Unity Authentication Guides
Step-by-step guides for adding social login to your Unity game — Google, Apple, Steam, Discord, and more — with real code and no backend.
These guides cover one job end to end: adding real player login to a Unity game without standing up your own auth backend. Each one starts from the problem, walks through the actual provider setup (the console screens, the redirect URI, the scopes that trip people up), and shows the C# you'll really write — the same SsoClientBase / StartLogin / OnLoginSuccess pattern across every provider.
Start here
If you're new to this, read Player Authentication in Unity: The Complete Guide first. It maps out the three ways to add login to a game, where the tokens come from, and how the deep-link return trip back into your build works — so the per-provider guides make sense before you open a provider console.
Pick a provider
The provider guides each go deep on one login: real setup steps plus the quirks that aren't in the marketing copy. Sign in with Apple generates its client secret as a signed JWT and only sends the player's name on the very first authorization. Steam uses OpenID 2.0 and never returns an email. Facebook needs App Review before its email scope works outside your test accounts. Ten providers are covered, so most games find the two or three their players actually use.
Solve a specific problem
Some guides aren't about a single provider at all. Add login to your Unity game is the start-to-finish tutorial. Ship without a backend explains what the hosted service does for you and where a server still helps. Don't ship client secrets is worth reading before you release, and cross-platform login covers the per-platform deep-link differences on iOS, Android, desktop, and WebGL.
Beyond Unity
The packaged SDK is Unity's, but the login flow underneath is plain HTTP, so it isn't Unity-only. OAuth login without an SDK documents every endpoint — start, consume, refresh, and the deep-link return — so you can add the same social login to any engine. Godot OAuth login turns that contract into real GDScript with HTTPRequest and OS.shell_open.
- Guides
OAuth Login Without an SDK: The REST Flow for Any Game Engine
Oathwall's Unity SDK just wraps a plain HTTP flow. Here's the exact REST and deep-link contract so you can add social login to Godot, Unreal, or any engine yourself.
Jul 2, 20266 min read - Guides
Godot OAuth Login: Add Social Sign-In With Oathwall
There's no Godot SDK for Oathwall, but its login flow is plain HTTP. Here's how to add Google, Discord, or Steam sign-in to a Godot 4 game with real GDScript.
Jul 2, 20265 min read - Guides
How to Add Login to Your Unity Game
A start-to-finish guide to adding player login in Unity: enable a provider, drop in the C#, and test the whole flow in the browser before you build. No backend.
Jul 1, 20264 min read - Guides
Cross-Platform Login in Unity (iOS, Android, PC, WebGL)
One login that works on iOS, Android, desktop, and WebGL. The per-platform gotchas — deep links, verified links, and the browser limits — and how to ship the same code everywhere.
Jul 1, 20264 min read - Guides
Discord OAuth Login in Unity
Add Discord login to a Unity game with OAuth2 — no backend, no client secret in the build. Real C#, the identify/email scopes, and the unverified-email gotcha.
Jul 1, 20263 min read - Guides
Never Ship OAuth Client Secrets in Your Unity Build
A client secret in your Unity build is extractable in minutes and public the moment you ship. Here's why it happens, what an attacker can do with it, and how to keep it off the build.
Jul 1, 20264 min read - Guides
Epic Games Login in Unity (Epic Online Services, OAuth + PKCE)
Add Epic Games login to a Unity game with OAuth and PKCE — no backend, no client secret in the build. Real C#, and the profile fields Epic actually returns.
Jul 1, 20263 min read - Guides
Facebook Login in Unity without the SDK
Add Facebook login to a Unity game without the Facebook SDK or a client secret in your build. Real C#, the App Review gotcha, and how the email scope works.
Jul 1, 20263 min read - Guides
GitHub Login in Unity (OAuth, no backend)
Add GitHub login to a Unity game or tool with OAuth — no backend, no client secret in the build. Real C#, and the hidden-email gotcha that returns null.
Jul 1, 20263 min read - Guides
Add Google Sign-In to Your Unity Game (No Backend)
Add Google login to a Unity game with no server and no client secret in your build. Real setup steps, real C# code, and the redirect-URI gotcha that trips most people.
Jul 1, 20264 min read - Guides
Microsoft & Xbox Login in Unity (OAuth, no backend)
Add Microsoft (and Xbox) login to a Unity game with OAuth — no backend, no client secret in the build. Real C#, and the email field quirk for work and guest accounts.
Jul 1, 20263 min read - Guides
Sign in with Apple in Unity (the iOS requirement, done right)
Add Sign in with Apple to a Unity game without the JWT client-secret headache. Real setup, real C#, and the first-login name gotcha that trips everyone.
Jul 1, 20265 min read - Guides
Steam Login in Unity with OpenID (no email, no password)
Add Steam login to a Unity game with OpenID — no email, no password, no client secret. Real C#, the SteamID64 detail, and the profile-data gotcha.
Jul 1, 20263 min read - Guides
Twitch Login in Unity (OAuth, no backend)
Add Twitch login to a Unity game with OAuth — no backend, no client secret in the build. Real C#, the email scope you actually need, and the profile fields Twitch returns.
Jul 1, 20262 min read - Guides
X (Twitter) Login in Unity (OAuth, no backend)
Add X (Twitter) login to a Unity game with OAuth — no backend, no secret in the build. Real C#, and the email setting that trips everyone up.
Jul 1, 20263 min read - Guides
Authentication in Unity Without a Backend
You don't need your own server to add player login to Unity. Here's what a backend normally does for auth, what still runs server-side, and how to ship login with no server of your own.
Jul 1, 20264 min read - Guides
Player Authentication in Unity: The Complete Guide
How player authentication works in Unity — the OAuth pitfalls, the client-secret problem, deep links, and every provider — with real C# and no backend.
Jul 1, 20268 min read
Frequently asked questions
- Do I need a backend server to follow these guides?
- No. Every guide is written for the no-backend case — the player signs in through Oathwall's hosted flow and your game receives an access token, a refresh token, and a profile. If you already run a game server, the guides also show where to hand it the access token so it can authorize its own calls, but that's optional.
- Will I have to ship a client secret in my Unity build?
- No, and that's the point of most of these guides. Your build only carries a public appKey. The OAuth client secrets that providers like Google and Facebook require stay server-side in Oathwall, so decompiling your APK or IL2CPP build doesn't leak anything that lets someone impersonate your app.
- Which provider guide should I start with?
- Start with the one your players already use. Mobile-first games usually begin with Google (and Apple, which is mandatory on iOS if you offer any other social login). PC and storefront games lean toward Steam and Discord. If you're not sure how the pieces fit together first, read the pillar guide on Unity authentication before picking a provider.
- Do these guides only work for Unity?
- The code samples are Unity C#, but the login flow underneath is plain HTTP and works from any engine. The 'OAuth login without an SDK' guide documents every endpoint, and there's a Godot walkthrough in real GDScript. The packaged SDK is Unity-only; the service itself is engine-independent.