Authentication?
Heya, I've come from Photon Engine and I'm looking into Normcore, but I was wondering if it's possible to implement authentication for your app key? I'm working with Oculus, so ideally I would want users to have to authenticate with Oculus before being able use my app key to prevent others from using my app key and inflating costs or users that aren't creating valid nonces. Thanks!
8 Replies
Hi @Ethan Barron. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Yes, Normcore supports authentication for your app key, especially when using Normcore Private (Cloud or On-Premises). You can use the Webhooks API to verify whether a user is entitled to access your application. This is the recommended way to validate application keys against your own database or authentication system.
When a client attempts to connect to a room, the Normcore matcher service can be configured to send a POST request to your webhook endpoint. This request includes details such as the app key, the action (e.g., ConnectToRoom), and the room name. You can also pass additional context—such as an Oculus authentication token—when connecting to a room. This context is forwarded to your webhook, allowing you to perform custom authentication logic (e.g., verifying the user's Oculus identity before granting access).
Here’s an example of how you might pass context for user authentication:
Your webhook can then validate the token with Oculus and decide whether to allow or deny the connection. If denied, you can return an error message and context to the client.
This approach helps prevent unauthorized use of your app key and ensures only authenticated users (e.g., those who have passed Oculus authentication) can join rooms and use your backend resources, protecting you from inflated costs and abuse.
For more details, see the Normcore Private Webhooks documentation.
If you are using Normcore’s public cloud (not Normcore Private), the knowledge sources do not explicitly mention support for custom authentication hooks, so you may need to contact NormalVR for more information or consider using Normcore Private for full control over authentication.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
<@540897871545892884> Kapa.ai is still learning and improving, please let me know how I did by reacting below.
Damn...
We’ve got a solution in the works for this for Normcore Public
You’ll be able to program your Oculus API key in the dashboard and we’ll take care of the server to server auth before folks can connect to a room
Awesome!! Is there any guesstimate for when this could be available?
Not at the moment. I can give you an update in 3-4 weeks. we're wrapping up a few big updates now that are blocking that feature
Sounds good, thank you for the info!
Heya sorry to revive a dead thread Max, but outside of Oculus I've been looking into using PlayFab for managing inventories alongside authentication, and I saw that you can usually have a process with Photon that's something on the lines of
User starts game > User logs into PlayFab > If logged into PlayFab successfully, ask PlayFab for a Photon Auth Token > Auth with Photon through that token
I was wondering if a similar workflow could be possible once the mentioned solution is released? Also want to say normcore is absolutely awesome by the way, been tinkering with it and the fact it's so intuitive yet flexible is incredible
Yes that’s exactly how we expect it to work
We also plan to support it without PlayFab if you want our servers to do the Oculus server to server auth
last I touched PlayFab, they supported a lot of platforms for user auth, but not Oculus 😦 maybe they’ve added it since