No server. No secrets in your build.

Stop building auth. Start shipping games.

Oathwall handles the OAuth complexity so you don't have to. No backend to run, no client secrets in your build. Your players get in fast — you ship the game.

Get started freeSee how it works

Free plan, forever. No credit card required.

The Reality

You didn't sign up to write auth code.

But here you are, 3 hours deep in Google's OAuth 2.0 docs at 2am. We've been there.

OAuth is deceptively complex

State management, PKCE flows, token rotation, silent refresh — it's a lot of boilerplate for something every app needs.

Client secrets don't belong in game builds

Hardcoding secrets in a Unity build means anyone with a decompiler can extract them. Auth needs a backend — you can use ours.

Auth is not your game

Every hour debugging OAuth scopes is an hour not spent on mechanics, art, or levels. Your login screen isn't what players paid for.

Providers

Sign in with accounts your players already have

Google, Discord, GitHub, Steam, Twitch, Twitter/X, Microsoft, Facebook, Apple, Epic Games — ten providers, one integration, zero OAuth boilerplate.

Google

The fastest path to your first login. Works everywhere — Unity, web, mobile.

OAuth 2.0

Discord

The natural home for gaming communities. Most of your players are already there.

OAuth 2.0

GitHub

For dev tools, game jams, and any audience that skews technical.

OAuth 2.0

Steam

Native gamer identity via Steam OpenID. The obvious choice for PC titles.

OpenID 2.0

Facebook

One-tap login for the players already in the Meta ecosystem.

Graph API

Twitch

Let streamers and their audiences log in with the account they already have open.

OAuth 2.0

Twitter / X

Reach players who live on social. PKCE flow keeps credentials off the wire.

OAuth 2.0 PKCE

Microsoft

Personal and work accounts in one flow — via Azure AD and the Graph API.

OAuth 2.0

Apple

Required for iOS App Store apps. We handle the JWT client secrets so you don't have to.

OAuth 2.0

Epic Games

Unreal Engine players and Epic Games Store users, covered with PKCE.

OAuth 2.0 PKCE

How It Works

Three steps. Seriously.

From zero to working auth in under ten minutes. We timed it.

Create your app

Sign in to the dashboard, create an app. You'll get an appKey, configure your platform redirect schemes, and you're done with setup.

Connect providers

Paste in your credentials for any of the 10 supported providers. We validate, encrypt, and handle all the OAuth implementation.

Call the API

Redirect to /auth/{provider}/start, grab the ticket from the callback, exchange it for tokens with /auth/consume. Done.

Integration

It's really just three API calls.

Redirect, consume, fetch. That's the entire auth flow. The rest is handled by us.

auth.js

// 1. Redirect to provider login
const url = `https://sso.oathwall.com/auth/google/start?appKey=${APP_KEY}`;
window.location.href = url;
 
// 2. After redirect, consume the ticket
const { access_token, refresh_token } = await fetch(
  "https://sso.oathwall.com/auth/consume",
  { method: "POST", body: JSON.stringify({ ticket }) }
).then(r => r.json());
 
// 3. Get the user
const user = await fetch("https://sso.oathwall.com/auth/me", {
  headers: { Authorization: `Bearer ${access_token}` },
}).then(r => r.json());
// → { id, email, name, picture, provider }

What You Get

Everything auth. Nothing else.

We didn't pad the feature list. This is exactly what a game needs from an auth platform.

Unified SSO

One auth system for all your games. New project? Same infrastructure, same dashboard, same users — no rebuilding from scratch.

User Management

See who's playing, ban bad actors, reactivate accounts — from a dashboard, not a SQL console at midnight.

Session Control

Track active sessions across devices and revoke them with one click. 30-day rolling refresh token rotation, built in.

Real-time Analytics

Daily active users, logins by provider, 7-day charts. Enough signal to understand your players without drowning in metrics.

Mobile & Desktop

iOS Universal Links, Android App Links, deeplinks, custom URL schemes — everything the App Store and Play Store expect.

API-First

RESTful API, ticket-based auth, automatic token management. If it can make an HTTP request, it can use Oathwall.

Pricing

Start free. Scale when you need to.

No lock-in, no surprises. Upgrade when your player count does.

Free

Everything you need to get started with social auth.

$0/mo

Start for free

1 application
10 monthly active users
Google, Facebook, Apple, Steam
JWT access + refresh tokens
Community support

Standard

Scale your auth infrastructure as your user base grows.

$9/mo

Get started

10 applications
1,000 monthly active users
Google, Facebook, Apple, Steam
JWT access + refresh tokens
Session management & revocation
Real-time analytics dashboard
Priority email support

Enterprise

Tailored solutions for large-scale products and teams.

Custom

Unlimited applications
Unlimited monthly active users
All providers + custom SAML/OIDC
Advanced session analytics
SLA guarantee (99.99% uptime)
Dedicated Slack channel
Custom contracts & invoicing

Security

Secure by default, not by checkbox.

You don't have to configure security — these practices are active from day one.

httpOnly & Secure cookies — tokens are never exposed to JavaScript

Refresh token rotation — old tokens are invalidated on every refresh

SHA-256 token hashing — no plaintext tokens ever stored in the database

CSRF protection via OAuthFlowSession state validation on every callback

Single-use tickets with 5-minute TTL — replay attacks are a non-issue

Account & identity status checked on every request — ban a user, they stay banned

Your next game ships with auth already solved.

Start free. Add providers in minutes. Your players won't even notice the login — which is exactly the point.

Create your free account Sign in

Free plan, no credit card, no expiry.