Accessing Resources using Oauth Authorization

Has anyone successfully developed a workflow to allow for the client (LY Game) to access a protected resource via HTTP requests?

I am trying to gain authorization to a 3rd party web API which requires the user to authorize the LY game to gain access to the resource server. Typical Oauth 2 protocol would require the game client to reach out to the authorization server and receive an auth code via a browser. The code would be passed through the browser and retrieved by the client, which would then do a post request to the auth server again this time retrieving an auth token, that can then be stored and used to make requests to the resource server.

To test implement this, I first made a quick dummy client using Nodejs, which I used to initiate the authorization process. Upon receiving the auth token I manually deposited it into my LY lua script and used HTTP requests in Lua to make requests from within LY. My question is how to implement this entire process from within LY. I have not been able to successfully figure out the flow. Any advice and success stories would be very helpful.

1 Like

ever figure this oauth issue pFaso?

Hi @ivan_leos, funny you ask because I am back working at this right now. I did come up with a temporary fix that we could use just for development but its not ideal for production. I am at this moment working on another work around. If you have any ideas I am open to hearing?


OAuth has various grant types: OAuth Grant Types.

Authorization Code grant requires a web browser interaction to open the redirect url.
Currently Lumberyard do not have a in-built browser integration. Using the authorization code flow will need to parse html output which can be tricky.

I recommend using the OAuth 2.0 Device Code Grant Type, which depends on users authorizing on any other device by visiting a URL from response. Commonly used on platforms which do not have browsers, like gaming consoles.

In device grant you make a request to OAuth code url.
You get a code and a code url.
User can visit the url on the same device by switching context or any other device available. Sign In, enter code and allow App permissions to access your profile.

On the application code you can poll OAuth tokens url to see if the user has entered code.
On success you should receive open id, access and refresh tokens.