'll start it with this call `[EmailLogin(const FString& EmailIn)]`, supplying an email you've collected from the User in your GUI. | ||
|
||
Next `[AuthRequiresCode]` will fire when the `[UAuthenticator]` is ready to receive the Code from your UI. Collect this code from your GUI and send it to the authenticator using `[EmailCode(CodeIn)]`. | ||
|
||
Finally `[AuthSuccess]` will fire with a `Credentials_BE` struct as a parameter. You are done Email Based Auth. | ||
|
||
:::tip | ||
Don't forget to [bind to the delegates](/sdk/unreal/authentication/intro#binding-to-the-delegates) for **[AuthSuccess]**, **[AuthFailure]**, **[AuthRequiresCode]** prior to making any signin calls! | ||
::: |
38 changes: 38 additions & 0 deletions
38
docs/pages/sdk/unreal/authentication/federated-accounts.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Federated Accounts | ||
|
||
Have you ever played a game and forgotten if you signed in with Google or using your Gmail email? This is where Federated Accounts comes in handy. | ||
|
||
With Federated Accounts, you can associate multiple login methods with a single account and wallet. If your user has signed in with a [Guest login](/sdk/unreal/authentication/guest), you will definitely want to push them towards federating their account in order to have persistent credentials with which they can access their Sequence Embedded Wallet in subsequent sessions. | ||
|
||
While a user is authenticated with the Sequence API, you can add an additional login method by using the appropriate federate account call: | ||
|
||
- `UAuthenticator::FederateEmail` for email - make sure to bind to the `AuthRequiresCode` delegate and complete the auth flow using `UAuthenticator::EmailLoginCode` | ||
- `UAuthenticator::FederateOIDCIdToken` or `UAuthenticator::InitiateMobileFederateOIDC` for OIDC | ||
- `UAuthenticator::FederatePlayFabLogin` (existing account) or `UAuthenticator::FederatePlayFabNewAccount` (new account) for PlayFab | ||
|
||
:::note | ||
If you are using the built-in UI, the account federation logic is already built-in. Once you complete the initial login, you will be greeted with a page prompting you to add additional accounts. | ||
::: | ||
|
||
## EmailAlreadyInUse | ||
|
||
By default, the Sequence API only allows one account per email. If a user attempts to login using a different method but the same email as before, they will receive an `EmailAlreadyInUse` error. | ||
|
||
For example: if the user created their account using Google Sign In and then attemps to sign in with Email + OTP using the same method, they will receive this error. | ||
|
||
Before the sign in attempt, make sure to bind to the `FederateSuccess`, `FederateFailure`, and `FederateOrForce` delegates. The `FederateOrForce` delegate will be triggered in the case where the SDK receives the `EmailAlreadyInUse` error from the API. | ||
|
||
The `FederateOrForce` delegate will include `FFederationSupportData` which will contain the email used to sign in and a list of login methods associated with that email with the Sequence API. | ||
|
||
With this information, you can present up to two options for the user to proceed: | ||
|
||
1. Prompt the user to login with one of the login methods included in the `FFederationSupportData` object. Once the user successfully logs in with one of the prompted login methods, the SDK will automatically federate their account using the cached login attempt that failed. e.g. if you previously logged in with Google, then tried to login with email and receive the `EmailAlreadyInUse` error; after you login with Google again, your email will automatically be associated with your account. In subsequent sessions, you can now login with email + OTP to the same account. | ||
2. Allow the user to force create a new account. This will give your user a separate account and wallet address. This can be done by calling `UAuthenticator::ForceOpenLastOpenSessionAttempt`. In general, we are hesitent to recommend this approach as having multiple accounts tied to the same email address may lead to a confusing end-user experience; however, we have enabled this behaviour should it be your preference. | ||
|
||
:::note | ||
If you are using the built-in UI, this behaviour is already built-in for you. Users will be automatically prompted with both options. | ||
::: | ||
|
||
:::tip | ||
Recall, before making signin calls, you should be [binding to the delegates](/sdk/unreal/authentication/intro#binding-to-the-delegates) for **[AuthSuccess]**, **[AuthFailure]**, **[AuthRequiresCode]**, **[FederateSuccess]**, **[FederateFailure]**, and **[FederateOrForce]**. | ||
::: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Guest | ||
|
||
For when you want to quickly get your users into your game to start playing, you can use our guest login. | ||
