Oculus Go Development

On 6/23/20 Oculus announced plans to sunset Oculus Go. Information about dates and alternatives can be found in the Oculus Go introduction.

Oculus Quest Development

All Oculus Quest developers MUST PASS the concept review prior to gaining publishing access to the Quest Store and additional resources. Submit a concept document for review as early in your Quest application development cycle as possible. For additional information and context, please see Submitting Your App to the Oculus Quest Store.

User Verification

Note: You are viewing the Unreal version of this topic. To view this topic for Unity development, see User Verification (Unity). To view this topic for native development, see User Verification (Native).

User Verification validates the identity of each user accessing your application.

In addition to the basic Entitlement Check, this feature uses a client-provided nonce that is used by your trusted server to verify that the Oculus ID provided by the client is valid for the user providing it. This user verification does not replace the Entitlement Check.

For Unreal development, you can use the Platform native API and information found in the Platform Unreal Development - Get Setup guide.

Your application will call ovr_User_GetUserProof() to retrieve the nonce. Then after passing to your server, make a S2S call to verify that the user is who they claim to be.

Data Use Checkup

Note that this feature accesses user data and may require you to complete the Data Use Checkup form prior to submitting your app to the Oculus Store. For more information, see Complete a Data Use Checkup.

Integrate User Verification

Minimal integration is required for User Verification, the only function you have to integrate is to retrieve the nonce. The end-to-end flow for User Verification can be found in the diagram above.

Generate nonce:


Detail about this function can be found in the Platform SDK Reference Content.

Validate Nonce (POST)

The next step requires to you send a S2S API request. See the Server-to-Server API Basics page for information about interacting with our APIs.

You will send a POST request that contains a nonce and an Oculus ID to the https://graph.oculus.com/user_nonce_validate endpoint to verify that the Oculus ID from the client is valid. See the Users, Friends, and Relationships page for more information on retrieving the Oculus ID.

$ curl -d "access_token=$APP_ACCESSTOKEN" -d "nonce=$NONCE" -d "ser_id=$USER_ID"

The request returns a verification of the nonce. For example:


Retrieve a Verified Org Scoped ID

Once you’ve used GetUserProof() and the S2S API to verify the Oculus ID from the client is valid, you can then send a GET request specifying the User ID to retreive an Org Scoped ID.

$ curl -G -d "access_token=$APP_ACCESSTOKEN" -d "fields=org_scoped_id"

The request returns a verified Org Scoped ID: