Oculus Go Development

On 6/23/20 Oculus announced plans to sunset Oculus Go. Information about dates and alternatives can be found in the Oculus Go introduction.

Oculus Quest Development

All Oculus Quest developers MUST PASS the concept review prior to gaining publishing access to the Quest Store and additional resources. Submit a concept document for review as early in your Quest application development cycle as possible. For additional information and context, please see Submitting Your App to the Oculus Quest Store.

Account Linking

Note: You are viewing the Native version of this topic. To view this topic for Unity development, see Account Linking (Unity). To view this topic for Unreal development, see Account Linking (Unreal).

You can set up account linking between a user’s account in your system and their Oculus account. This gives your system access to their alias, which is their Oculus username, and their org-scoped ID, which is their identity across Oculus apps for your organization. How to set up account linking with Oculus, the user experience and steps to retrieve an ID and alias are described in more detail in the following sections.

1. Register your login URL in the developer dashboard

To set up account linking for your app, you must first register an SSO URI in the developer dashboard.

  • Log in to the developer dashboard and navigate to the SSO page under Settings. The following image shows an example:
  • Provide your login URI in the box provided and click Save.

2. Create an account linking UI and forward user to Oculus

From your app or website, you should provide the user with a button (or other UI) to opt in to their account in your system with their Oculus account. When the user clicks the button, you should redirect them to Oculus at the following URI, specifying your registered SSO URI and your Oculus organization ID as query parameters:

https://auth.oculus.com/sso/?redirect_uri=https://someloginuri.com/oa&organization_id=1234567812345678

If needed, the user logs in to Oculus, and then they confirm they want to link their account. The following image shows an example of the account linking experience that the user will see:

The user clicks Link Account to be redirected to a login page that you specify.

3. Extract the authorization code and user ID

When Oculus forwards users to your login URI, the URI contains base-64 encoded JSON appended to the URI. This JSON contains the authorization code and scoped user ID that you can use to retrieve an OAuth token.

For example:

https://someloginuri.com/oa#1234ImCiAib3JnLXNjb3BlZF9pZCI6ICIxMjM0NTY3ODEyMzQ1Njc4Igp9

When decoded results in the following:

{
 "code":"somecode",
 "org-scoped_id": "1234567812345678"
}

Make sure to save the user ID in your system so that you can use it to request refresh tokens.

4. Send the code and user ID and authorization info to request tokens

You will use the info from the previous step along with the app ID and app secret to request an OAuth token. The app secret and app ID are found on the API tab in the developer dashboard. Note that you must use an admin account to access the app secret from the API page.

Send a message like the following:

URI: https://graph.oculus.com/sso_authorize_code

METHOD: POST

Example message:

POST https://graph.oculus.com/sso_authorize_code?code=somecode
 &access_token=OC|client-id|client-secret&org_scoped_id=user-id-for-your-org

PARAMETERS:

ParameterParam TypeDescription
codequeryThe access code sent in the request to your login URL
access_tokenqueryToken in the format OC|APPID|APPSECRET that contains the app ID and app secret found on the API tab.
org_scoped_idqueryThe scoped identifier sent in the request to your login URL.

Example success response:

The JSON response contains a 30-day OAuth token and refresh code.

{
    "oauth_token": "some-oauth-token",
    "refresh_code": "some-refresh-code"
}

5. Get the ID and alias for the user using the OAuth token.

Use the OAuth token received in the previous step to request the ID and alias for the user. Send a message like the following:

METHOD: GET

URI: https://graph.oculus.com/me

Example message:

GET https://graph.oculus.com/me?access_token=some-access-token&fields=id,alias

PARAMETERS:

ParameterParam TypeDescription
access_tokenqueryOAuth token retrieved in step 3.
fieldsqueryComma separated list of user fields to retrieve. Only allowed values are id and alias.

Example success response:

The JSON response contains the user’s scoped ID and their Oculus alias.

{
    "id": "1234567812345678",
    "alias": "gamertag"
}

You should store the OAuth token for the user, and use it to make requests to Oculus on their behalf.

6. Use the refresh token when necessary

When the 30-day oauth token expires, retrieve a new one. Send a message like the following:

METHOD: POST

URI: https://graph.oculus.com/sso_authorize_refresh_code

Example message:

POST https://graph.oculus.com/sso_authorize_refresh_code?
 access_token=AppSecretToken&org_scoped_id=some-id&refresh_code=refresh-code

PARAMETERS:

ParameterParam TypeDescription
access_tokenqueryToken in the format OC|APPID|APPSECRET that contains the app ID and app secret found on the API tab.
org_scoped_idqueryThe scoped identifier sent in the request to your login URL.
refresh_codequeryThe refresh code from step 3.

Example success response:

The JSON response contains a 30-day OAuth token and another refresh code.

{
    "oauth_token": "some-oauth-token",
    "refresh_code": "some-refresh-code"
}