Web logins using Oculus account
We have an Oculus game available on the store alongside a web portal designed to help users manage their account information. We're eager to provide users with the convenience of logging into our web portal using their Oculus account, ideally through some form of OAuth or Single Sign-On (SSO) mechanism. The primary resource I've come across regarding this integration is the documentation on "Account Linking". In essence, here's the flow: Our web portal initiates the user's redirection to the Meta SSO URL, which can be found at https://auth.oculus.com/sso/?redirect_uri=https://someloginuri.com/oa&organization_id=1234567812345678. The user agrees to link their account with our web portal. Following the agreement, the user is redirected back to our web portal, accompanied by encoded data we can leverage for authenticating the user within the Oculus API. The account linking process does indeed work, yet there's a recurring issue. Users are prompted to "CONNECT ACCOUNT" each time they visit the Meta page for login (see picture below). Ideally, we expected this step to be a one-time event. However, it seems users encounter this step upon each visit, which can hinder the user experience in our web login process. I'm wondering if there exists a workaround for this particular issue. Have I overlooked any crucial details in the documentation? Is there a method to only present the account linking step once, followed by a seamless and conventional login flow thereafter? Any suggestions would be greatly appreciated!
Authentication using OAuth on Quest - supported flows using browser, QR or companion app?
We have an existing enterprise app that we are porting to Quest. The app is built using Unity and an OAuth service (Azure B2C) is used for authentication. Currently, we support multiple authentication flows, including using browser based authentication and reading QR codes using the built in camera on devices where typing is inconvenient, such as Microsoft HoloLens. I'm trying to find the recommended path for secure authentication for Oculus Quest. Thing's I've tried: browser authentication does not work since the Oculus browser does not appear to allow intent-filters to open applications as per Android default behaviour, see https://forums.oculusvr.com/developer/discussion/89646/feature-request-allow-appps-to-be-launched-via-intent-filters-from-oculus-browser#latest QR authentication does not work, since no QR reading framework is available on the device like it is on other platforms (HoloLens 2 and even Windows Mixed Reality headsets), and since the cameras are not directly accessible to developers either. Quest does seem to have some provisioning for authentication through it's own companion app, but I can find no mention that we can develop our own 3rd party companion app to handle authentication this way? I'm sure there are many other developers looking to authenticate their Quest users through OAuth; how did you manage this?
