Provider Setup Guide
Oathwall acts as a secure middleware between your game and OAuth providers. You bring your own credentials — we handle the entire auth flow, token rotation, and session management.
This guide covers two things: how to get the credentials you need from each provider's developer console, and how to add them to your Oathwall app through the dashboard.
Google Sign-In uses OAuth 2.0. You'll create credentials in the Google Cloud Console and end up with a Client ID and a Client Secret.
Required fields
| Field | Description | Example |
|---|---|---|
Client ID | Your OAuth 2.0 client identifier. | 123456789-abc.apps.googleusercontent.com |
Client Secret | The secret paired with your Client ID. | GOCSPX-xxxxxxxxxxxx |
Step-by-step
Open Google Cloud Console
Go to console.cloud.google.com and sign in with your Google account.
Create or select a project
Click the project dropdown at the top left and either select an existing project or click New Project. Give it a name that identifies your game.
Register your app on Google Auth Platform
Navigate to Google Auth Platform in the console menu (or go directly to console.cloud.google.com/auth/overview) and complete the registration:
- On the Audience page, choose External as the user type.
- On the Branding page, fill in the app name, support email, and developer contact email.
- Scopes live on the Data Access page — for basic sign-in (
openid,email,profile) they are non-sensitive and need no verification.
Create an OAuth client and add the redirect URI
Go to Google Auth Platform → Clients and click Create Client. Select Web application as the application type, then under Authorized redirect URIs click Add URI and enter:
https://sso.oathwall.com/auth/callbackCopy your credentials
Click Create. The confirmation dialog shows your Client ID and Client Secret — copy both into the Oathwall dashboard.
Facebook Login is part of the Meta for Developers platform. You'll create a Meta App to get an App ID and App Secret.
Required fields
| Field | Description | Example |
|---|---|---|
App ID | Your Meta app identifier (public). | 1234567890123456 |
App Secret | The secret paired with your App ID. | abc123def456... |
Step-by-step
Open Meta for Developers
Go to developers.facebook.com and log in with a Facebook account that has developer access.
Create a new app
Click My Apps → Create app. On the Add use cases screen, select "Authenticate and request data from users with Facebook Login" and click Next. When Meta asks "Are you building a game?", choose No — the "Yes" path creates a Facebook Login for Gaming app, which is a different login type than the web OAuth flow Oathwall runs. Enter your app name and contact email, then click Create app.
Configure the use case and set the redirect URI
From the dashboard, open Use cases → Authenticate and request data from users with Facebook Login → Customize. Make sure the email permission is added, then under Settings add to Valid OAuth Redirect URIs:
https://sso.oathwall.com/auth/callbackemail and public_profile are granted automatically — you do not need App Review or Business Verification for Oathwall's login scopes.Copy your credentials
Navigate to Settings → Basic. Copy your App ID and click Show next to App Secret to reveal it.
Discord
OAuth 2.0 · Discord Developer PortalDiscord uses standard OAuth 2.0. You'll create an application in the Discord Developer Portal and get a Client ID and a Client Secret.
Required fields
| Field | Description | Example |
|---|---|---|
Client ID | Your Discord application ID. | 1234567890123456789 |
Client Secret | The secret associated with your application. | aBcDeFgHiJkLmNoPqRsTuV |
Step-by-step
Open the Discord Developer Portal
Go to discord.com/developers/applications and log in.
Create a new application
Click New Application, give it a name, and click Create.
Add the redirect URI
In the left sidebar, go to OAuth2. Under Redirects, click Add Redirect and enter:
https://sso.oathwall.com/auth/callbackClick Save Changes.
Copy your credentials
Still on the OAuth2 page, copy your Client ID. Click Reset Secret to generate and reveal your Client Secret. If your Discord account has 2FA enabled, you'll be prompted for a code.
Apple
Sign in with Apple · Apple DeveloperSign in with Apple is required for any iOS app that offers third-party login. You'll need a Services ID, a private key (.p8 file), your Team ID, and the Key ID.
