OathWall

Add Google Sign-In to Your Unity Game (No Backend)

The Oathwall Team4 min read

If you want players to sign in with Google in your Unity game, the hard part was never the button. It's everything behind it: an OAuth consent screen, a redirect URI that has to match exactly, and a client secret that you absolutely cannot ship inside your build. This guide walks through the whole thing with real setup steps and the actual C# you'll write. No backend, no Google plugin.

What makes Google login in Unity awkward

Google Sign-In is OAuth 2.0. The flow assumes a web redirect and a confidential server that holds your client secret. A game client is neither of those things.

Two problems fall out of that. First, if you drop the client secret into a Unity MonoBehaviour, it ships in your build — and anyone can extract strings from an .apk in about a minute. Second, mobile apps don't have a normal web redirect, so you end up wiring custom URI schemes and deep links just to get the user back into the game after they tap "Allow."

The usual fixes are to stand up your own auth server or to pull in a native Google plugin per platform. Both work. Both are also more maintenance than a small studio wants for a login button.

Oathwall takes the confidential part off your plate. Your Google client secret lives in Oathwall's dashboard, the token exchange happens on Oathwall's servers, and your game receives the finished result. The secret never touches your build.

Step 1: Create a Google OAuth client

You still need your own Google credentials — Oathwall uses your Google app, not a shared one, so the consent screen shows your game's name.

  1. Open console.cloud.google.com and sign in.
  2. Create a project (or pick an existing one) named after your game.
  3. Go to Google Auth Platform and complete registration: set the Audience to External, fill in the app name and support email under Branding, and leave the scopes on Data Access at openid, email, and profile. Those three are non-sensitive and need no verification.
  4. Under Google Auth Platform → Clients, click Create Client and choose Web application as the type.
  5. In Authorized redirect URIs, add exactly this:
https://sso.oathwall.com/auth/callback
  1. Click Create. Copy the Client ID and Client Secret from the dialog.

A quick note on that redirect URI: it has to match character for character. No trailing slash, https not http. If it's off by one character, Google returns redirect_uri_mismatch and the login dies before it starts. This is the single most common reason a Google integration "just doesn't work."

Also copy the client secret right away. Google shows it once, at creation. After that the console only displays the last four characters, and you'll have to rotate in a new one if you didn't save it.

Step 2: Paste your credentials into Oathwall

In the Oathwall dashboard, open your app and add Google as a provider. Paste the Client ID and Client Secret you just copied. That secret now lives on the server side — this is the part that keeps it out of your build.

Each Oathwall app has a public appKey. That's the only identifier your game ships with, and it's safe to expose. The secret stays behind it.

Step 3: Wire it up in Unity

This is the whole client integration. Your login manager inherits from SsoClientBase, you call StartLogin with the provider name, and you override OnLoginSuccess to do something with the player.

public class LoginManager : SsoClientBase
{
    // Hook this to your UI button. It opens the hosted
    // Google sign-in in the system browser.
    public void OnLoginButton() => StartLogin("google");

    protected override void OnLoginSuccess(LoginResult user)
    {
        Debug.Log($"Welcome, {user.name}!");
        // user.id · user.email · user.provider
    }
}

StartLogin("google") opens Google's real sign-in page in the system browser. When the player finishes, Oathwall deep-links back into your game and hands OnLoginSuccess a LoginResult with the user's id, email, name, and provider. You take it from there — create a save profile, call your own services, whatever your game needs.

The nice part shows up when you add a second provider. Adding Apple or Steam later is the same class with a different string: StartLogin("apple"). You're not learning a new SDK per provider.

The gotchas worth knowing

"This app isn't verified." While your Google OAuth app is in testing, Google shows a warning screen. Add your own Google account as a test user to get past it during development. Before a public launch, move the app to production; for the basic openid/email/profile scopes there's no lengthy review.

Steam and email. If you're planning multiple providers, know that Steam signs players in via OpenID and never returns an email. Don't design your account system assuming every provider gives you one — Google does, Steam doesn't.

Deep links are handled for you. You don't register a custom URI scheme or write an Application.deepLinkActivated handler for the login. The return trip into the game is part of the flow.

FAQ

Answers to the questions that come up most are in the section below — whether you need a backend, where the secret lives, and what you get back after login.

Ready to add it?

Oathwall gives your Unity game Google login (plus Apple, Steam, Discord, and more) without a backend or a client secret in the build. It's available on the Unity Asset Store.

If you're still mapping out how player login should work, start with what single sign-on actually means for a game, see the whole picture in the Unity authentication guide, or read the full provider setup docs for the exact dashboard fields.

Frequently asked questions

Do I need a backend server to add Google login to Unity?
No. Oathwall runs the OAuth exchange on its own hosted service, so your game only ever handles the final tokens. You don't deploy or maintain any server code.
Does my Google client secret end up inside the build?
No. The client secret is stored server-side in the Oathwall dashboard. It is used during the token exchange on Oathwall's servers and is never shipped in your .apk, .ipa, or desktop binary.
Does Google Sign-In work on both Android and iOS?
Yes. The login opens Google's page in the system browser and deep-links back into your game when it finishes. There is no Google SDK or native plugin to install per platform.
What data do I get back after a Google login?
The LoginResult passed to OnLoginSuccess includes the user's id, email, name, and provider. You decide what to store and how to link it to your own player profile.
Why does Google show 'This app isn't verified' during testing?
That screen appears while your OAuth app is still in testing or pending verification. Add your account as a test user to bypass it during development; submit for verification before a public launch if you request sensitive scopes.