Showing results for 
Search instead for 
Did you mean: 

Authentication using OAuth on Quest - supported flows using browser, QR or companion app?

We have an existing enterprise app that we are porting to Quest. The app is built using Unity and an OAuth service (Azure B2C) is used for authentication. Currently, we support multiple authentication flows, including using browser based authentication and reading QR codes using the built in camera on devices where typing is inconvenient, such as Microsoft HoloLens.
I'm trying to find the recommended path for secure authentication for Oculus Quest.
Thing's I've tried:

browser authentication does not work since the Oculus browser does not appear to allow intent-filters to open applications as per Android default behaviour, see 
QR authentication does not work, since no QR reading framework is available on the device like it is on other platforms (HoloLens 2 and even Windows Mixed Reality headsets), and since the cameras are not directly accessible to developers either.
Quest does seem to have some provisioning for authentication through it's own companion app, but I can find no mention that we can develop our own 3rd party companion app to handle authentication this way? 

I'm sure there are many other developers looking to authenticate their Quest users through OAuth; how did you manage this? 


Honored Guest
I'm also looking to use OAuth with Quest but did not find a proper way to do it. Any ideas on how to achieve this?


Wow. I just posted a reply but Oculus Forums forced a reauthentication and threw my post away. Sigh. In brief: Second best would be to use OAuth Device Flow. In our case that didn't work since Azure AD B2C doesn't support Device Flow, so I ended up using ROPC instead. Not pretty but it works.