User Verification allows you to verify the identity of each user accessing your application.
In addition to the basic Entitlement Check, this feature uses a client-provided nonce that can’t be tampered with by the client that is provided to your trusted server and checked against the Oculus Platform. This user verification does not replace the Entitlement Check performed in Initializing and Checking Entitlements.
Your application will call ovr_User_GetUserProof(), or Platform.User.GetUserProof() if you’re using Unity, to retrieve the nonce. Then after passing to your server, make a S2S call to verify that the user is who they claim to be.
Minimal integration is required for User Verification, the only function you have to integrate is to retrieve the nonce. The end-to-end flow for User Verification can be found in the diagram above.
Native - ovr_User_GetUserProof()
Unity - Platform.User.GetUserProof()
Detail about this function can be found in the Platform SDK Reference Content.
Certain actions require to you to interact directly with our server. See the Server-to-Server API Basics page for information about interacting with our APIs.
Validate Nonce (POST)
Validate the nonce you retrieved from the client and verify that the nonce matches the User Id using a secure S2S HTTP POST. Please see the User and Friends page for more information on retrieving the User Id.
$ curl -d "access_token=$APP_ACCESSTOKEN" -d "nonce=$NONCE" -d “user_id=$USER_ID” https://graph.oculus.com/user_nonce_validate
The request returns a verification of the nonce. For example: