Oculus Quest Development
All Oculus Quest developers MUST PASS the concept review prior to gaining publishing access to the Quest Store and additional resources. Submit a concept document for review as early in your Quest application development cycle as possible. For additional information and context, please see Submitting Your App to the Oculus Quest Store.
Account Linking
Note: You are viewing the Native version of this topic. To view this topic for Unity development, see Account Linking (Unity). To view this topic for Unreal development, see Account Linking (Unreal).
You can set up account linking between a user’s account in your system and their Oculus account. This gives your system access to their alias, which is their Oculus username, and their org-scoped ID, which is their identity across Oculus apps for your organization. How to set up account linking with Oculus, the user experience and steps to retrieve an ID and alias are described in more detail in the following sections.
1. Register your login URL in the developer dashboard
To set up account linking for your app, you must first register an SSO URI in the developer dashboard.
- Log in to the developer dashboard and navigate to the SSO page under Settings. The following image shows an example:
- Provide your login URI in the box provided and click Save.
2. Create an account linking UI and forward user to Oculus
From your app or website, you should provide the user with a button (or other UI) to opt in to their account in your system with their Oculus account. When the user clicks the button, you should redirect them to Oculus at the following URI, specifying your registered SSO URI and your Oculus organization ID as query parameters:
https://auth.oculus.com/sso/?redirect_uri=https://someloginuri.com/oa&organization_id=1234567812345678
If needed, the user logs in to Oculus, and then they confirm they want to link their account. The following image shows an example of the account linking experience that the user will see:
The user clicks Link Account to be redirected to a login page that you specify.
3. Extract the authorization code and user ID
When Oculus forwards users to your login URI, the URI contains base-64 encoded JSON appended to the URI. This JSON contains the authorization code and scoped user ID that you can use to retrieve an OAuth token.
For example:
https://someloginuri.com/oa#1234ImCiAib3JnLXNjb3BlZF9pZCI6ICIxMjM0NTY3ODEyMzQ1Njc4Igp9
When decoded results in the following:
{
"code":"somecode",
"org-scoped_id": "1234567812345678"
}
Make sure to save the user ID in your system so that you can use it to request refresh tokens.
4. Send the code and user ID and authorization info to request tokens
You will use the info from the previous step along with the app ID and app secret to request an OAuth token. The app secret and app ID are found on the API tab in the developer dashboard. Note that you must use an admin account to access the app secret from the API page.
Send a message like the following:
URI: https://graph.oculus.com/sso_authorize_code
METHOD: POST
Example message:
POST https://graph.oculus.com/sso_authorize_code?code=somecode &access_token=OC|client-id|client-secret&org_scoped_id=user-id-for-your-org
PARAMETERS:
| Parameter | Param Type | Description |
|---|---|---|
code | query | The access code sent in the request to your login URL |
access_token | query | Token in the format OC|APPID|APPSECRET that contains the app ID and app secret found on the API tab. |
org_scoped_id | query | The scoped identifier sent in the request to your login URL. |
Example success response:
The JSON response contains a 30-day OAuth token and refresh code.
{
"oauth_token": "some-oauth-token",
"refresh_code": "some-refresh-code"
}
5. Get the ID and alias for the user using the OAuth token.
Use the OAuth token received in the previous step to request the ID and alias for the user. Send a message like the following:
METHOD: GET
URI: https://graph.oculus.com/me
Example message:
GET https://graph.oculus.com/me?access_token=some-access-token&fields=id,alias
PARAMETERS:
| Parameter | Param Type | Description |
|---|---|---|
access_token | query | OAuth token retrieved in step 3. |
fields | query | Comma separated list of user fields to retrieve. Only allowed values are id and alias. |
Example success response:
The JSON response contains the user’s scoped ID and their Oculus alias.
{
"id": "1234567812345678",
"alias": "gamertag"
}
You should store the OAuth token for the user, and use it to make requests to Oculus on their behalf.
6. Use the refresh token when necessary
When the 30-day oauth token expires, retrieve a new one. Send a message like the following:
METHOD: POST
URI: https://graph.oculus.com/sso_authorize_refresh_code
Example message:
POST https://graph.oculus.com/sso_authorize_refresh_code? access_token=AppSecretToken&org_scoped_id=some-id&refresh_code=refresh-code
PARAMETERS:
| Parameter | Param Type | Description |
|---|---|---|
access_token | query | Token in the format OC|APPID|APPSECRET that contains the app ID and app secret found on the API tab. |
org_scoped_id | query | The scoped identifier sent in the request to your login URL. |
refresh_code | query | The refresh code from step 3. |
Example success response:
The JSON response contains a 30-day OAuth token and another refresh code.
{
"oauth_token": "some-oauth-token",
"refresh_code": "some-refresh-code"
}