Required fields
| Field | Description | Example |
|---|---|---|
Client ID | Your Services ID identifier (not the Bundle ID). | com.yourstudio.yourgame.auth |
Team ID | Found under Membership details in your Apple Developer account. | ABC123DEF4 |
Key ID | The identifier of the Sign in with Apple key. | XYZKEY1234 |
Private Key | Contents of the .p8 file downloaded from Apple. | -----BEGIN PRIVATE KEY-----
... |
Step-by-step
Open Apple Developer portal
Go to developer.apple.com/account and note your Team ID on the Membership details card.
Register an App ID with Sign In with Apple
Go to Identifiers → + → App IDs. Fill in Bundle ID, then scroll to Capabilities and check Sign In with Apple.
Create a Services ID
Go to Identifiers → + → Services IDs. The identifier becomes yourClient ID in Oathwall (e.g. com.yourstudio.yourgame.auth).
Configure the Services ID with the redirect URI
Click the Services ID, enable Sign In with Apple → Configure, and select your App ID as the Primary App ID. Under Website URLs you must fill in both fields:
- Domains and Subdomains:
sso.oathwall.com(at least one domain is mandatory) - Return URLs:
https://sso.oathwall.com/auth/callbackCreate a Sign in with Apple key and download the .p8 file
Go to Keys → +, name the key and check Sign In with Apple. Click Configure and select your Primary App ID (the key can't be registered without it), then Save → Continue → Register and download the .p8 file immediately — it cannot be re-downloaded.
Gather all four values
- Client ID — the Services ID identifier
- Team ID — top-right of the Developer portal
- Key ID — shown on the Keys page
- Private Key — the full contents of the .p8 file
Steam
OpenID 2.0 · SteamworksSteam uses OpenID 2.0 instead of OAuth 2.0 — there is no client secret or code exchange. Login is verified through Steam's OpenID endpoint; the Web API Key is used to fetch the player's profile (name and avatar), making Steam the simplest provider to set up.
Required fields
| Field | Description | Example |
|---|---|---|
API Key | Your Steam Web API Key, used to fetch player profile data (persona name, avatar) after login. Goes in the Client Secret field. | A1B2C3D4E5F6... |
Step-by-step
Register for a Steam Web API Key
Go to steamcommunity.com/dev/apikey . Sign in, enter a domain name, and click Register. The domain is just a label — Steam doesn't verify it, so your studio's domain works fine.
Copy your API Key
Your Steam Web API Key is displayed on the same page. Copy it — this is what you'll paste into Oathwall as the Client Secret.
GitHub
OAuth 2.0 · GitHub SettingsOathwall uses a GitHub OAuth App for sign-in. (GitHub also offers "GitHub Apps" — that's a different product; make sure you create an OAuth App.) Register one under your GitHub account to get a Client ID and Client Secret.
Required fields
| Field | Description | Example |
|---|---|---|
Client ID | Your GitHub OAuth App client identifier. | Ov23liAbCdEf12345678 |
Client Secret | The secret paired with your Client ID. | abc123def456... |
Step-by-step
Open GitHub Developer Settings
Go to github.com/settings/developers and select OAuth Apps.
Register a new OAuth App
Click New OAuth App and fill in the details:
- Application name: your game's name
- Homepage URL: your game's website
- Authorization callback URL:
https://sso.oathwall.com/auth/callbackClick Register application.
Generate and copy your Client Secret
On the app page, copy your Client ID. Click Generate a new client secret — copy it immediately.
Epic Games
OAuth 2.0 · Epic Developer PortalEpic Account Services uses the standard OAuth 2.0 authorization code flow. You need a Client ID and Client Secret from the Epic Developer Portal, plus a configured Epic Account Services application.
