JP / EN

Implementing OAuth 2.0 PKCE in UE5 on Windows

PKCE

Please refer to RFC 7636.

Authentication Flow

Simply put, we start a local server within UE and receive data from the web browser.

Issues

UE’s Default Random Generation Functions Have Problems

RFC 7636’s Code Verifier generation states:

4.1.  Client Creates a Code Verifier

   The client first creates a code verifier, "code_verifier", for each
   OAuth 2.0 [RFC6749] Authorization Request, in the following manner:

   code_verifier = high-entropy cryptographic random STRING using the
   unreserved characters [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
   from Section 2.3 of [RFC3986], with a minimum length of 43 characters
   and a maximum length of 128 characters.

The code verifier SHOULD have enough entropy to make it impractical to guess the value.

For Windows, you could use BCryptGenRandom, but that creates OS dependency, which I want to avoid.

Solution

Created a cloud API for random generation and hash functions. Communicate over HTTPS. Implemented with Cloudflare Workers.

Plugin

For local HTTP server: https://www.fab.com/listings/d95fcaab-6699-449a-a742-05564bc9959c

Enable HttpBlueprint and Json Blueprint Utilities (engine plugins).

Login Process

Getting the Auth Code

Nothing too difficult. First, obtain code_verifier and code_challenge meeting the above conditions.

Then just Launch URL.

https://{cognito_domain}/oauth2/authorize?client_id={cognito_client_id}&response_type=code&scope=openid+email&redirect_uri=http://localhost:{server_port}/callback&code_challenge={code_challenge}&code_challenge_method=S256

Receiving Redirect in UE

A GET request comes to the specified URL, which UE listens for.

Search Query Params for “code”.

Exchange Code

POST request with the auth code and code_verifier.

https://{cognito_domain}/oauth2/token

grant_type=authorization_code&client_id={cognito_client_id}&code={returned_code}&redirect_uri=http://localhost:{server_port}/callback&code_verifier={code_verifier}

Future

For mobile, implementing with Universal Links/App Links looks good. There’s a plugin for this but it’s about 10,000 yen, so waiting for next payday.

Back to list