Now in Public Beta

Stop building auth.
Start shipping games.

Oathwall handles the OAuth complexity so you don't have to. No backend to run, no client secrets in your build. Your players get in fast — you ship the game.

Get started free See how it works

// Free plan, forever. No credit card required.

auth.js — oathwall-sdk

// 1. Redirect to provider
const url = `https://sso.oathwall.com/auth/google/start?appKey=${APP_KEY}`;
window.location.href = url;
 
// 2. Consume the ticket
const { access_token } = await fetch("/auth/consume", {
  method: "POST", body: JSON.stringify({ ticket })
}).then(r => r.json());
 
// That's it. You're authenticated. 🎮

// 1. Initialize the SDK
OathwallSDK.Init(appKey: APP_KEY);
 
// 2. Trigger login
AuthResult result = await OathwallSDK.LoginAsync(Provider.Google);
 
// 3. Use the token
Debug.Log($"Welcome, {result.DisplayName}!");
PlayerPrefs.SetString("access_token", result.AccessToken);
 
// That's it. You're authenticated. 🎮

// 1. Initialize the SDK
UOathwallSDK::Init(FString(APP_KEY));
 
// 2. Trigger login
UOathwallSDK::Login(EProvider::Google,
  FOnLoginComplete::CreateLambda([](FAuthResult Result) {
 
    // 3. Use the token
    UE_LOG(LogTemp, Log,
      TEXT("Welcome, %s!"), *Result.DisplayName);
  })
);
 
// That's it. You're authenticated. 🎮

10 providers · One integration · Zero boilerplate

Google

Discord

GitHub

Steam

Facebook

Twitch

Twitter/X

Microsoft

Apple

Epic Games

The Reality

You didn't sign up to write auth code.

But here you are, 3 hours deep in Google's OAuth 2.0 docs at 2am.

OAuth is deceptively complex

State management, PKCE flows, token rotation, silent refresh — it's a lot of boilerplate for something every app needs.

Client secrets don't belong in game builds

Hardcoding secrets in a Unity build means anyone with a decompiler can extract them. Auth needs a backend — use ours.

Auth is not your game

Every hour debugging OAuth scopes is an hour not spent on mechanics, art, or levels. Your login screen isn't what players paid for.

How It Works

Three steps. Seriously.

From zero to working auth in under ten minutes.

Create your app

Sign in to the dashboard, create an app. You'll get an appKey, configure your platform redirect schemes, and you're done with setup.

Connect providers

Paste in your credentials for any of the 10 supported providers. We validate, encrypt, and handle all the OAuth implementation.

Call the API

Redirect, consume ticket, get tokens. Three API calls — that's the entire auth flow.

What You Get

Everything auth. Nothing else.

We didn't pad the feature list. This is exactly what a game needs.

Unified SSO

One auth system for all your games. New project? Same infrastructure, same dashboard, same users — no rebuilding from scratch.

User Management

See who's playing, ban bad actors, reactivate accounts — from a dashboard, not a SQL console.

Real-time Analytics

Daily active users, logins by provider, 7-day charts. Enough signal to understand your players without drowning in metrics.

Session Control

Track active sessions across devices and revoke them with one click. 30-day rolling refresh token rotation, built in.

Mobile & Desktop

iOS Universal Links, Android App Links, deeplinks, custom URL schemes — everything the App Store and Play Store expect.

API-First

RESTful API, ticket-based auth, automatic token management. If it can make an HTTP request, it can use Oathwall.

Pricing

Start free. Scale when you need to.

No lock-in, no surprises. Upgrade when your player count does.

Free

Everything you need to get started with social auth.

$0/mo

Start for free

1 application
10 monthly active users
Google, Facebook, Apple, Steam
JWT access + refresh tokens
Community support

Standard

Scale your auth infrastructure as your user base grows.

$9/mo

Get started

10 applications
1,000 monthly active users
Google, Facebook, Apple, Steam
JWT access + refresh tokens
Session management & revocation
Real-time analytics dashboard
Priority email support

Enterprise

Tailored solutions for large-scale products and teams.

Custom

Unlimited applications
Unlimited monthly active users
All providers + custom SAML/OIDC
Advanced session analytics
SLA guarantee (99.99% uptime)
Dedicated Slack channel
Custom contracts & invoicing

Security

Secure by default, not by checkbox.

Active from day one. No configuration needed.

httpOnly & Secure cookiestokens never exposed to JavaScript

Refresh token rotationold tokens invalidated on every refresh

SHA-256 token hashingno plaintext tokens stored in database

CSRF protectionstate validation on every OAuth callback

Single-use tickets5-minute TTL, replay attacks are a non-issue

Per-request identity checksban a user, they stay banned instantly

Your next game ships with auth already solved.

Start free. Add providers in minutes. Your players won't even notice the login — which is exactly the point.

Create your free account Sign in

// Free plan, no credit card, no expiry.

Stop building auth. Start shipping games.