|
||
Reminder: since guest login users have no persisting credentials, when the session ends, the user will be unable to access their embedded wallet again. Before ending the session, be sure to prompt the user to [federate their account](/sdk/unreal/authentication/federated-accounts) and associate a login method + credentials with it for subsequent sessions! | ||
|
||
## Built-in UI | ||
|
||
If you are using the built-in UI, Guest sign in is enabled by default. The user can click on the "Guest" sign in button on the built-in UI to trigger this flow. | ||
|
||
## Custom UI Integration | ||
|
||
Simply call `GuestLogin` on your `UAuthenticator` object to authenticate them with the Sequence API. | ||
|
||
:::tip | ||
Don't forget to [bind to the delegates](/sdk/unreal/authentication/intro#binding-to-the-delegates) for **[AuthSuccess]**, **[AuthFailure]**, **[AuthRequiresCode]** prior to making any signin calls! | ||
::: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
# OIDC - Social Sign In | ||
|
||
Our SDK supports Social Sign In using [OIDC](https://openid.net/developers/how-connect-works/) with the [implicit flow](https://auth0.com/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-implicit-flow). | ||
|
||
Currently supported OIDC providers include: | ||
- Google -> [Builder Setup](/solutions/builder/embedded-wallet/google-configuration) | ||
- Apple -> [Builder Setup](/solutions/builder/embedded-wallet/apple-configuration) | ||
|
||
:::warning | ||
Stop! Have you configured your OIDC providers in the Builder using the instructions linked above? | ||
|
||
Have you added your client id(s) to the `SequenceConfig.ini` file in `[YourProjectDirectory]/Config`? If not, see [Setup](/sdk/unreal/setup#create-a-config-file). | ||
::: | ||
|
||
## Built-in UI | ||
|
||
If you are using the built-in UI, OIDC sign in is enabled by default. The user can click on the "Google" or "Apple" sign in buttons on the built-in UI to trigger this flow. | ||
|
||
## Android Requirements | ||
|
||
**Google:** In order to be able to properly use Google Auth, create and place the Keystore file by following [these instructions](https://dev.epicgames.com/documentation/en-us/unreal-engine/signing-android-projects-for-release-on-the-google-play-store-with-unreal-engine?application_version=5.1). | ||
|
||
You will also need to generate an [Android client ID] and a [Web Application client ID] for your application. And place the [Web Application client ID] in the `[YourProject/Config/SequenceConfig.ini]`, [GoogleClientID] field. | ||
|
||
Refer to [these docs](https://developers.google.com/identity/one-tap/android/get-started#api-console) to generate [Android client ID] and [Web Application client ID]. | ||
|
||
[This guide](https://https://developers.google.com/android/guides/client-auth?hl=es-419) helps explain how to collect SHA-1 key fingerprints for the [Android client ID]. | ||
|
||
**Apple:** Please ensure you have a proper [AppleClientID] set in `[YourProject/Config/SequenceConfig.ini]` | ||
|
||
## iOS Requirements | ||
|
||
**Google**: Please ensure you have a proper [GoogleClientID] set in `[YourProject/Config/SequenceConfig.ini]` | ||
|
||
**Apple**: Please ensure you have a proper [AppleClientID] set in `[YourProject/Config/SequenceConfig.ini]`, be sure you register and set your bundle identifier properly for your app | ||
|
||
*Apple Specific Requirements* | ||
|
||
For Apple sign in to work please be sure to register the [RedirectUrl] in [YourProject/Config/SequenceConfig.ini] appropriately for your app. | ||
|
||
## Custom UI Integration | ||
|
||
### Desktop | ||
|
||
To start **SSO based authentication** with desktop you will need to navigate to a browser in order to get the necessary id_token. | ||
|
||
To get the URL to navigate to you can use the UAuthenticator supplied call `[FString GetSigninURL(const ESocialSigninType& Type)]` where Type is the social login type you wish to use | ||
|
||
With whatever implementation you chose you can forward the collected id_token to the UAuthenticator object with `[SocialLogin(const FString& IDTokenIn)]`, after which `[AuthSuccess]` will fire and you're done desktop based SSO. | ||
|
||
### Mobile | ||
|
||
To start mobile SSO you will need to make use of the `[UAuthenticator::InitiateMobileSSO(const ESocialSigninType& Type)]` where type is the Type of SSO you want to use. IE) Google or Apple, for the time being Discord & Facebook aren't supported. This function call is all that's required for Mobile SSO | ||
|
||
:::tip | ||
Don't forget to [bind to the delegates](/sdk/unreal/authentication/intro#binding-to-the-delegates) for **[AuthSuccess]**, **[AuthFailure]**, **[AuthRequiresCode]** prior to making any signin calls! | ||
::: |
Oops, something went wrong.