Required fields
| Field | Description | Example |
|---|---|---|
Client ID | Your Epic OAuth client identifier. | xyza7891AbCdEfGhIjKlMnOpQrStUvWx |
Client Secret | The secret paired with your Client ID. | AbCdEfGhIjKlMnOpQrStUvWxYz123456 |
Step-by-step
Open the Epic Developer Portal
Go to dev.epicgames.com/portal and sign in. Select your product and navigate to Epic Account Services.
Create an OAuth client
Go to Product Settings → Clients and click Add new client. Choose the TrustedServer client policy (Oathwall keeps the secret server-side, so the trusted-server policy is the right fit) and add the redirect URL on the client:
https://sso.oathwall.com/auth/callbackConfigure the Epic Account Services application
Under Epic Account Services, configure your application's three tabs — all of them are required for login to work:
- Brand Settings: company name, logo, and privacy policy URL.
- Permissions: enable Basic Profile.
- Linked Clients: link the OAuth client you created in step 2.
Copy your credentials
Save the client. Your Client ID and Client Secret are shown in the client detail page.
Twitch
OAuth 2.0 · Twitch Developer ConsoleTwitch uses standard OAuth 2.0. Register an application in the Twitch Developer Console to get a Client ID and Client Secret.
Required fields
| Field | Description | Example |
|---|---|---|
Client ID | Your Twitch application client ID. | abc123def456ghi789jkl012 |
Client Secret | The secret paired with your Client ID. | xyz987uvw654tsr321... |
Step-by-step
Open the Twitch Developer Console
Go to dev.twitch.tv/console . Note: 2FA must be enabled on your Twitch account.
Register a new application
Click Register Your Application and add the redirect URI:
https://sso.oathwall.com/auth/callbackChoose category Game Integration and click Create.
Copy your credentials
Click Manage on your app. Copy the Client ID, then click New Secret to generate and copy the Client Secret.
Twitter / X
OAuth 1.0a · X Developer PortalX (Twitter) login uses OAuth 1.0a — Oathwall handles the full request-token / authorize / access-token flow for you. You need an X developer account to get an API Key and API Secret (the Consumer Keys).
/2/users/me endpoint behind a paid API tier. Oathwall uses the OAuth 1.0a flow instead, which works on the free X API tier and even returns the user's email — as long as your app has a Project and "Request email from users" is enabled.Required fields
| Field | Description | Example |
|---|---|---|
API Key | Your app's Consumer API Key. Goes in the Client ID field. | wnK8n44C8vd01ySCM8MVMFGmp |
API Secret | Your app's Consumer API Secret. Goes in the Client Secret field. | YshGrEdfVG1l7bNYdYTHJG38... |
Step-by-step
Open the X Developer Portal & create a Project
Go to developer.x.com and make sure your app lives under a Project (not a standalone app) — v1.1 access requires it. The free tier includes one Project.
Configure User authentication settings
Open your app's User authentication settings and set:
- App permissions: Read — and toggle on Request email from users if you want emails.
- Type of App: Web App, Automated App or Bot (Confidential client).
- Callback URI / Redirect URL:
https://sso.oathwall.com/auth/callbackA Website URL is also required (e.g. your game's site). Requesting email needs a Terms of Service and Privacy Policy URL on the app.
Copy your API Key & Secret
On the Keys and tokens tab, copy the API Key and Secret (Consumer Keys). In the Oathwall dashboard, paste the API Key into the Client ID field and the API Secret into the Client Secret field.
Microsoft
OAuth 2.0 · Azure PortalMicrosoft Sign-In is powered by Microsoft Entra ID (formerly Azure Active Directory). Register an application in the Microsoft Entra admin center to get a Client ID and Client Secret. Oathwall uses the common tenant — supports personal and work/school Microsoft accounts.
Required fields
| Field | Description | Example |
|---|---|---|
Client ID | The Application (client) ID from Microsoft Entra. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
Client Secret | A client secret value you create in Microsoft Entra. | AbC~1dEfGhIjKlMnOpQrStUvWx2YzZ3 |
Step-by-step
Open the Microsoft Entra admin center
Go to entra.microsoft.com and navigate to Entra ID → App registrations. (The legacy Azure portal blade still works too.)
