cancel
Showing results for 
Search instead for 
Did you mean: 

Best practice for user authentication?

Imeve360
Honored Guest
Hi -

We're working on an project which has both an Oculus Store app and an independent cloud interface to the back-end. We need to be able to authorize users in both environments. We authorize users on our cloud service by email. However if I'm not mistaken, even if a user is logged in to their Oculus account using the same email we already know, there is no way for us to recognize this user.

I don't want to force users to "type" their email address and password while in the headset app in order to authenticate against our cloud service. That is incredibly painful.

In an ideal world, the Oculus API would provide me with a hashed email address of the currently active user as a GUID, as well as the hash function so that I can generate my own table of hashed emails, and I could simply cross reference my own user table against the active user's GUID. No muss, no fuss. But this doesn't seem possible.

What's the next best option then? Any suggestions?

Thanks -
DJD
1 REPLY 1

Imeve360
Honored Guest
Thanks for the response @imperativity, I missed it due to the holiday...

So I understand correctly what's available and what is not available within the Oculus Platform SDK. The problem we still need to solve is: what is the best practice to cross-reference a user on our own cloud system against a user in the Oculus ecosystem. These users are our customers so there is no privacy issue, it's just a technical/user experience question.

It seems that the only publicly-accessible identifier that can be used to identify a specific Oculus user is the Oculus User ID. Is that correct?

So would the best practice (or rather, the only option) be to require that our cloud service users enter their Oculus User ID into our web interface in order to "connect" their Oculus account to their account on our cloud service?

If this is correct, there's a number of followup questions.
* Can we execute User Verification from our cloud service? That is, is there any way to know that an Oculus User ID is presented by the actual user?
* What happens if a user changes their Oculus User ID?
* Can Oculus/FB provide any assurance that this method will continue to be supported in the future?

It's quite important to our business model that we can establish and maintain this cross-reference moving forward. Would appreciate any suggestions you can provide.

Best -
Devon