Authentication?
Heya, I've come from Photon Engine and I'm looking into Normcore, but I was wondering if it's possible to implement authentication for your app key? I'm working with Oculus, so ideally I would want users to have to authenticate with Oculus before being able use my app key to prevent others from using my app key and inflating costs or users that aren't creating valid nonces. Thanks!
16 Replies
Hi @Ethan Barron. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Yes, Normcore supports authentication for your app key, especially when using Normcore Private (Cloud or On-Premises). You can use the Webhooks API to verify whether a user is entitled to access your application. This is the recommended way to validate application keys against your own database or authentication system.
When a client attempts to connect to a room, the Normcore matcher service can be configured to send a POST request to your webhook endpoint. This request includes details such as the app key, the action (e.g., ConnectToRoom), and the room name. You can also pass additional context—such as an Oculus authentication token—when connecting to a room. This context is forwarded to your webhook, allowing you to perform custom authentication logic (e.g., verifying the user's Oculus identity before granting access).
Here’s an example of how you might pass context for user authentication:
Your webhook can then validate the token with Oculus and decide whether to allow or deny the connection. If denied, you can return an error message and context to the client.
This approach helps prevent unauthorized use of your app key and ensures only authenticated users (e.g., those who have passed Oculus authentication) can join rooms and use your backend resources, protecting you from inflated costs and abuse.
For more details, see the Normcore Private Webhooks documentation.
If you are using Normcore’s public cloud (not Normcore Private), the knowledge sources do not explicitly mention support for custom authentication hooks, so you may need to contact NormalVR for more information or consider using Normcore Private for full control over authentication.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
<@540897871545892884> Kapa.ai is still learning and improving, please let me know how I did by reacting below.
Damn...
We’ve got a solution in the works for this for Normcore Public
You’ll be able to program your Oculus API key in the dashboard and we’ll take care of the server to server auth before folks can connect to a room
Awesome!! Is there any guesstimate for when this could be available?
Not at the moment. I can give you an update in 3-4 weeks. we're wrapping up a few big updates now that are blocking that feature
Sounds good, thank you for the info!
Heya sorry to revive a dead thread Max, but outside of Oculus I've been looking into using PlayFab for managing inventories alongside authentication, and I saw that you can usually have a process with Photon that's something on the lines of
User starts game > User logs into PlayFab > If logged into PlayFab successfully, ask PlayFab for a Photon Auth Token > Auth with Photon through that token
I was wondering if a similar workflow could be possible once the mentioned solution is released? Also want to say normcore is absolutely awesome by the way, been tinkering with it and the fact it's so intuitive yet flexible is incredible
Yes that’s exactly how we expect it to work
We also plan to support it without PlayFab if you want our servers to do the Oculus server to server auth
last I touched PlayFab, they supported a lot of platforms for user auth, but not Oculus 😦 maybe they’ve added it since
Sorry to necropost but I'm curious as to if you can give an update?
Also I've seen a lot of planned or WIP features, do you typically batch them all together in one big update or just get them out whenever?
no worries at all! unfortunately, release schedule really depends on the feature. for most features we try to get them out as soon as possible as long as we can be fairly certain they're stable
these backend features are in an interesting spot because they're all blocked on a new service we're going to launch called "Normcore Services"
Normcore Services is designed to be all of the backend services outside of real-time multiplayer, so Oculus Auth, a key value store, matchmaking APIs, user accounts, etc.
We've built a lot of these features already, but none of them can launch until we're ready to launch Normcore Services as a whole*
Unfortunately, it will be a few months before we can push Normcore Services out at a minimum. We're working on the dashboard UI and APIs to authenticate Unity clients atm which is a blocker for getting any of the features released.
That said, feel free to continue pinging me here when you're curious. I'm happy to give you status updates / if there are specific features you're looking for, I can prioritize them in our pipeline as best as I can.
Ah yeah that makes sense, Normcore Services sounds intriguing, interested to see how that'll turn out! I can see how that creates a bit of situation, I'm guessing by the fact that it's a separate service that some of these features are going to be monetized? Matchmaking is exciting either way though
Honestly the only specific features I'm missing are authentication, RPCs and matchmaking, with the way Normcore is synced and worked with, everything is so harmonious, so much so that you can almost make anything the solution is missing within less than 100 lines, it's awesome
no plans to monetize it at the moment actually. the hope is that it makes it even easier to build games with Normcore which will drive more folks to use our real-time multiplayer service.
It's only separate because it's run by a different set of servers and we scale it differently since it doesn't require anywhere near as much power as real-time multiplayer does
Dang that's insane but I'm all for it lol, I've seen talks of an alpha or something around in some of the questions / feature requests, would I be able to participate in any at all?
Generally speaking Normcore is in a decent place now, but with the talks about Normcore Service and other general tidbits like in feature requests it's going to be a serious competitor, the prices and free tier are undeniably more developer friendly compared to other service, and it's hitting a really good sweet spot, it's easy to use and incredibly capable. PUN is still Photon's most used product even if they try to partially hide it and there's no downside to using Normcore instead of it, so I'm excited to see what the future brings community-wise, game-wise and feature-wise
agreed! we're trying to create the best solution possible. I really loved the simplicity of PUN and I feel like the new features they added with Fusion / Quantum made the workflow too difficult for the tradeoff to feel worth it.
I'm really happy where Normcore's ease of use is at (Normcore 3 gets even better with EasySync) and hopefully with Normcore-Services we'll remove a lot of that glue code that people have to write to use Unity Game Services or Epic Online Services
and honestly the Normcore Services APIs have been a lot easier for us to optimize and so they really don't cost us very much to run at scale. I'd like to keep them free for the foreseeable future.
Fusion is exactly why I moved tbh, the 100 CCU was appealing (despite the fact you still had to pay for 100 CCU with voice), but at the time the options for me were PUN or Fusion, and I couldn't use either because Fusion felt so directed towards a specific game type + the workflow, and of course PUN was an outdated inefficient insecure mess (but funnily enough still the only solution I'd use from Photon aside from Voice)
Big ups on the addressable support too lol, I was surprised when I saw that
glad to hear we're doing well 🙂
I promise authentication is coming (albiet a little slower than I'd like) but in the meantime if you have any other feedback, please let us know