Register a new application
Click New registration. Under supported account types choose Any Entra ID tenant + personal Microsoft accounts (on the legacy portal: "Accounts in any organizational directory and personal Microsoft accounts"). Under Redirect URI, select the Web platform — this matters; a URI registered as "Single-page application" will reject Oathwall's server-side flow — and enter:
https://sso.oathwall.com/auth/callbackClick Register.
Create a client secret
Copy the Application (client) ID from the overview page. Then go to Certificates & secrets → New client secret, add it, and copy the Value immediately.
Adding a Provider
Once you have your credentials, adding them to your Oathwall app takes under a minute. Each app manages its own set of providers independently.
Open your app in the dashboard
Sign in to the Oathwall dashboard and navigate to Apps in the sidebar. Click on the app you want to configure.
Go to the Providers tab
Inside your app's detail page, click the Providers tab. Unconfigured providers appear greyed out.
Click Configure on a provider
Find the provider you want to enable and click Configure. A panel will appear with the fields specific to that provider.
Fill in your credentials and save
Paste the values you collected from the provider's developer console and click Save.
GET /app-config/login-config/:appKey call.Redirect URIs
Every OAuth provider requires you to whitelist the URL it will redirect to after authentication. All Oathwall callbacks go through the same endpoint.
https://sso.oathwall.com/auth/callbackProvider-specific notes
Add as an Authorized redirect URI in your OAuth client settings. Uses GET.
Add under Facebook Login → Settings → Valid OAuth Redirect URIs. Uses GET.
Add as a Return URL (plus the domain) in your Services ID configuration. Apple uses POST (form_post response mode).
No configuration needed. Steam OpenID uses the openid.return_to parameter dynamically.
Add under OAuth2 → Redirects in your application settings. Uses GET.
Set as the Authorization callback URL when registering your OAuth App. Uses GET.
Add under Redirect URIs in your OAuth client settings. Uses GET.
Add under OAuth Redirect URLs when registering your application. Uses GET.
Add as a Callback URI in User authentication settings. Uses GET.
Add as a Web redirect URI in Authentication settings of your Azure app registration. Uses GET.
sso.oathwall.com/public/auth/redirect.html with a short-lived ticket. Your game calls POST /auth/consume with the ticket to receive access and refresh tokens.SSO Login Kit for Unity
The OathWall SSO Login Kit is the Unity client for everything this guide configured. Import it, paste your App Key, inherit one class — your game has Google, Apple, Facebook and Steam login with zero backend code and zero secrets in your build.
The kit opens the hosted sign-in page in the system browser (Unity's recommended approach — no WebView), receives the deep link callback on Android and iOS, exchanges the one-time ticket for tokens and hands you a clean LoginResult. Token storage, refresh and session checks are handled for you.
How the flow works
StartLogin("google") └─ opens https://sso.oathwall.com/auth/google/start?appKey=YOUR_APP_KEY └─ player signs in with the provider (system browser, not a WebView) └─ deep link back into the game: yourappkey://open?ticket=... └─ kit consumes the ticket → access + refresh tokens (stored locally) └─ OnLoginSuccess(LoginResult) fires in your scriptWhat's in the package
| Field | Description | Example |
|---|---|---|
Runtime | The kit runtime (SsoClientBase, SsoProviderButton, deep link handling). | Runtime/bin |
SsoSettings.asset | Pre-created settings asset — just paste your App Key. | — |
Examples | Full login implementation with UI screens you can copy from. | ExampleLoginScript.cs |
Prefabs | Ready-made login button used by the dynamic button system. | LoginButton.prefab |
Demo scenes | Two working scenes — bare API calls and a complete login UI. | DemoLoginWithUI.unity |
Editor | Getting Started window and build-time deep link injection for Android/iOS. | Tools → Pixit → SSO Login Kit |
Installation & Settings
Import the package
Get the OathWall SSO Login Kit from the Unity Asset Store and import it into your project. Everything lands under Assets/PixitGames/SSOLoginKit. After importing, open Tools → Pixit → SSO Login Kit → Getting Started for quick links to this documentation and the dashboard.
