Identity Security for Games in C# with Unity
Learn how to build user identity management into games in C# with Unity.
Okta Developers
What OS are you using?
losgatossuabes
Hi, it looks like the links are broken: Im trying to download both the SDK and source code but I only get:
“This shared file or folder link has been removed or is unavailable to you.”
Nick Gamb
Hello! I apologize for this. It looks like some new rules have disabled public links. Give me a sec to update the links!
losgatossuabes
Hey Nick, thanks a lot for your support. I will let you know if it works. Right now it still doesnt. Thanks!
Nick Gamb
Hey there! The blog should update within 5 minutes with links to https://github.com/nickgamb…. I apologize again!
losgatossuabes
Working like a charm. Thanks a lot, and great article! 
Nick Gamb
Fantastic! Let me know if you have any questions.
Akshay Pramoth
Hi Does it support Android, iOS and MacOS?
Nick Gamb
Hello. It does but we did find a small issue that is related to how the Okta SDK generates the default UserAgent headers on Mac, iOS, and Android. You can read about it here. https://github.com/nickgamb…
The fix, is simply to pass the UserAgent in PanelManager.cs to bypass the issue. I have updated the Gitub repo to reflect this https://github.com/nickgamb…
I will update the blog post soon to discuss this as well.
Takuto Ukawa
Dear Mr.Gamb,
I am following this page’s instruction, but I met troubles.
Please let me ask you two questions.
1. I followed the start to Native: Authenticate with Okta' and got SUCCESS on PC.<br> But in my Android mobile, APK emits error in Login() function. this is the logcat:<br> > 11-06 17:55:53.771 30853 30878 E Unity : Exception: Home directory not found. The HOME environment variable is not set.<br> > 11-06 17:55:53.771 30853 30878 E Unity : at Okta.Sdk.Abstractions.HomePath.GetHomePath () [0x00051] in <989f14791eb247dca7e529bb4ee2d96c>:0 <br> > 11-06 17:55:53.771 30853 30878 E Unity : at Okta.Sdk.Abstractions.HomePath.Resolve (System.String[] pathSegments) [0x0001c] in <989f14791eb247dca7e529bb4ee2d96c>:0 <br> > 11-06 17:55:53.771 30853 30878 E Unity : at Okta.Sdk.Abstractions.BaseOktaClient.GetConfigurationOrDefault (Okta.Sdk.Abstractions.Configuration.OktaClientConfiguration apiClientConfiguration) [0x00006] in <989f14791eb247dca7e529bb4ee2d96c>:0 <br> > 11-06 17:55:53.771 30853 30878 E Unity : at Okta.Sdk.Abstractions.BaseOktaClient..ctor (Okta.Sdk.Abstractions.Configuration.OktaClientConfiguration apiClientConfiguration, System.Net.Http.HttpClient httpClient, Microsoft.Extensions.Logging.ILogger logger, Okta.Sdk.Abstractions.UserAgentBuilder userAgentBuilder, Okta.Sdk.Abstractions.AbstractResourceTypeResolverFactory resourceTypeResolverFactory) [0x00006] in <989f14791eb247dca7e529bb4ee2d96c>:0 <br> > 11-06 17:55:53.771 30853 30878 E Unity : at Okta.Auth.Sdk.AuthenticationClient..ctor (Okta.Sdk.Abstractions.Configuration.OktaClientConfigu</p><p>2. Then I continued from OAuth_colon_ Authenticate with Okta’ and reached to
> Find the authorization endpoint, token endpoint, and userinfo endpoint urls,
I stucked because I cound not find userinfo_endpoint. (URL in JSON values were changed to avoid SPAM killer.)