Configure the settings asset
Select the bundled SsoSettings.asset (or create a new one via Create → PixitGames → SSO Login Kit → Settings) and fill in the fields:
| Field | Description | Example |
|---|---|---|
SSO Base Url | The Oathwall SSO endpoint. Leave the default unless told otherwise. | https://sso.oathwall.com/auth/ |
App Key | Your app’s public key from the Oathwall dashboard. Also used as the deep link scheme. | mygame |
Verbose Logs | Prints [SSOLoginKit] logs to the console. Turn off for release builds. | on |
Try the demo scene
Open DemoLoginWithUI.unity, press Play and hit a login button. If your providers are configured in the dashboard, the full flow works in the editor — browser sign-in included.
Quick Start
All integration goes through one base class: SsoClientBase. Inherit it, override OnLoginSuccess, and call StartLogin with a provider key. Add the script to a GameObject in your first scene and assign the SsoSettings asset in the inspector.
using PixitGames.SSOLoginKit;using UnityEngine; public class LoginManager : SsoClientBase{ // Hook these up to your UI buttons. public void LoginWithGoogle() => StartLogin("google"); public void LoginWithApple() => StartLogin("apple"); public void LoginWithFacebook() => StartLogin("facebook"); public void LoginWithSteam() => StartLogin("steam"); protected override void OnLoginSuccess(LoginResult result) { Debug.Log($"Logged in: {result.name} ({result.email}) via {result.provider}"); // result.id is the stable Oathwall identity id — use it as your player key. } protected override void OnLoginFailed(string error) { base.OnLoginFailed(error); // Show your retry UI here. }}The LoginResult object
| Field | Description | Example |
|---|---|---|
id | Stable Oathwall identity id — the same player keeps this id across sessions. | a1b2c3… |
provider | Which provider the player signed in with. | google |
name | Display name from the provider, when available. | Jane Doe |
email | Email from the provider. Steam does not provide one. | [email protected] |
picture | Avatar URL, when the provider exposes one. | https://… |
google, apple, facebook, steam — any provider you enable works with the same StartLogin(key) call.Sessions & Silent Login
After a successful login the kit stores the access and refresh tokens locally. Returning players shouldn't see the login screen again:
public void TrySilentLogin(){ // Uses the refresh token saved from the previous login. // Fires OnLoginSuccess on success, OnLoginFailed otherwise — // call it on startup to skip the login screen for returning players. SilentLogin();}To protect an in-game action (a purchase, a cloud save) without tracking auth state yourself:
public void BuyItem(){ // Gate any action behind a valid session. The kit refreshes // the access token automatically if it has expired. IsUserAuthenticated((isAuthenticated, user) => { if (!isAuthenticated) { ShowLoginScreen(); return; } Debug.Log($"Purchase allowed for {user.name}."); });}OnLoginFailed.Android & iOS Deep Links
After the player signs in, the browser hands control back to your game through a deep link: yourappkey://open?ticket=…. The kit's editor scripts register this link automatically at build time — there is nothing to edit by hand.
Android
A post-build step injects the intent filter into the generated AndroidManifest.xml:
<!-- Added to your Unity activity automatically at build time --><intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <category android:name="android.intent.category.BROWSABLE" /> <data android:scheme="YOUR_APP_KEY" android:host="open" /></intent-filter>iOS
The same step adds your scheme to CFBundleURLTypes in the generated Xcode project's Info.plist. Existing URL types are preserved and the scheme is never added twice.
SsoSettings is empty at build time, the post-build step skips with a warning and logins won't return to the game.