> {“issuer”:“https_colon_slash_slash_dev-8117469.okta.com_slash_oauth2_slash_default”,“authorization_endpoint”:“https_colon_slash_slash_dev-8117469.okta.com_slash_oauth2_slash_default_slash_v1_slash_authorize”,“token_endpoint”:“https_colon_slash_slash_dev-8117469.okta.com_slash_oauth2_slash_default_slash_v1_slash_token”,“registration_endpoint”:“https_colon_slash_slash_dev-8117469.okta.com_slash_oauth2_slash_v1_slash_clients”,“jwks_uri”:“https_colon_slash_slash_dev-8117469.okta.com_slash_oauth2_slash_default_slash_v1_slash_keys”,“response_types_supported”:[“code”,“token”,“id_token”,“code id_token”,“code token”,“id_token token”,“code id_token token”],“response_modes_supported”:[“query”,“fragment”,“form_post”,“okta_post_message”],“grant_types_supported”:[“authorization_code”,“implicit”,“refresh_token”,“password”,“client_credentials”],“subject_types_supported”:[“public”],“scopes_supported”:[“openid”,“profile”,“email”,“address”,“phone”,“offline_access”],“token_endpoint_auth_methods_supported”:[“client_secret_basic”,“client_secret_post”,“client_secret_jwt”,“private_key_jwt”,“none”],“claims_supported”:[“ver”,“jti”,“iss”,“aud”,“iat”,“exp”,“cid”,“uid”,“scp”,“sub”],“code_challenge_methods_supported”:[“S256”],“introspection_endpoint”:“https_colon_slash_slash_dev-8117469.okta.com_slash_oauth2_slash_default_slash_v1_slash_introspect”,“introspection_endpoint_auth_methods_supported”:[“client_secret_basic”,“client_secret_post”,“client_secret_jwt”,“private_key_jwt”,“none”],“revocation_endpoint”:“https_colon_slash_slash_dev-8117469.okta.com_slash_oauth2_slash_default_slash_v1_slash_revoke”,“revocation_endpoint_auth_methods_supported”:[“client_secret_basic”,“client_secret_post”,“client_secret_jwt”,“private_key_jwt”,“none”],“end_session_endpoint”:“https_colon_slash_slash_dev-8117469.okta.com_slash_oauth2_slash_default_slash_v1_slash_logout”,“request_parameter_supported”:true,“request_object_signing_alg_values_supported”:[“HS256”,“HS384”,“HS512”,“RS256”,“RS384”,“RS512”,“ES256”,“ES384”,“ES512”]}
I would like to complete the instruction to make my own Android app. Any advices appreciated.
Thank you.
Chukky 500
Hello Nick, I need to do something similar with Okta in a Windows desktop application in .Net but I’m worried about the secret being hardcoded in the application. Isn’t PKCE supposed to use dynamic keys instead of a secret?
Nick Gamb
You are correct. PKCE was created for situations where the secret can not be kept secure. This example actually fully supports PKCE if you look at the code in OAuth.cs. In Okta, all you would need to do differently is deploy a SPA app, which does not use a client secret. Then, in OAuth.cs you would just not pass a Client Secret. I have a new blog
going live tomorrow https://developer.okta.com/… that covers PKCE in more detail. Tomorrows example foregoes a client secret and uses the Okta CLI to quickly configure the SPA app in Okta. Its targeting WebGL but the same concepts can be used in a desktop app.
Chukky 500
Yes I was able to omit the secret and it works fine. Thank you
Chukky 500
Hello Nick, how can you use a random port for the HttpListener since the redirectUri has to be set in Okta? In my tests I need to set the redirectUri in Okta to a fixed port. Since the random port doesn’t match the fixed one in Okta, it doesn’t work.
Nick Gamb
Hey there. I think you are talking about /GetRandomUnusedPort()/51772. GetRandomUnusedPort() is commented out but I do see how that could be confusing to leave in. I will remove it now. Needless to say, this code is not running and port 51772 is being used.
Chukky 500
This confirms what I thought. I ended up using a fixed port too. Thanks again!
nilesh p
did you get success to integrate Okta OIDC in Unity (iOS) application ?
if yes, can you please help us on the same ?
Tom Southcott
Hello Nick,
I’m trying to implement the Okta login via the NativeUI following the tutorial however stumbling at the first hurdle
"Multiple precompiled assemblies with the same name YamlDotNet.dll included on the current platform. Only one assembly with the same name is allowed per platform. (Assets/Plugins/YamlDotNet.dll)"
This is just after importing your Unity package into Unity V2021.1.5f1
Is there a simple fix you’d suggest for this?
Kind regards,
Nick Gamb
Hi Tom. Can you try removing YAMLDotNet.dll and the .meta from your plugins folder? You are using a later version of Unity than I was at the time and it looks like you may already have YAML.net included elsewhere.